Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Disk 0 malicious Win32:MBRoot code @ sector 488392068 !


  • Please log in to reply
14 replies to this topic

#1 YoungBarrels

YoungBarrels

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 05 July 2012 - 12:11 AM

http://www.bleepingcomputer.com/forums/topic459042.html/page__pid__2751571#entry2751571


Hello! I have been relocated here! Thank you for helping me with my issue. You are all heroes to me!


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by HP_Administrator at 23:40:13 on 2012-07-04
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3006.2218 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated*

{17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\arservice.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application

Data\Akamai\netsession_win.exe
C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application

Data\Akamai\netsession_win.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Companion\Installs\cpn6\ytbb.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
c:\windows\system\hpsysdrv.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} -

c:\program files\yahoo!\companion\installs\cpn6\yt.dll
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program

files\yahoo!\companion\installs\cpn6\yt.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program

files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program

files\avg\avg2012\avgssie.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} -

c:\program files\spywareguard\dlprotect.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} -

c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program

files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program

files\yahoo!\companion\installs\cpn4\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program

files\yahoo!\companion\installs\cpn6\yt.dll
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [Akamai NetSession Interface] "c:\documents and settings\hp_administrator\local

settings\application data\akamai\netsession_win.exe"
uRun: [DW7] "c:\program files\the weather channel\the weather channel app\TWCApp.exe"
uRunOnce: [<NO NAME>] c:\program files\internet explorer\IEXPLORE.EXE

http://www.symantec.com/techsupp/servlet/ProductMessages?module=2009&error=0&language=en&pr

oduct=SymNRT&version=2009.0.0.41&build=Symantec&a=00000082.0000001f.0000005e&b=00000082.000

0006f.00000148&c=00000082.00000096.000001da
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [<NO NAME>]
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common

files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes'

anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-system: RunStartupScriptSync = 1 (0x1)
mPolicies-system: RunStartupScriptSync = 1 (0x1)
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}
IE: {5E638779-1818-4754-A595-EF1C63B87A56}
IE: {5E638779-1818-4754-A595-EF1C63B87A56}\SOFTWARE
IE: {5E638779-1818-4754-A595-EF1C63B87A56}\SOFTWARE\Microsoft
IE: {5E638779-1818-4754-A595-EF1C63B87A56}\SOFTWARE\Microsoft\Windows
IE: {5E638779-1818-4754-A595-EF1C63B87A56}\SOFTWARE\Microsoft\Windows\CurrentVersion
IE:

{5E638779-1818-4754-A595-EF1C63B87A56}\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
IE:

{5E638779-1818-4754-A595-EF1C63B87A56}\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\B

rowser Helper Objects
IE: {A95B2816-1D7E-4561-A202-68C0DE02353A}
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} -

c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\suppo

rt.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} -

c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} -

c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: ff12maps.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: purdue.edu\www.calumet
Trusted Zone: tube8.com\www
Trusted Zone: uaig.net\in
Trusted Zone: uaig.net\www
Trusted Zone: windowsupdate.com\download
Trusted Zone: xbox.com\live
Trusted Zone: xbox.com\www
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} -

hxxp://www.comcastsupport.com/sdccommon/download/tgctlsr.cab
DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} -

hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.

0.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -

hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} -

hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitChec

kControl.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} -

hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} -

hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177

095890640
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} -

hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} -

hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} -

hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} -

hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{04A9578E-4FEF-419F-9D9F-AB42B63B72D4} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242

16.92.3.243 16.81.3.243 16.118.3.243
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program

files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -

c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -

c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -

c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -

c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -

c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -

c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -

c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -

c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -

c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -

c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -

c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -

c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -

c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -

c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica

client\IcaMimeFilter.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program

files\avg\avg2012\avgpp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\WPDShServiceObj.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program

files\spywareguard\spywareguard.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe

c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet

explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7

31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7

235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus

Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 301248]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14

65584]
R1 prcmondrv;prcmondrv;c:\windows\system32\drivers\prcmondrv1041.sys [2006-12-18 18432]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-9

14336]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 BCMNTIO;BCMNTIO;c:\progra~1\checkit\diagno~1\BCMNTIO.sys [2006-12-18 3744]
R2 MAPMEM;MAPMEM;c:\progra~1\checkit\diagno~1\MAPMEM.sys [2006-12-18 3904]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe

[2010-10-3 654408]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23

139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23

24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-10-3 22344]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache

4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18

753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18

130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe

[2010-5-7 136176]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 aajqm8.sys;aajqm8.sys;\??\c:\windows\system32\drivers\aajqm8.sys -->

c:\windows\system32\drivers\aajqm8.sys [?]
S3 EraserUtilDrvI7;EraserUtilDrvI7;\??\c:\program files\common files\symantec

shared\eengine\eraserutildrvi7.sys --> c:\program files\common files\symantec

shared\eengine\EraserUtilDrvI7.sys [?]
S3 F-Secure Standalone Minifilter;F-Secure Standalone

Minifilter;\??\c:\docume~1\hp_adm~1\locals~1\temp\onlinescanner\anti-virus\fsgk.sys -->

c:\docume~1\hp_adm~1\locals~1\temp\onlinescanner\anti-virus\fsgk.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program

files\google\update\GoogleUpdate.exe [2010-5-7 136176]
S3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys -->

c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys -->

c:\windows\system32\drivers\xpsec.sys [?]
.
=============== Created Last 30 ================
.
2012-07-04 02:15:00 -------- d-----w- c:\program files\ESET
2012-07-03 11:27:58 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-13 22:33:27 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
.
==================== Find3M ====================
.
2012-06-23 11:07:52 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-23 11:07:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-25 23:52:13 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-25 23:52:13 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-25 23:52:13 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:16:13 2148352 ------w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ------w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ------w- c:\windows\system32\drivers\rdpwd.sys
2012-04-19 09:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2008-03-28 09:19:53 606 ----a-w- c:\program files\NCO_BHO.reg
2007-02-06 09:58:04 37181248 ----a-w- c:\program files\Nero Templates.exe
.
============= FINISH: 23:41:24.66 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/17/2006 3:49:50 PM
System Uptime: 7/4/2012 11:33:32 PM (0 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NODUSM3
Processor: AMD Athlon™ 64 X2 Dual Core Processor 3800+ | Socket AM2 | 2004/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 224 GiB total, 129.859 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 0.591 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1482: 7/3/2012 10:33:13 PM - System Checkpoint
RP1483: 7/4/2012 7:26:34 PM - System Checkpoint
.
==== Installed Programs ======================
.
µTorrent
7-Zip 4.57
Adobe AIR
Adobe Audition CS5.5
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11
AGEIA PhysX v6.10.25
Akamai NetSession Interface
ArcSoft PhotoImpression 6
ArcSoft Software Suite
AVG 2012
AVG PC Tuneup 2011
CCleaner
CheckIt Diagnostics
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Compatibility Pack for the 2007 Office system
D1300_Help
Data Fax SoftModem with SmartCP
Destinations
Doomsday
Enhanced Multimedia Keyboard Solution
ESET Online Scanner v3
eSupportQFolder
Europa Universalis III
ffdshow [rev 2867] [2009-04-07]
Google Update Helper
Hearts of Iron III
Hewlett-Packard ACLM.NET v1.1.0.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
HP Boot Optimizer
HP Imaging Device Functions 7.0
HP Product Assistant
HP Product Detection
HP Solution Center 7.0
HP Update
HP Web Helper
hph_readme
hph_software_req
HPPhotoSmartExpress
HPProductAssistant
HpSdpAppCoreApp
Intel A/V Codecs V2.0
Internet Explorer (Enable DEP)
IsoBuster 2.0
Java Auto Updater
Java™ 6 Update 32
LightScribe 1.4.105.1
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Monopoly by Parker Brothers
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
muvee autoProducer 5.0
muvee autoProducer unPlugged 2.0
Nero 7 Ultra Edition
Nimo Codecs Pack v4.33 (Remove Only)
NVIDIA Drivers
PowerISO
Project64 1.6
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
Realtek High Definition Audio Driver
Rise of Nations
ScummVM 1.4.1
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Sid Meier's Civilization 4
SolutionCenter
Spybot - Search & Destroy
SpywareBlaster 4.6
SpywareGuard v2.2
Status
The Game Of Life
The Weather Channel App
Toolbox
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB971029)
Updates from HP (remove only)
VivTV
WebFldrs XP
WebReg
Westwood Shared Internet Components
Winamp (remove only)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Service Pack 3
WinRAR archiver
Xbox 360 Controller for Windows
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
YouTube Downloader 3.3
.
==== Event Viewer Messages From Past Week ========
.
7/3/2012 10:39:17 PM, error: Srv [2019] - The server was unable to allocate from the

system nonpaged pool because the pool was empty.
7/2/2012 10:34:56 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds)

waiting for a transaction response from the Akamai service.
7/1/2012 9:22:55 AM, error: Dhcp [1002] - The IP address lease 192.168.0.101 for the

Network Card with network address 0018F36EA406 has been denied by the DHCP server

192.168.0.1 (The DHCP Server sent a DHCPNACK message).
6/28/2012 12:34:46 AM, error: atapi [9] - The device, \Device\Ide\IdePort2, did not

respond within the timeout period.
6/27/2012 5:58:57 AM, error: Service Control Manager [7026] - The following boot-start or

system-start driver(s) failed to load: ftsata2
6/27/2012 5:58:51 AM, error: Service Control Manager [7001] - The Media Center Extender

Service service depends on the SSDP Discovery Service service which failed to start because

of the following error: The service cannot be started, either because it is disabled or

because it has no enabled devices associated with it.
.
==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:02 AM

Posted 10 July 2012 - 12:15 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/459396 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 YoungBarrels

YoungBarrels
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 10 July 2012 - 07:05 AM

A single IE page open will start by using about 100K, but grows indefinitely with time. I have seen a single instance use up to 1.5 GB. I'm not sure if I have a virus or if I just need to adjust my IE settings or something. My processor is weak, but I really dont think it should be this slow.

Sometimes when I close all of my IE pages down the windows will close but they will still be using up memory in my task manager. I have to "end process" from there.

Also, I don't know if it is related but I have recently been getting pop-ups on almost every page telling me that there is a coupon for whatever page I'm on.

I have tried to scan for viruses/spyware/malware, but nothing showed up. I scanned with the following:
AVG Free
Spybot Search & Destroy
Malwarebytes Antimalware

XP Sp3
AMD Athlon 64 X2 Dual Core 3800+
3GB RAM

I do not have my original Windows CD/DVD available


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by HP_Administrator at 7:01:58 on 2012-07-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3006.2149 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\arservice.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Akamai\netsession_win.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Companion\Installs\cpn6\ytbb.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn6\yt.dll
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn6\yt.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn4\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn6\yt.dll
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [Akamai NetSession Interface] "c:\documents and settings\hp_administrator\local settings\application data\akamai\netsession_win.exe"
uRun: [DW7] "c:\program files\the weather channel\the weather channel app\TWCApp.exe"
uRunOnce: [<NO NAME>] c:\program files\internet explorer\IEXPLORE.EXE http://www.symantec.com/techsupp/servlet/ProductMessages?module=2009&error=0&language=en&product=SymNRT&version=2009.0.0.41&build=Symantec&a=00000082.0000001f.0000005e&b=00000082.0000006f.00000148&c=00000082.00000096.000001da
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [<NO NAME>]
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-system: RunStartupScriptSync = 1 (0x1)
mPolicies-system: RunStartupScriptSync = 1 (0x1)
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}
IE: {5E638779-1818-4754-A595-EF1C63B87A56}
IE: {5E638779-1818-4754-A595-EF1C63B87A56}\SOFTWARE
IE: {5E638779-1818-4754-A595-EF1C63B87A56}\SOFTWARE\Microsoft
IE: {5E638779-1818-4754-A595-EF1C63B87A56}\SOFTWARE\Microsoft\Windows
IE: {5E638779-1818-4754-A595-EF1C63B87A56}\SOFTWARE\Microsoft\Windows\CurrentVersion
IE: {5E638779-1818-4754-A595-EF1C63B87A56}\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
IE: {5E638779-1818-4754-A595-EF1C63B87A56}\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
IE: {A95B2816-1D7E-4561-A202-68C0DE02353A}
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: ff12maps.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: purdue.edu\www.calumet
Trusted Zone: uaig.net\in
Trusted Zone: uaig.net\www
Trusted Zone: windowsupdate.com\download
Trusted Zone: xbox.com\live
Trusted Zone: xbox.com\www
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.comcastsupport.com/sdccommon/download/tgctlsr.cab
DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177095890640
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{04A9578E-4FEF-419F-9D9F-AB42B63B72D4} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 301248]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 65584]
R1 prcmondrv;prcmondrv;c:\windows\system32\drivers\prcmondrv1041.sys [2006-12-18 18432]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-9 14336]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 BCMNTIO;BCMNTIO;c:\progra~1\checkit\diagno~1\BCMNTIO.sys [2006-12-18 3744]
R2 MAPMEM;MAPMEM;c:\progra~1\checkit\diagno~1\MAPMEM.sys [2006-12-18 3904]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-10-3 654408]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-10-3 22344]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-7 136176]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 aajqm8.sys;aajqm8.sys;\??\c:\windows\system32\drivers\aajqm8.sys --> c:\windows\system32\drivers\aajqm8.sys [?]
S3 EraserUtilDrvI7;EraserUtilDrvI7;\??\c:\program files\common files\symantec shared\eengine\eraserutildrvi7.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrvI7.sys [?]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\hp_adm~1\locals~1\temp\onlinescanner\anti-virus\fsgk.sys --> c:\docume~1\hp_adm~1\locals~1\temp\onlinescanner\anti-virus\fsgk.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-7 136176]
S3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
=============== Created Last 30 ================
.
2012-07-05 21:21:27 -------- d-----w- c:\program files\Elaborate Bytes
2012-07-04 02:15:00 -------- d-----w- c:\program files\ESET
2012-07-03 11:27:58 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-13 22:33:27 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
.
==================== Find3M ====================
.
2012-07-05 21:45:52 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-06-23 11:07:52 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-23 11:07:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-25 23:52:13 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-25 23:52:13 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-25 23:52:13 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:16:13 2148352 ------w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ------w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ------w- c:\windows\system32\drivers\rdpwd.sys
2012-04-19 09:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2008-03-28 09:19:53 606 ----a-w- c:\program files\NCO_BHO.reg
2007-02-06 09:58:04 37181248 ----a-w- c:\program files\Nero Templates.exe
.
============= FINISH: 7:02:33.67 ===============

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:02 AM

Posted 10 July 2012 - 10:38 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Your Hosts file was compromised.
How do I reset the hosts file back to the default?
http://support.microsoft.com/kb/972034

Use the Fix it button on the page.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#5 YoungBarrels

YoungBarrels
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 10 July 2012 - 10:01 PM

19:03:06.0406 2544 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
19:03:06.0671 2544 ============================================================
19:03:06.0671 2544 Current date / time: 2012/07/10 19:03:06.0671
19:03:06.0671 2544 SystemInfo:
19:03:06.0671 2544
19:03:06.0671 2544 OS Version: 5.1.2600 ServicePack: 3.0
19:03:06.0671 2544 Product type: Workstation
19:03:06.0671 2544 ComputerName: JAKE
19:03:06.0671 2544 UserName: HP_Administrator
19:03:06.0671 2544 Windows directory: C:\WINDOWS
19:03:06.0671 2544 System windows directory: C:\WINDOWS
19:03:06.0671 2544 Processor architecture: Intel x86
19:03:06.0671 2544 Number of processors: 2
19:03:06.0671 2544 Page size: 0x1000
19:03:06.0671 2544 Boot type: Normal boot
19:03:06.0671 2544 ============================================================
19:03:12.0015 2544 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:03:12.0093 2544 ============================================================
19:03:12.0093 2544 \Device\Harddisk0\DR0:
19:03:12.0093 2544 MBR partitions:
19:03:12.0093 2544 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1C01247F
19:03:12.0093 2544 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x1C01637F, BlocksNum 0x11AE202
19:03:12.0093 2544 ============================================================
19:03:12.0296 2544 C: <-> \Device\Harddisk0\DR0\Partition0
19:03:12.0484 2544 D: <-> \Device\Harddisk0\DR0\Partition1
19:03:12.0484 2544 ============================================================
19:03:12.0484 2544 Initialize success
19:03:12.0484 2544 ============================================================
19:03:19.0781 2968 ============================================================
19:03:19.0781 2968 Scan started
19:03:19.0781 2968 Mode: Manual;
19:03:19.0781 2968 ============================================================
19:03:22.0984 2968 aajqm8.sys - ok
19:03:22.0984 2968 Abiosdsk - ok
19:03:22.0984 2968 abp480n5 - ok
19:03:23.0531 2968 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:03:23.0531 2968 ACPI - ok
19:03:23.0609 2968 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:03:23.0656 2968 ACPIEC - ok
19:03:23.0656 2968 adpu160m - ok
19:03:23.0921 2968 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:03:23.0953 2968 aec - ok
19:03:24.0046 2968 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
19:03:24.0062 2968 Afc - ok
19:03:24.0406 2968 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:03:24.0484 2968 AFD - ok
19:03:24.0484 2968 Aha154x - ok
19:03:24.0500 2968 aic78u2 - ok
19:03:24.0500 2968 aic78xx - ok
19:03:40.0687 2968 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files\common files\akamai/netsession_win_4f7fccd.dll
19:03:40.0687 2968 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
19:03:40.0703 2968 Akamai ( HiddenFile.Multi.Generic ) - warning
19:03:40.0703 2968 Akamai - detected HiddenFile.Multi.Generic (1)
19:03:42.0875 2968 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
19:03:43.0000 2968 Alerter - ok
19:03:43.0171 2968 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
19:03:43.0171 2968 ALG - ok
19:03:43.0578 2968 AliIde - ok
19:03:43.0687 2968 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
19:03:43.0687 2968 AmdK8 - ok
19:03:43.0703 2968 amsint - ok
19:03:43.0875 2968 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
19:03:43.0953 2968 AppMgmt - ok
19:03:44.0046 2968 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys
19:03:44.0078 2968 aracpi - ok
19:03:44.0218 2968 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
19:03:44.0265 2968 arhidfltr - ok
19:03:44.0312 2968 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
19:03:44.0343 2968 arkbcfltr - ok
19:03:44.0375 2968 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
19:03:44.0406 2968 armoucfltr - ok
19:03:44.0640 2968 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:03:44.0703 2968 Arp1394 - ok
19:03:44.0750 2968 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
19:03:44.0781 2968 ARPolicy - ok
19:03:45.0171 2968 ARSVC (9a0d9b2e263bede80fb79ddbad240ec1) C:\WINDOWS\arservice.exe
19:03:45.0187 2968 ARSVC - ok
19:03:45.0187 2968 asc - ok
19:03:45.0203 2968 asc3350p - ok
19:03:45.0203 2968 asc3550 - ok
19:03:45.0328 2968 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\ASPI32.sys
19:03:45.0375 2968 ASPI32 - ok
19:03:46.0171 2968 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:03:46.0296 2968 aspnet_state - ok
19:03:46.0375 2968 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:03:46.0406 2968 AsyncMac - ok
19:03:46.0796 2968 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:03:46.0796 2968 atapi - ok
19:03:46.0796 2968 Atdisk - ok
19:03:47.0375 2968 atksgt (6e996cf8459a2594e0e9609d0e34d41f) C:\WINDOWS\system32\DRIVERS\atksgt.sys
19:03:47.0421 2968 atksgt - ok
19:03:47.0734 2968 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:03:47.0781 2968 Atmarpc - ok
19:03:48.0000 2968 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
19:03:48.0031 2968 AudioSrv - ok
19:03:48.0093 2968 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:03:48.0125 2968 audstub - ok
19:04:14.0156 2968 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
19:04:18.0453 2968 AVGIDSAgent - ok
19:04:22.0468 2968 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
19:04:22.0468 2968 AVGIDSDriver - ok
19:04:22.0562 2968 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
19:04:22.0562 2968 AVGIDSFilter - ok
19:04:22.0750 2968 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
19:04:22.0765 2968 AVGIDSHX - ok
19:04:22.0875 2968 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
19:04:22.0984 2968 AVGIDSShim - ok
19:04:23.0265 2968 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
19:04:23.0281 2968 Avgldx86 - ok
19:04:23.0453 2968 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
19:04:23.0468 2968 Avgmfx86 - ok
19:04:23.0578 2968 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
19:04:23.0625 2968 Avgrkx86 - ok
19:04:24.0484 2968 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
19:04:24.0500 2968 Avgtdix - ok
19:04:25.0531 2968 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
19:04:25.0531 2968 avgwd - ok
19:04:25.0687 2968 BCMNTIO (90a87d49205b3893281203a477f66fe5) C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys
19:04:25.0718 2968 BCMNTIO - ok
19:04:25.0812 2968 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:04:25.0828 2968 Beep - ok
19:04:26.0390 2968 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
19:04:27.0734 2968 BITS - ok
19:04:27.0937 2968 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
19:04:27.0937 2968 Browser - ok
19:04:27.0953 2968 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:04:27.0984 2968 cbidf2k - ok
19:04:27.0984 2968 cd20xrnt - ok
19:04:28.0046 2968 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:04:28.0062 2968 Cdaudio - ok
19:04:28.0375 2968 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:04:28.0421 2968 Cdfs - ok
19:04:28.0515 2968 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:04:28.0562 2968 Cdrom - ok
19:04:28.0578 2968 Changer - ok
19:04:28.0734 2968 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
19:04:28.0781 2968 CiSvc - ok
19:04:29.0046 2968 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
19:04:29.0140 2968 ClipSrv - ok
19:04:30.0609 2968 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:04:31.0125 2968 clr_optimization_v2.0.50727_32 - ok
19:04:31.0828 2968 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:04:32.0343 2968 clr_optimization_v4.0.30319_32 - ok
19:04:32.0343 2968 CmdIde - ok
19:04:32.0359 2968 COMSysApp - ok
19:04:32.0359 2968 Cpqarray - ok
19:04:33.0421 2968 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
19:04:33.0453 2968 CryptSvc - ok
19:04:33.0734 2968 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
19:04:33.0812 2968 ctxusbm - ok
19:04:33.0812 2968 dac2w2k - ok
19:04:33.0812 2968 dac960nt - ok
19:04:34.0406 2968 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
19:04:34.0421 2968 DcomLaunch - ok
19:04:35.0015 2968 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
19:04:35.0015 2968 Dhcp - ok
19:04:35.0625 2968 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:04:35.0703 2968 Disk - ok
19:04:35.0703 2968 dmadmin - ok
19:04:39.0421 2968 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:04:39.0828 2968 dmboot - ok
19:04:40.0109 2968 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:04:40.0140 2968 dmio - ok
19:04:40.0156 2968 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:04:40.0171 2968 dmload - ok
19:04:40.0453 2968 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
19:04:40.0468 2968 dmserver - ok
19:04:40.0515 2968 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:04:40.0531 2968 DMusic - ok
19:04:40.0718 2968 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
19:04:40.0796 2968 Dnscache - ok
19:04:40.0859 2968 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
19:04:40.0937 2968 Dot3svc - ok
19:04:40.0937 2968 dpti2o - ok
19:04:40.0968 2968 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:04:40.0968 2968 drmkaud - ok
19:04:41.0046 2968 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
19:04:41.0062 2968 EapHost - ok
19:04:41.0921 2968 ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe
19:04:41.0937 2968 ehRecvr - ok
19:04:42.0343 2968 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
19:04:42.0343 2968 ehSched - ok
19:04:42.0734 2968 EraserUtilDrvI7 - ok
19:04:42.0796 2968 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
19:04:42.0843 2968 ERSvc - ok
19:04:43.0000 2968 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:04:43.0015 2968 Eventlog - ok
19:04:43.0218 2968 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
19:04:43.0250 2968 EventSystem - ok
19:05:20.0187 2968 F-Secure Standalone Minifilter - ok
19:05:24.0375 2968 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:05:24.0421 2968 Fastfat - ok
19:05:25.0093 2968 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:05:25.0156 2968 FastUserSwitchingCompatibility - ok
19:05:25.0484 2968 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
19:05:25.0625 2968 Fax - ok
19:05:25.0703 2968 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
19:05:25.0734 2968 Fdc - ok
19:05:25.0984 2968 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:05:25.0984 2968 Fips - ok
19:05:26.0000 2968 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
19:05:26.0015 2968 Flpydisk - ok
19:05:26.0593 2968 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:05:26.0656 2968 FltMgr - ok
19:05:27.0156 2968 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:05:27.0187 2968 FontCache3.0.0.0 - ok
19:05:27.0281 2968 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:05:27.0328 2968 Fs_Rec - ok
19:05:27.0734 2968 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:05:27.0812 2968 Ftdisk - ok
19:05:27.0812 2968 ftsata2 - ok
19:05:28.0015 2968 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:05:28.0046 2968 Gpc - ok
19:05:28.0593 2968 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:05:28.0593 2968 gupdate - ok
19:05:28.0593 2968 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:05:28.0609 2968 gupdatem - ok
19:05:29.0125 2968 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:05:29.0125 2968 HDAudBus - ok
19:05:29.0250 2968 helpsvc - ok
19:05:29.0375 2968 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
19:05:29.0437 2968 HidServ - ok
19:05:29.0546 2968 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:05:29.0578 2968 HidUsb - ok
19:05:29.0718 2968 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
19:05:29.0750 2968 hkmsvc - ok
19:05:29.0750 2968 hpn - ok
19:05:30.0312 2968 HSXHWBS2 (1f5c64b0c6b2e2f48735a77ae714ccb8) C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys
19:05:30.0328 2968 HSXHWBS2 - ok
19:05:33.0875 2968 HSX_DP (a7f8c9228898a1e871d2ae7082f50ac3) C:\WINDOWS\system32\DRIVERS\HSX_DP.sys
19:05:33.0906 2968 HSX_DP - ok
19:05:34.0421 2968 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:05:34.0421 2968 HTTP - ok
19:05:34.0468 2968 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
19:05:34.0531 2968 HTTPFilter - ok
19:05:34.0531 2968 i2omgmt - ok
19:05:34.0531 2968 i2omp - ok
19:05:34.0812 2968 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:05:34.0859 2968 i8042prt - ok
19:05:35.0531 2968 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
19:05:35.0578 2968 IDriverT - ok
19:05:36.0468 2968 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:05:36.0515 2968 idsvc - ok
19:05:36.0562 2968 imagedrv (25edd75e23c5ef6b33d0fbcce125a601) C:\WINDOWS\system32\Drivers\imagedrv.sys
19:05:36.0578 2968 imagedrv - ok
19:05:36.0593 2968 imagesrv (9c4bbacf4e9b9543c3ce23f1fe556941) C:\WINDOWS\system32\DRIVERS\imagesrv.sys
19:05:36.0609 2968 imagesrv - ok
19:05:36.0671 2968 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:05:36.0687 2968 Imapi - ok
19:05:36.0734 2968 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
19:05:36.0734 2968 ImapiService - ok
19:05:36.0734 2968 ini910u - ok
19:05:37.0000 2968 IntcAzAudAddService (b76d32231f56bb3df236bf25f49106ae) C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:05:37.0046 2968 IntcAzAudAddService - ok
19:05:37.0390 2968 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
19:05:37.0406 2968 IntelIde - ok
19:05:37.0453 2968 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:05:37.0468 2968 intelppm - ok
19:05:37.0484 2968 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:05:37.0500 2968 Ip6Fw - ok
19:05:37.0500 2968 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:05:37.0515 2968 IpFilterDriver - ok
19:05:37.0531 2968 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:05:37.0546 2968 IpInIp - ok
19:05:37.0609 2968 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:05:37.0609 2968 IpNat - ok
19:05:37.0625 2968 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:05:37.0640 2968 IPSec - ok
19:05:37.0640 2968 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:05:37.0656 2968 IRENUM - ok
19:05:37.0671 2968 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:05:37.0687 2968 isapnp - ok
19:05:37.0718 2968 ithsgt (b7a5fadf67136fda7e8f25303565b674) C:\WINDOWS\system32\DRIVERS\ithsgt.sys
19:05:37.0734 2968 ithsgt - ok
19:05:37.0968 2968 JavaQuickStarterService (a38441ed570f190cc041a7be49488fa7) C:\Program Files\Java\jre6\bin\jqs.exe
19:05:37.0968 2968 JavaQuickStarterService - ok
19:05:37.0984 2968 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:05:38.0000 2968 Kbdclass - ok
19:05:38.0015 2968 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:05:38.0031 2968 kbdhid - ok
19:05:38.0062 2968 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:05:38.0062 2968 kmixer - ok
19:05:38.0312 2968 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:05:38.0328 2968 KSecDD - ok
19:05:38.0390 2968 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
19:05:38.0421 2968 lanmanserver - ok
19:05:38.0484 2968 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
19:05:38.0515 2968 lanmanworkstation - ok
19:05:38.0515 2968 lbrtfdc - ok
19:05:38.0656 2968 LightScribeService (5d4b38a8d8525356798f5e560c3a3090) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
19:05:38.0656 2968 LightScribeService - ok
19:05:38.0687 2968 lilsgt (16767ea492b5d140e1de3679a65eae74) C:\WINDOWS\system32\DRIVERS\lilsgt.sys
19:05:38.0703 2968 lilsgt - ok
19:05:38.0750 2968 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
19:05:38.0765 2968 lirsgt - ok
19:05:38.0796 2968 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
19:05:38.0812 2968 LmHosts - ok
19:05:38.0859 2968 MAPMEM (61330a29bd4230505a7618bc41693cbb) C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys
19:05:38.0875 2968 MAPMEM - ok
19:05:38.0890 2968 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
19:05:38.0906 2968 MBAMProtector - ok
19:05:39.0046 2968 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:05:39.0062 2968 MBAMService - ok
19:05:39.0218 2968 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
19:05:39.0218 2968 McrdSvc - ok
19:05:39.0312 2968 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
19:05:39.0328 2968 MDM - ok
19:05:39.0500 2968 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
19:05:39.0515 2968 mdmxsdk - ok
19:05:39.0546 2968 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
19:05:39.0546 2968 Messenger - ok
19:05:39.0609 2968 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
19:05:39.0609 2968 MHN - ok
19:05:39.0640 2968 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
19:05:39.0640 2968 MHNDRV - ok
19:05:39.0671 2968 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:05:39.0687 2968 mnmdd - ok
19:05:39.0734 2968 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
19:05:39.0750 2968 mnmsrvc - ok
19:05:39.0796 2968 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:05:39.0796 2968 Modem - ok
19:05:39.0796 2968 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:05:39.0812 2968 Mouclass - ok
19:05:39.0890 2968 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:05:39.0906 2968 mouhid - ok
19:05:39.0906 2968 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:05:39.0921 2968 MountMgr - ok
19:05:39.0921 2968 mraid35x - ok
19:05:39.0984 2968 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:05:39.0984 2968 MRxDAV - ok
19:05:40.0046 2968 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:05:40.0125 2968 MRxSmb - ok
19:05:40.0171 2968 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:05:40.0187 2968 Msfs - ok
19:05:40.0187 2968 MSIServer - ok
19:05:40.0218 2968 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:05:40.0234 2968 MSKSSRV - ok
19:05:40.0234 2968 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:05:40.0250 2968 MSPCLOCK - ok
19:05:40.0312 2968 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:05:40.0312 2968 MSPQM - ok
19:05:40.0359 2968 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:05:40.0359 2968 mssmbios - ok
19:05:40.0390 2968 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:05:40.0421 2968 Mup - ok
19:05:40.0500 2968 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
19:05:40.0515 2968 napagent - ok
19:05:40.0687 2968 NBService (89844c3d3a7aae8999e229c88e452633) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
19:05:40.0734 2968 NBService - ok
19:05:40.0875 2968 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:05:40.0890 2968 NDIS - ok
19:05:40.0937 2968 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:05:40.0937 2968 NdisTapi - ok
19:05:40.0953 2968 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:05:40.0953 2968 Ndisuio - ok
19:05:40.0968 2968 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:05:40.0968 2968 NdisWan - ok
19:05:41.0015 2968 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:05:41.0093 2968 NDProxy - ok
19:05:41.0093 2968 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:05:41.0109 2968 NetBIOS - ok
19:05:41.0140 2968 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:05:41.0156 2968 NetBT - ok
19:05:41.0218 2968 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:05:41.0234 2968 NetDDE - ok
19:05:41.0234 2968 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:05:41.0234 2968 NetDDEdsdm - ok
19:05:41.0328 2968 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:05:41.0328 2968 Netlogon - ok
19:05:41.0343 2968 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
19:05:41.0359 2968 Netman - ok
19:05:41.0437 2968 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:05:41.0468 2968 NetTcpPortSharing - ok
19:05:41.0562 2968 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:05:41.0562 2968 NIC1394 - ok
19:05:41.0609 2968 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
19:05:41.0609 2968 Nla - ok
19:05:41.0859 2968 NMIndexingService (8dd0cdb0c700992d10169d8769ef5f43) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
19:05:41.0875 2968 NMIndexingService - ok
19:05:41.0890 2968 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:05:41.0890 2968 Npfs - ok
19:05:41.0921 2968 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:05:41.0937 2968 Ntfs - ok
19:05:41.0984 2968 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:05:41.0984 2968 NtLmSsp - ok
19:05:42.0062 2968 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
19:05:42.0078 2968 NtmsSvc - ok
19:05:42.0125 2968 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:05:42.0140 2968 Null - ok
19:05:42.0593 2968 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:05:42.0859 2968 nv - ok
19:05:43.0046 2968 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
19:05:43.0062 2968 NVENETFD - ok
19:05:43.0062 2968 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
19:05:43.0078 2968 nvnetbus - ok
19:05:43.0125 2968 NVSvc (0c41c4acfe00d826db479c40c1d9edc8) C:\WINDOWS\system32\nvsvc32.exe
19:05:43.0140 2968 NVSvc - ok
19:05:43.0187 2968 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:05:43.0187 2968 NwlnkFlt - ok
19:05:43.0203 2968 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:05:43.0218 2968 NwlnkFwd - ok
19:05:43.0265 2968 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:05:43.0265 2968 ohci1394 - ok
19:05:43.0515 2968 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:05:43.0531 2968 ose - ok
19:05:43.0546 2968 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:05:43.0562 2968 Parport - ok
19:05:43.0593 2968 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:05:43.0609 2968 PartMgr - ok
19:05:43.0656 2968 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:05:43.0656 2968 ParVdm - ok
19:05:43.0687 2968 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:05:43.0718 2968 PCI - ok
19:05:43.0718 2968 PCIDump - ok
19:05:43.0734 2968 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:05:43.0750 2968 PCIIde - ok
19:05:43.0765 2968 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:05:43.0781 2968 Pcmcia - ok
19:05:43.0828 2968 Pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\Pcouffin.sys
19:05:43.0843 2968 Pcouffin - ok
19:05:43.0843 2968 PDCOMP - ok
19:05:43.0859 2968 PDFRAME - ok
19:05:43.0859 2968 PDRELI - ok
19:05:43.0859 2968 PDRFRAME - ok
19:05:43.0875 2968 perc2 - ok
19:05:43.0875 2968 perc2hib - ok
19:05:44.0156 2968 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:05:44.0156 2968 PlugPlay - ok
19:05:44.0203 2968 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:05:44.0203 2968 PolicyAgent - ok
19:05:44.0250 2968 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:05:44.0265 2968 PptpMiniport - ok
19:05:44.0375 2968 prcmondrv (0c0d173c2a6f790baee8d4cc48a1ef59) C:\WINDOWS\system32\drivers\prcmondrv1041.sys
19:05:44.0453 2968 prcmondrv - ok
19:05:44.0453 2968 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
19:05:44.0468 2968 Processor - ok
19:05:44.0468 2968 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:05:44.0468 2968 ProtectedStorage - ok
19:05:44.0500 2968 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
19:05:44.0515 2968 Ps2 - ok
19:05:44.0531 2968 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:05:44.0546 2968 PSched - ok
19:05:44.0562 2968 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:05:44.0578 2968 Ptilink - ok
19:05:44.0578 2968 PxHelp20 - ok
19:05:44.0593 2968 ql1080 - ok
19:05:44.0593 2968 Ql10wnt - ok
19:05:44.0593 2968 ql12160 - ok
19:05:44.0609 2968 ql1240 - ok
19:05:44.0609 2968 ql1280 - ok
19:05:44.0671 2968 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:05:44.0687 2968 RasAcd - ok
19:05:44.0734 2968 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
19:05:44.0750 2968 RasAuto - ok
19:05:44.0750 2968 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:05:44.0765 2968 Rasl2tp - ok
19:05:44.0812 2968 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
19:05:44.0828 2968 RasMan - ok
19:05:44.0828 2968 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:05:44.0843 2968 RasPppoe - ok
19:05:44.0843 2968 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:05:44.0859 2968 Raspti - ok
19:05:44.0921 2968 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:05:44.0937 2968 Rdbss - ok
19:05:44.0953 2968 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:05:44.0953 2968 RDPCDD - ok
19:05:44.0968 2968 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:05:44.0984 2968 rdpdr - ok
19:05:45.0031 2968 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
19:05:45.0062 2968 RDPWD - ok
19:05:45.0078 2968 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
19:05:45.0109 2968 RDSessMgr - ok
19:05:45.0218 2968 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:05:45.0234 2968 redbook - ok
19:05:45.0296 2968 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
19:05:45.0312 2968 RemoteAccess - ok
19:05:45.0359 2968 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
19:05:45.0359 2968 RemoteRegistry - ok
19:05:45.0421 2968 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
19:05:45.0421 2968 RpcLocator - ok
19:05:45.0484 2968 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
19:05:45.0484 2968 RpcSs - ok
19:05:45.0546 2968 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
19:05:45.0562 2968 RSVP - ok
19:05:45.0640 2968 RT2500USB (70aeec67e87a2002e6b2cc353d56e222) C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
19:05:45.0671 2968 RT2500USB - ok
19:05:45.0718 2968 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
19:05:45.0734 2968 rtl8139 - ok
19:05:45.0765 2968 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:05:45.0765 2968 SamSs - ok
19:05:45.0812 2968 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
19:05:45.0843 2968 SCardSvr - ok
19:05:45.0875 2968 SCDEmu (23aa53256ce05b975398b78a33474265) C:\WINDOWS\system32\drivers\SCDEmu.sys
19:05:45.0921 2968 SCDEmu - ok
19:05:45.0968 2968 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
19:05:45.0968 2968 Schedule - ok
19:05:46.0015 2968 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:05:46.0015 2968 Secdrv - ok
19:05:46.0078 2968 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
19:05:46.0078 2968 seclogon - ok
19:05:46.0109 2968 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\System32\sens.dll
19:05:46.0109 2968 SENS - ok
19:05:46.0140 2968 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
19:05:46.0140 2968 Serial - ok
19:05:46.0187 2968 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:05:46.0203 2968 Sfloppy - ok
19:05:46.0250 2968 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
19:05:46.0250 2968 SharedAccess - ok
19:05:46.0328 2968 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:05:46.0343 2968 ShellHWDetection - ok
19:05:46.0343 2968 Simbad - ok
19:05:46.0406 2968 SNMP (60c377be6b3cc83f6a8584934b181d2e) C:\WINDOWS\System32\snmp.exe
19:05:46.0406 2968 SNMP - ok
19:05:46.0453 2968 SNMPTRAP (80a050795a107a76c2b1cd4cfbe010e6) C:\WINDOWS\System32\snmptrap.exe
19:05:46.0453 2968 SNMPTRAP - ok
19:05:46.0468 2968 Sparrow - ok
19:05:46.0484 2968 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:05:46.0484 2968 splitter - ok
19:05:46.0578 2968 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
19:05:46.0578 2968 Spooler - ok
19:05:46.0578 2968 sptd - ok
19:05:46.0593 2968 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:05:46.0671 2968 sr - ok
19:05:46.0718 2968 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
19:05:46.0718 2968 srservice - ok
19:05:46.0750 2968 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:05:46.0781 2968 Srv - ok
19:05:46.0796 2968 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
19:05:46.0812 2968 SSDPSRV - ok
19:05:46.0859 2968 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
19:05:46.0859 2968 stisvc - ok
19:05:46.0906 2968 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:05:46.0921 2968 swenum - ok
19:05:46.0937 2968 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:05:46.0953 2968 swmidi - ok
19:05:46.0953 2968 SwPrv - ok
19:05:46.0968 2968 symc810 - ok
19:05:46.0968 2968 symc8xx - ok
19:05:46.0968 2968 sym_hi - ok
19:05:46.0984 2968 sym_u3 - ok
19:05:47.0000 2968 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:05:47.0000 2968 sysaudio - ok
19:05:47.0046 2968 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
19:05:47.0078 2968 SysmonLog - ok
19:05:47.0093 2968 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
19:05:47.0125 2968 TapiSrv - ok
19:05:47.0171 2968 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:05:47.0187 2968 Tcpip - ok
19:05:47.0250 2968 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:05:47.0250 2968 TDPIPE - ok
19:05:47.0281 2968 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:05:47.0281 2968 TDTCP - ok
19:05:47.0312 2968 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:05:47.0328 2968 TermDD - ok
19:05:47.0359 2968 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
19:05:47.0359 2968 TermService - ok
19:05:47.0406 2968 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:05:47.0406 2968 Themes - ok
19:05:47.0453 2968 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
19:05:47.0468 2968 TlntSvr - ok
19:05:47.0484 2968 TosIde - ok
19:05:47.0515 2968 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
19:05:47.0531 2968 TrkWks - ok
19:05:47.0562 2968 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:05:47.0578 2968 Udfs - ok
19:05:47.0578 2968 ultra - ok
19:05:47.0640 2968 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:05:47.0687 2968 Update - ok
19:05:47.0734 2968 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
19:05:47.0765 2968 upnphost - ok
19:05:47.0781 2968 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
19:05:47.0796 2968 UPS - ok
19:05:48.0171 2968 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
19:05:48.0218 2968 usbaudio - ok
19:05:48.0234 2968 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:05:48.0250 2968 usbccgp - ok
19:05:48.0593 2968 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:05:48.0609 2968 usbehci - ok
19:05:48.0859 2968 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:05:48.0875 2968 usbhub - ok
19:05:48.0921 2968 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:05:48.0937 2968 usbohci - ok
19:05:49.0078 2968 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:05:49.0093 2968 usbprint - ok
19:05:49.0140 2968 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:05:49.0156 2968 usbscan - ok
19:05:49.0265 2968 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:05:49.0281 2968 usbstor - ok
19:05:49.0343 2968 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:05:49.0359 2968 usbuhci - ok
19:05:49.0390 2968 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\WINDOWS\system32\DRIVERS\VClone.sys
19:05:49.0406 2968 VClone - ok
19:05:49.0468 2968 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:05:49.0531 2968 VgaSave - ok
19:05:49.0578 2968 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
19:05:49.0625 2968 ViaIde - ok
19:05:49.0640 2968 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:05:49.0687 2968 VolSnap - ok
19:05:49.0734 2968 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
19:05:49.0796 2968 VSS - ok
19:05:49.0843 2968 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
19:05:49.0843 2968 W32Time - ok
19:05:49.0921 2968 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:05:49.0984 2968 Wanarp - ok
19:05:50.0031 2968 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
19:05:50.0062 2968 wanatw - ok
19:05:50.0140 2968 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
19:05:50.0203 2968 Wdf01000 - ok
19:05:50.0203 2968 WDICA - ok
19:05:50.0250 2968 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:05:50.0281 2968 wdmaud - ok
19:05:50.0343 2968 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
19:05:50.0359 2968 WebClient - ok
19:05:50.0734 2968 winachsx (11ec1afceb5c917ce73d3c301ff4291e) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
19:05:50.0796 2968 winachsx - ok
19:05:50.0875 2968 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:05:50.0875 2968 winmgmt - ok
19:05:50.0937 2968 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
19:05:50.0968 2968 WmdmPmSN - ok
19:05:51.0015 2968 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
19:05:51.0031 2968 Wmi - ok
19:05:51.0078 2968 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:05:51.0125 2968 WmiApSrv - ok
19:05:51.0406 2968 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
19:05:51.0484 2968 WMPNetworkSvc - ok
19:05:51.0687 2968 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
19:05:51.0703 2968 WpdUsb - ok
19:05:52.0187 2968 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:05:52.0187 2968 WPFFontCache_v0400 - ok
19:05:52.0234 2968 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
19:05:52.0234 2968 wscsvc - ok
19:05:52.0265 2968 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
19:05:52.0296 2968 wuauserv - ok
19:05:52.0328 2968 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:05:52.0375 2968 WudfPf - ok
19:05:52.0390 2968 WUDFRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
19:05:52.0406 2968 WUDFRd - ok
19:05:52.0437 2968 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
19:05:52.0453 2968 WudfSvc - ok
19:05:52.0515 2968 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
19:05:52.0531 2968 WZCSVC - ok
19:05:52.0531 2968 xcpip - ok
19:05:52.0593 2968 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
19:05:52.0734 2968 xmlprov - ok
19:05:52.0734 2968 xpsec - ok
19:05:52.0812 2968 xusb21 (09e5340bd9b2cb730bf4dc6be7721291) C:\WINDOWS\system32\DRIVERS\xusb21.sys
19:05:52.0828 2968 xusb21 - ok
19:05:52.0984 2968 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
19:05:52.0984 2968 YahooAUService - ok
19:05:53.0046 2968 MBR (0x1B8) (197114bb87d6280b2d56706deef94226) \Device\Harddisk0\DR0
19:05:53.0500 2968 \Device\Harddisk0\DR0 - ok
19:05:53.0500 2968 Boot (0x1200) (a3c1c6890b580412bd8a4870d8ab8ed3) \Device\Harddisk0\DR0\Partition0
19:05:53.0500 2968 \Device\Harddisk0\DR0\Partition0 - ok
19:05:53.0531 2968 Boot (0x1200) (0391fe1a776d0d6f59113a9c135844af) \Device\Harddisk0\DR0\Partition1
19:05:53.0531 2968 \Device\Harddisk0\DR0\Partition1 - ok
19:05:53.0531 2968 ============================================================
19:05:53.0531 2968 Scan finished
19:05:53.0531 2968 ============================================================
19:05:53.0546 2960 Detected object count: 1
19:05:53.0546 2960 Actual detected object count: 1
19:06:04.0343 2960 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
19:06:04.0343 2960 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
19:06:23.0921 2292 Deinitialize success





aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-10 19:12:04
-----------------------------
19:12:04.265 OS Version: Windows 5.1.2600 Service Pack 3
19:12:04.265 Number of processors: 2 586 0x4B02
19:12:04.265 ComputerName: JAKE UserName:
19:12:05.484 Initialize success
19:14:04.000 AVAST engine defs: 12071001
19:14:25.546 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
19:14:25.546 Disk 0 Vendor: HDT722525DLA380 V44OA99A Size: 238475MB BusType: 3
19:14:25.562 Disk 0 MBR read successfully
19:14:25.562 Disk 0 MBR scan
19:14:25.578 Disk 0 Windows XP default MBR code
19:14:25.578 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 229412 MB offset 63
19:14:25.609 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 9052 MB offset 469853055
19:14:25.609 Disk 0 scanning sectors +488392065
19:14:25.625 Disk 0 malicious Win32:MBRoot code @ sector 488392068 !
19:14:25.703 Disk 0 scanning C:\WINDOWS\system32\drivers
19:14:43.234 Service scanning
19:15:13.343 Modules scanning
19:15:24.671 Disk 0 trace - called modules:
19:15:24.687 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:15:24.687 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aec5ab8]
19:15:24.687 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000087[0x8aec8f18]
19:15:24.687 5 ACPI.sys[b9f5f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8aee3940]
19:15:25.703 AVAST engine scan C:\WINDOWS
19:15:39.515 AVAST engine scan C:\WINDOWS\system32
19:21:55.703 AVAST engine scan C:\WINDOWS\system32\drivers
19:22:27.312 AVAST engine scan C:\Documents and Settings\HP_Administrator
21:17:45.109 AVAST engine scan C:\Documents and Settings\All Users
21:26:07.640 Scan finished successfully
21:55:21.750 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\MBR.dat"
21:55:21.796 The log file has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   549bytes   0 downloads


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:02 AM

Posted 11 July 2012 - 09:06 AM

Please run the aswMBR.exe tool. Select the FixMe button.

Important > you need to wait for the tool to report ... Infection fixed successfully or MBR fixed successfully"
Do not reboot the machine until it has said so.

When you see the message restart the computer normally.

Run aswBMR.exe normally this time and post the log.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know what problem persists.

#7 YoungBarrels

YoungBarrels
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 12 July 2012 - 03:55 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-12 11:58:56
-----------------------------
11:58:56.390 OS Version: Windows 5.1.2600 Service Pack 3
11:58:56.390 Number of processors: 2 586 0x4B02
11:58:56.390 ComputerName: JAKE UserName:
11:58:57.875 Initialize success
11:59:12.843 AVAST engine defs: 12071200
11:59:17.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
11:59:17.828 Disk 0 Vendor: HDT722525DLA380 V44OA99A Size: 238475MB BusType: 3
11:59:17.843 Disk 0 MBR read successfully
11:59:17.843 Disk 0 MBR scan
11:59:17.859 Disk 0 Windows XP default MBR code
11:59:17.859 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 229412 MB offset 63
11:59:17.890 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 9052 MB offset 469853055
11:59:17.906 Disk 0 scanning sectors +488392065
11:59:17.968 Disk 0 scanning C:\WINDOWS\system32\drivers
11:59:30.968 Service scanning
11:59:52.218 Modules scanning
11:59:57.703 Disk 0 trace - called modules:
11:59:57.718 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
11:59:57.718 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aec5ab8]
11:59:57.718 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000087[0x8aed0f18]
11:59:57.718 5 ACPI.sys[b9f5f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8aec7940]
11:59:58.343 AVAST engine scan C:\WINDOWS
12:00:09.671 AVAST engine scan C:\WINDOWS\system32
12:04:30.062 AVAST engine scan C:\WINDOWS\system32\drivers
12:04:54.875 AVAST engine scan C:\Documents and Settings\HP_Administrator
13:38:28.843 AVAST engine scan C:\Documents and Settings\All Users
13:42:28.218 Scan finished successfully
14:33:20.515 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\MBR.dat"
14:33:20.515 The log file has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\aswMBR1.txt"




ComboFix 12-07-12.02 - HP_Administrator 07/12/2012 15:12:08.8.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3006.2140 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\default\us_sres.data
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Guest\WINDOWS
c:\documents and settings\HP_Administrator\AUTORUN.INF
c:\documents and settings\HP_Administrator\AUTOSET.EXE
c:\documents and settings\HP_Administrator\RegSetup.exe
c:\documents and settings\HP_Administrator\STARTW.EXE
c:\documents and settings\HP_Administrator\uhcls.exe
c:\documents and settings\HP_Administrator\WINDOWS
c:\windows\system32\aboevkog.ini
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\cwokxeqd.ini
c:\windows\system32\dnyirtjk.ini
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\system32\dsyhujle.ini
c:\windows\system32\eebgvlwd.ini
c:\windows\system32\ejflbmqx.ini
c:\windows\system32\ekvehvxx.ini
c:\windows\system32\exmyshjh.ini
c:\windows\system32\ffhdevmy.ini
c:\windows\system32\geabdmqq.ini
c:\windows\system32\gyylbtpu.ini
c:\windows\system32\hjdxkjtl.ini
c:\windows\system32\hvwygunn.ini
c:\windows\system32\iigtohfp.ini
c:\windows\system32\japkasgp.ini
c:\windows\system32\jcxmfpwp.ini
c:\windows\system32\jnyrpkwt.ini
c:\windows\system32\jrhgojdp.ini
c:\windows\system32\ndhuluom.ini
c:\windows\system32\obkeksdi.ini
c:\windows\system32\pmdnmcyw.ini
c:\windows\system32\ptrvewfu.ini
c:\windows\system32\qkbqatlo.ini
c:\windows\system32\qyrxptar.ini
c:\windows\system32\rnmiyevs.ini
c:\windows\system32\rvxcftgv.ini
c:\windows\system32\rwmafmko.ini
c:\windows\system32\SET12E.tmp
c:\windows\system32\SET12F.tmp
c:\windows\system32\SET130.tmp
c:\windows\system32\SET134.tmp
c:\windows\system32\SET135.tmp
c:\windows\system32\SET139.tmp
c:\windows\system32\SET13A.tmp
c:\windows\system32\SET13D.tmp
c:\windows\system32\SET153.tmp
c:\windows\system32\SET156.tmp
c:\windows\system32\SET157.tmp
c:\windows\system32\SET15C.tmp
c:\windows\system32\SET15D.tmp
c:\windows\system32\SET161.tmp
c:\windows\system32\SET162.tmp
c:\windows\system32\SET163.tmp
c:\windows\system32\SET17D.tmp
c:\windows\system32\SET184.tmp
c:\windows\system32\SET755.tmp
c:\windows\system32\SET758.tmp
c:\windows\system32\SET75B.tmp
c:\windows\system32\SET75E.tmp
c:\windows\system32\SET7CE.tmp
c:\windows\system32\SET7D3.tmp
c:\windows\system32\SETB15.tmp
c:\windows\system32\SETB16.tmp
c:\windows\system32\SETB63.tmp
c:\windows\system32\SETB64.tmp
c:\windows\system32\SETB66.tmp
c:\windows\system32\SETB6B.tmp
c:\windows\system32\SETB72.tmp
c:\windows\system32\SETB74.tmp
c:\windows\system32\SETB7B.tmp
c:\windows\system32\SETB7C.tmp
c:\windows\system32\SETB7E.tmp
c:\windows\system32\SETB7F.tmp
c:\windows\system32\SETB80.tmp
c:\windows\system32\sfbvmiox.ini
c:\windows\system32\ugfiawxb.ini
c:\windows\system32\vjoasgsx.ini
c:\windows\system32\wgholnkv.ini
c:\windows\system32\xkbkcojl.ini
c:\windows\system32\xlebyjgw.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_SSHNAS
-------\Service_xcpip
.
.
((((((((((((((((((((((((( Files Created from 2012-06-12 to 2012-07-12 )))))))))))))))))))))))))))))))
.
.
2012-07-05 21:21 . 2012-07-05 21:21 -------- d-----w- c:\program files\Elaborate Bytes
2012-07-04 02:15 . 2012-07-04 02:15 -------- d-----w- c:\program files\ESET
2012-07-03 11:27 . 2012-07-03 11:27 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-13 22:33 . 2012-05-11 14:42 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-05 21:45 . 2009-07-30 19:06 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-06-23 11:07 . 2012-04-20 12:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 11:07 . 2011-06-04 12:11 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19 . 2004-08-10 04:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-06-13 22:35 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-10 04:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-10 04:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19 . 2007-05-23 00:04 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2007-05-23 00:04 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2004-08-10 04:00 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2004-08-10 04:00 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2004-08-10 04:00 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 20:19 . 2007-05-23 00:04 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19 . 2005-05-26 09:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 20:19 . 2004-08-10 04:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2004-08-10 04:00 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2004-08-10 04:00 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 20:19 . 2007-05-23 00:04 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2004-08-10 04:00 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2004-08-10 04:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 20:18 . 2007-05-23 19:20 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 20:18 . 2007-04-20 20:32 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18 . 2005-05-26 09:19 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2004-08-10 04:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-25 23:52 . 2012-05-25 23:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-25 23:52 . 2012-05-25 23:52 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-25 23:52 . 2010-04-19 23:38 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-16 15:08 . 2004-08-10 04:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2004-08-10 04:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-08-10 04:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-10 04:00 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2004-08-10 11:00 2148352 ------w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-10 11:00 2026496 ------w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2004-08-10 04:00 139656 ------w- c:\windows\system32\drivers\rdpwd.sys
2012-04-19 09:50 . 2012-04-19 09:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2008-03-28 09:19 . 2008-03-28 09:19 606 ----a-w- c:\program files\NCO_BHO.reg
2007-02-06 09:58 . 2007-02-06 09:56 37181248 ----a-w- c:\program files\Nero Templates.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn6\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Akamai NetSession Interface"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-05-26 4327744]
"DW7"="c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe" [2012-05-18 10555904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"ftutil2"="ftutil2.dll" [2004-06-07 106496]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-18 98304]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-9-7 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-9-7 27136]
.
c:\documents and settings\Guest\Start Menu\Programs\Startup\
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-9-7 27136]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk
backup=c:\windows\pss\NkvMon.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpyCatcher Protector.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SpyCatcher Protector.lnk.disabled
backup=c:\windows\pss\SpyCatcher Protector.lnk.disabledCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Registration Brothers In Arms.LNK]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\Registration Brothers In Arms.LNK
backup=c:\windows\pss\Registration Brothers In Arms.LNKStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Scheduler.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\Scheduler.lnk
backup=c:\windows\pss\Scheduler.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=c:\windows\pss\SpywareGuard.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 15:43 69632 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
2005-08-03 06:19 77312 ------w- c:\windows\arpwrmsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-01-15 22:14 147456 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-10-18 01:39 98304 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2004-12-14 09:23 663552 ----a-w- c:\windows\CREATOR\Remind_XP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AOL Fast Start"="c:\program files\America Online 9.0\AOL.EXE" -b
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinampAgent"=c:\program files\Winamp\winampa.exe
"SpyCatcher Reminder"=c:\program files\SpyCatcher\SpyCatcher.exe reminder
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\CheckIt\\Diagnostics\\CheckIt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SDUpdate.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"1039:TCP"= 1039:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 3:48 AM 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 3:49 AM 301248]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [7/14/2010 12:51 PM 65584]
R1 prcmondrv;prcmondrv;c:\windows\system32\drivers\prcmondrv1041.sys [12/18/2006 2:33 AM 18432]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/9/2004 11:00 PM 14336]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [4/30/2012 9:44 AM 5106744]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [12/18/2006 2:36 AM 3744]
R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [12/18/2006 2:36 AM 3904]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/3/2010 5:36 AM 654408]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/3/2010 5:36 AM 22344]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/7/2010 10:02 PM 136176]
S3 aajqm8.sys;aajqm8.sys;\??\c:\windows\system32\drivers\aajqm8.sys --> c:\windows\system32\drivers\aajqm8.sys [?]
S3 EraserUtilDrvI7;EraserUtilDrvI7;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys [?]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/7/2010 10:02 PM 136176]
S3 Pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [2/4/2007 1:38 AM 47360]
S3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S4 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-09 c:\windows\Tasks\AdobeAAMUpdater-1.0-JAKE-HP_Administrator.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-08-07 22:42]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-08 03:02]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-08 03:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = <local>
IE: {{A95B2816-1D7E-4561-A202-68C0DE02353A}
Trusted Zone: ff12maps.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: purdue.edu\www.calumet
Trusted Zone: uaig.net\in
Trusted Zone: uaig.net\www
Trusted Zone: windowsupdate.com\download
Trusted Zone: xbox.com\live
Trusted Zone: xbox.com\www
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} - (no file)
ShellIconOverlayIdentifiers-{C72C6188-BEF2-46E5-A89A-52F0ED75219E} - (no file)
ShellIconOverlayIdentifiers-{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-ALUAlert - c:\program files\Symantec\LiveUpdate\ALuNotify.exe
MSConfigStartUp-AOL Spyware Protection - c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
MSConfigStartUp-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe
MSConfigStartUp-HostManager - c:\program files\Common Files\AOL\1161135512\ee\AOLSoftware.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-12 15:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2727028429-2213545894-994158979-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2727028429-2213545894-994158979-1007\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-2727028429-2213545894-994158979-1007)
@Allowed: (Read) (S-1-5-21-2727028429-2213545894-994158979-1007)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2727028429-2213545894-994158979-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:fa,9a,78,8f,b4,77,3f,c2,05,eb,78,35,ad,f1,be,1a,a2,ce,6e,bb,bd,f8,1b,
24,6e,37,70,73,96,d2,43,51,78,6b,fb,d3,ca,c3,59,c7,de,53,00,8e,71,70,30,b7,\
"??"=hex:79,3e,82,6d,35,36,57,f8,b3,99,d8,ba,e5,e2,a2,a7
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2628)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\AVG\AVG2012\avgrsx.exe
c:\windows\system32\nvsvc32.exe
c:\windows\System32\snmp.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Citrix\ICA Client\wfcrun32.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\hp\KBD\KBD.EXE
.
**************************************************************************
.
Completion time: 2012-07-12 15:31:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-12 20:31
.
Pre-Run: 136,623,448,064 bytes free
Post-Run: 138,005,254,144 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 1EFB904286292CC9168A9D2709485C24



Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 4.6
SpywareGuard v2.2
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.61.0.1400
AVG PC Tuneup 2011
CCleaner
Java™ 6 Update 32
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.0.12.36 Flash Player out of Date!
Adobe Reader X (10.1.3)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 4%
````````````````````End of Log``````````````````````

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:02 AM

Posted 13 July 2012 - 07:28 AM

Open notepad and copy/paste the text in the quote box below into it:

Driver::
aajqm8.sys
xpsec
EraserUtilDrvI7
F-Secure Standalone Minifilter

ClearJavaCache::


Save this as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 32


===

Critical vulnerabilities have been identified in Adobe Flash Player v11.3.300.264 and earlier versions... being exploited in the wild in active targeted attacks...

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

After the update of Flash remove using the Add/Remove Programs list the following old versions if still present.

Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.0.12.36 Flash Player out of Date!

===

Please post the ComboFix log and let me know what problem persists.

#9 YoungBarrels

YoungBarrels
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 13 July 2012 - 01:40 PM

ComboFix 12-07-13.02 - HP_Administrator 07/13/2012 10:00:21.9.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3006.2318 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AAJQM8.SYS
-------\Legacy_ERASERUTILDRVI7
-------\Legacy_F-SECURE_STANDALONE_MINIFILTER
-------\Service_aajqm8.sys
-------\Service_EraserUtilDrvI7
-------\Service_F-Secure Standalone Minifilter
-------\Service_xpsec
.
.
((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 )))))))))))))))))))))))))))))))
.
.
2012-07-05 21:21 . 2012-07-05 21:21 -------- d-----w- c:\program files\Elaborate Bytes
2012-07-04 02:15 . 2012-07-04 02:15 -------- d-----w- c:\program files\ESET
2012-07-03 11:27 . 2012-07-03 11:27 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-13 22:33 . 2012-05-11 14:42 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-05 21:45 . 2009-07-30 19:06 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-06-23 11:07 . 2012-04-20 12:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 11:07 . 2011-06-04 12:11 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19 . 2004-08-10 04:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-06-13 22:35 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-10 04:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-10 04:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19 . 2007-05-23 00:04 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2007-05-23 00:04 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2004-08-10 04:00 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2004-08-10 04:00 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2004-08-10 04:00 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 20:19 . 2007-05-23 00:04 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19 . 2005-05-26 09:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 20:19 . 2004-08-10 04:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2004-08-10 04:00 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2004-08-10 04:00 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 20:19 . 2007-05-23 00:04 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2004-08-10 04:00 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2004-08-10 04:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 20:18 . 2007-05-23 19:20 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 20:18 . 2007-04-20 20:32 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18 . 2005-05-26 09:19 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2004-08-10 04:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-25 23:52 . 2012-05-25 23:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-25 23:52 . 2012-05-25 23:52 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-25 23:52 . 2010-04-19 23:38 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-16 15:08 . 2004-08-10 04:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2004-08-10 04:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-08-10 04:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-10 04:00 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2004-08-10 11:00 2148352 ------w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-10 11:00 2026496 ------w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2004-08-10 04:00 139656 ------w- c:\windows\system32\drivers\rdpwd.sys
2012-04-19 09:50 . 2012-04-19 09:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2008-03-28 09:19 . 2008-03-28 09:19 606 ----a-w- c:\program files\NCO_BHO.reg
2007-02-06 09:58 . 2007-02-06 09:56 37181248 ----a-w- c:\program files\Nero Templates.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-12_20.22.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-13 14:45 . 2012-07-13 14:45 16384 c:\windows\TEMP\Perflib_Perfdata_8f8.dat
+ 2012-07-13 15:13 . 2012-07-13 15:13 16384 c:\windows\TEMP\Perflib_Perfdata_824.dat
+ 2012-07-13 15:13 . 2012-07-13 15:13 16384 c:\windows\TEMP\Perflib_Perfdata_5e8.dat
+ 2012-07-13 15:13 . 2012-07-13 15:13 16384 c:\windows\TEMP\Perflib_Perfdata_218.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn6\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Akamai NetSession Interface"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-05-26 4327744]
"DW7"="c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe" [2012-05-18 10555904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"ftutil2"="ftutil2.dll" [2004-06-07 106496]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-18 98304]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-9-7 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-9-7 27136]
.
c:\documents and settings\Guest\Start Menu\Programs\Startup\
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-9-7 27136]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk
backup=c:\windows\pss\NkvMon.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpyCatcher Protector.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SpyCatcher Protector.lnk.disabled
backup=c:\windows\pss\SpyCatcher Protector.lnk.disabledCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Registration Brothers In Arms.LNK]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\Registration Brothers In Arms.LNK
backup=c:\windows\pss\Registration Brothers In Arms.LNKStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Scheduler.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\Scheduler.lnk
backup=c:\windows\pss\Scheduler.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=c:\windows\pss\SpywareGuard.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 15:43 69632 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
2005-08-03 06:19 77312 ------w- c:\windows\arpwrmsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-01-15 22:14 147456 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-10-18 01:39 98304 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2004-12-14 09:23 663552 ----a-w- c:\windows\CREATOR\Remind_XP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AOL Fast Start"="c:\program files\America Online 9.0\AOL.EXE" -b
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinampAgent"=c:\program files\Winamp\winampa.exe
"SpyCatcher Reminder"=c:\program files\SpyCatcher\SpyCatcher.exe reminder
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\CheckIt\\Diagnostics\\CheckIt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SDUpdate.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"1041:TCP"= 1041:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 3:48 AM 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 3:49 AM 301248]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [7/14/2010 12:51 PM 65584]
R1 prcmondrv;prcmondrv;c:\windows\system32\drivers\prcmondrv1041.sys [12/18/2006 2:33 AM 18432]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/9/2004 11:00 PM 14336]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [4/30/2012 9:44 AM 5106744]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [12/18/2006 2:36 AM 3744]
R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [12/18/2006 2:36 AM 3904]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/3/2010 5:36 AM 654408]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/3/2010 5:36 AM 22344]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/7/2010 10:02 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/7/2010 10:02 PM 136176]
S3 Pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [2/4/2007 1:38 AM 47360]
S4 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-09 c:\windows\Tasks\AdobeAAMUpdater-1.0-JAKE-HP_Administrator.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-08-07 22:42]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-08 03:02]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-08 03:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = <local>
IE: {{A95B2816-1D7E-4561-A202-68C0DE02353A}
Trusted Zone: ff12maps.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: purdue.edu\www.calumet
Trusted Zone: uaig.net\in
Trusted Zone: uaig.net\www
Trusted Zone: windowsupdate.com\download
Trusted Zone: xbox.com\live
Trusted Zone: xbox.com\www
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-13 10:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2727028429-2213545894-994158979-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2727028429-2213545894-994158979-1007\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-2727028429-2213545894-994158979-1007)
@Allowed: (Read) (S-1-5-21-2727028429-2213545894-994158979-1007)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2727028429-2213545894-994158979-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:fa,9a,78,8f,b4,77,3f,c2,05,eb,78,35,ad,f1,be,1a,a2,ce,6e,bb,bd,f8,1b,
24,6e,37,70,73,96,d2,43,51,78,6b,fb,d3,ca,c3,59,c7,de,53,00,8e,71,70,30,b7,\
"??"=hex:79,3e,82,6d,35,36,57,f8,b3,99,d8,ba,e5,e2,a2,a7
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4052)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG2012\avgrsx.exe
c:\windows\System32\snmp.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Citrix\ICA Client\wfcrun32.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
.
**************************************************************************
.
Completion time: 2012-07-13 10:21:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-13 15:21
ComboFix2.txt 2012-07-12 20:31
.
Pre-Run: 137,956,843,520 bytes free
Post-Run: 138,000,687,104 bytes free
.
- - End Of File - - 1063A7A03D597349318558222C5A5C7F




My computer seems to be running a little smoother as far as I can tell. Did we get all the infections out?

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:02 AM

Posted 13 July 2012 - 01:45 PM

All I could find yes,

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

#11 YoungBarrels

YoungBarrels
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 16 July 2012 - 07:46 AM

Ok, the computer is running better. Can I delete all of the programs that we have been using to clean up the computer? Are there better programs I should be using to better protect myself from viruses and malware?

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:02 AM

Posted 16 July 2012 - 08:37 AM

Keep your Avast program up to date.

I suggest also that you install or upgrade their program to include a firewall.

http://www.avast.com/free-antivirus-download

#13 YoungBarrels

YoungBarrels
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 16 July 2012 - 08:29 PM

I will download Avast antivirus, but should I uninstall AVG?

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:02 AM

Posted 17 July 2012 - 07:33 AM

Yes, use tPlease download the AVG Remover and Save it to your Desktop.
  • Close all programs and double-click avgremover.exe then click Run
  • In Vista/Win7, right-click and choose 'Run as administrator'.
  • Follow the on-screen instructions.
  • Restart your computer if asked.
  • Then delete avgremover.exe from your desktop.
heir uninstaller.

#15 YoungBarrels

YoungBarrels
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 21 July 2012 - 06:31 AM

Ok, I had some trouble removing AVG, but i finally got it off. Well my computer is running alot better than before. Thank you for taking the time to help me fix my computer.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users