Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google and Bing search results redirected in IE8


  • This topic is locked This topic is locked
50 replies to this topic

#1 lthftd

lthftd

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 28 July 2012 - 02:09 PM

Sometimes when a search result link is clicked a window is displayed with an animated graphic in green or orange that says redirect , then a page opens that is not the page from the link. Other times there is no animated graphic but the page that opens is not the one whose link was clicked on. Sometimes, there is a warning banner at the top of the browser window stating this site is not safe. Navigating back to the search engine and clicking on the same link opens the correct webpage. Some links lead directly to the correct webpage. Have scanned whole computer in normal mode with updated AVG Anti-Virus Free Edition 2012 and updated Malwarebytes Anti-Malware free, niether found any malware. The last malware detected and quaranteened by Malwarebytes on 7-19-12 was Trojan.Happili.
The computer may be running more slowly and the display might flicker every once in a while.

.
DDS (Ver_2011-08-26.01) - FAT32x86
Internet Explorer: 8.0.6001.18702
Run by Arnold at 13:02:18 on 2012-07-28
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.256 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Free Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Zonealarm Helper Object: {2a841f7a-a014-4da5-b6d9-8b913dfb7a8c} - c:\program files\check point software technologies ltd\zonealarm\1.5.20.3\bh\zonealarm.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: ZoneAlarm Security Toolbar: {438fae3e-bdef-44d3-ab8b-0c7c8350df59} - c:\program files\check point software technologies ltd\zonealarm\1.5.20.3\zonealarmTlbr.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SupportSoft] RunDLL32.exe "c:\documents and settings\arnold\local settings\application data\supportsoft\zocwyehr.dll",InitEplgOE
mRun: [PrinTray] c:\windows\system32\spool\drivers\w32x86\3\printray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [nwiz] nwiz.exe /install
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
DPF: DirectAnimation Java Classes - file://c:\windows\system\dajava.cab
DPF: Internet Explorer Classes for Java - file://c:\windows\system\iejava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15031/CTSUEng.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1194815985332
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1343059898297
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15031/CTPID.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: ComPlusSetup - c:\windows\system32\catsrvut.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli
mASetup: >IEPerUser - RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-1-25 64288]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2012-3-19 525840]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2012-3-16 27016]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2012-3-16 497280]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
S2 gupdate1c9c0fd7f27d8c0;Google Update Service (gupdate1c9c0fd7f27d8c0);c:\program files\google\update\GoogleUpdate.exe [2009-4-19 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-7 250056]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\lavalys\everest ultimate edition\kerneld.wnt --> c:\program files\lavalys\everest ultimate edition\kerneld.wnt [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-19 133104]
S3 IAI3300FilterService;IAI3300 Filter Service; [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 mxInsMon;mxInsMon;\??\c:\progra~1\ontrack\easyun~1\mxinsmon.sys --> c:\progra~1\ontrack\easyun~1\mxInsMon.sys [?]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-7-9 14336]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-07-28 14:58:17 -------- d-----w- c:\program files\Trend Micro
2012-07-19 15:31:15 -------- d-----w- c:\documents and settings\arnold\local settings\application data\SupportSoft
.
==================== Find3M ====================
.
2012-07-27 20:28:00 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-27 20:27:58 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:20:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:26 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:26 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-05-31 13:22:10 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:34 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:34 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:20 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 13:03:49.80 ===============

I don't know if this will help but since I have run HighjackThis heres the log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:10:26 AM, on 7/28/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HighjackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.20.3\bh\zonealarm.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.20.3\zonealarmTlbr.dll
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SupportSoft] RunDLL32.exe "C:\Documents and Settings\Arnold\Local Settings\Application Data\SupportSoft\zocwyehr.dll",InitEplgOE
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1194815985332
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1343059898297
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE95CFDE-737F-430A-84FE-052CA6DAD574}: NameServer = 207.5.171.1 207.5.171.2
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate1c9c0fd7f27d8c0) (gupdate1c9c0fd7f27d8c0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ZoneAlarm LTD Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe

--
End of file - 8833 bytes

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:26 PM

Posted 02 August 2012 - 09:01 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  • Do not install any other programs until this if fixed.[/b]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

Please post the logs and let me know if the problem persists.

#3 lthftd

lthftd
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 03 August 2012 - 04:32 PM

Ran ComboFix.exe ...completed stage 50; Deleted files : c:\documents and settings\arnold\localsettings\application data\supportsoft\zocwyehr.dll c:\documents and settings\arnold\recent\thumbs.db (there are still two thumbs.db files in that directory) c:\windows\windowsupdate.log deleting folders: c:\documents and settings\all users\application data\temp. At this point the curser flashes for over an hour. I stopped the program using task manager as i felt it had hung. There is no c:\combofix.txt file. Ran Security Check, here's checkup.txt : Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG 2012
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm LTD Toolbar
ZoneAlarm Security Toolbar
ZoneAlarm Security
AVG2012 successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Auslogics Registry Cleaner
Java™ 6 Update 31
Java™ 6 Update 3
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
CheckPoint ZoneAlarm zatray.exe
CheckPoint ZoneAlarm vsmon.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 5%
````````````````````End of Log``````````````````````

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:26 PM

Posted 04 August 2012 - 08:36 AM

Please run ComboFix one more time.

Post the log is you can.

#5 lthftd

lthftd
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 06 August 2012 - 08:53 AM

Second try running Combofix: Disabled AVG by right clicking the tray icon and choosing "disable until restart".
Combofix started at 2:12 pm. Scan started at 2:13 pm. Stage 1 started at 2:18 pm , completed stages 1-50 plus stages 6A, 19B, 32A at 2:26pm. The desktop icons and the taskbar disappear at 2:28 pm.
In the Combofix window there are two remarks:
Deleting files : c:\windows\windowsupdate.log
Deleting folders : c:\documents and settings\all users\application data\TEMP.
At 2:30 pm the cursor moves down one line and blinks, ran Combofix until 6:20 PM. Task manager showed Combofix as running but I lost patience and used task manager to end the task and reboot. After rebooting a window opens with this message: Error loading c:\documents and settings\arnold\local settings\application data\supportsoft\zocwyehr.dll. The specified module could not be found. The same message appears every time the computer boots up. Couldn't find the file combofix.txt.

Third try: Disabled AVG from it's user interface>tools>advanced settings>resident shield>deselect "enable resident shield">apply>ok>close user interface.
Started combofix.
Recieved two AVG Privacy module alerts while Combofix was uncompressing, allowed both files.
The scan ran and remarks appeared in the combofix window:
Deleting Files: C:\documents and settings\all users\documents\desktop\security center.lnk ;
C:\logo.sys ;
C:\windows\dasetup.log ;
C:\windows\regsvr32.exe ;
C:\windows\start.exe ;
C:\windows\system\oeminfo.ini ;
C:\windows\system32dllcache\dlimport.exe ;
C:\windows\system32\thumbs.db ;
C:\windows\web\default.htt ;
C:\windows\windowsupdate.log Deleting Folders :
C:\documents and settings\all users\application data\TEMP.

AT this point Combofix stalls. No combofix.txt was generated.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:26 PM

Posted 06 August 2012 - 01:02 PM

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

Run ComboFix after these scans.
It should not take more than 30 minutes to complete.
If longer Stop the process and let me know.

#7 lthftd

lthftd
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 07 August 2012 - 06:38 PM

13:34:22.0769 1864 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
13:34:22.0839 1864 ============================================================
13:34:22.0839 1864 Current date / time: 2012/08/07 13:34:22.0839
13:34:22.0839 1864 SystemInfo:
13:34:22.0839 1864
13:34:22.0839 1864 OS Version: 5.1.2600 ServicePack: 3.0
13:34:22.0839 1864 Product type: Workstation
13:34:22.0839 1864 ComputerName: OEMCOMPUTER
13:34:22.0839 1864 UserName: Arnold
13:34:22.0839 1864 Windows directory: C:\WINDOWS
13:34:22.0839 1864 System windows directory: C:\WINDOWS
13:34:22.0839 1864 Processor architecture: Intel x86
13:34:22.0839 1864 Number of processors: 1
13:34:22.0839 1864 Page size: 0x1000
13:34:22.0839 1864 Boot type: Normal boot
13:34:22.0839 1864 ============================================================
13:34:24.0792 1864 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:34:24.0792 1864 Drive \Device\Harddisk1\DR1 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:34:24.0792 1864 ============================================================
13:34:24.0792 1864 \Device\Harddisk0\DR0:
13:34:24.0792 1864 MBR partitions:
13:34:24.0792 1864 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x950E482
13:34:24.0792 1864 \Device\Harddisk1\DR1:
13:34:24.0802 1864 MBR partitions:
13:34:24.0802 1864 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A89182
13:34:24.0802 1864 ============================================================
13:34:24.0802 1864 C: <-> \Device\Harddisk0\DR0\Partition0
13:34:24.0812 1864 D: <-> \Device\Harddisk1\DR1\Partition0
13:34:24.0812 1864 ============================================================
13:34:24.0812 1864 Initialize success
13:34:24.0812 1864 ============================================================
13:34:57.0829 1868 ============================================================
13:34:57.0829 1868 Scan started
13:34:57.0829 1868 Mode: Manual;
13:34:57.0829 1868 ============================================================
13:34:57.0969 1868 Scan interrupted by user!
13:34:57.0969 1868 Scan interrupted by user!
13:34:57.0969 1868 Scan interrupted by user!
13:34:57.0969 1868 ============================================================
13:34:57.0969 1868 Scan finished
13:34:57.0969 1868 ============================================================
13:34:58.0019 0956 Detected object count: 0
13:34:58.0019 0956 Actual detected object count: 0
13:35:31.0307 2260 ============================================================
13:35:31.0307 2260 Scan started
13:35:31.0307 2260 Mode: Manual;
13:35:31.0307 2260 ============================================================
13:35:31.0858 2260 Abiosdsk - ok
13:35:31.0898 2260 abp480n5 - ok
13:35:31.0978 2260 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:35:31.0998 2260 ACPI - ok
13:35:32.0058 2260 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:35:32.0068 2260 ACPIEC - ok
13:35:32.0158 2260 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:35:32.0189 2260 AdobeFlashPlayerUpdateSvc - ok
13:35:32.0239 2260 adpu160m - ok
13:35:32.0319 2260 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:35:32.0339 2260 aec - ok
13:35:32.0409 2260 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:35:32.0419 2260 AFD - ok
13:35:32.0459 2260 Aha154x - ok
13:35:32.0489 2260 aic78u2 - ok
13:35:32.0529 2260 aic78xx - ok
13:35:32.0679 2260 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
13:35:32.0679 2260 ALG - ok
13:35:32.0729 2260 AliIde - ok
13:35:32.0809 2260 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
13:35:32.0819 2260 amdagp - ok
13:35:32.0880 2260 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
13:35:32.0880 2260 AmdPPM - ok
13:35:32.0920 2260 amsint - ok
13:35:33.0070 2260 AppMgmt - ok
13:35:33.0100 2260 asc - ok
13:35:33.0150 2260 asc3350p - ok
13:35:33.0200 2260 asc3550 - ok
13:35:33.0300 2260 Aspi32 (20d04091eba710f6988f710507d85868) C:\WINDOWS\system32\drivers\Aspi32.sys
13:35:33.0300 2260 Aspi32 - ok
13:35:33.0390 2260 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:35:33.0400 2260 AsyncMac - ok
13:35:33.0450 2260 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:35:33.0450 2260 atapi - ok
13:35:33.0500 2260 Atdisk - ok
13:35:33.0571 2260 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:35:33.0581 2260 Atmarpc - ok
13:35:33.0781 2260 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
13:35:33.0791 2260 AudioSrv - ok
13:35:33.0841 2260 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:35:33.0841 2260 audstub - ok
13:35:34.0442 2260 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files\AVG\AVG2012\avgidsagent.exe
13:35:34.0592 2260 AVGIDSAgent - ok
13:35:34.0712 2260 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
13:35:34.0722 2260 AVGIDSDriver - ok
13:35:34.0772 2260 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
13:35:34.0782 2260 AVGIDSFilter - ok
13:35:34.0852 2260 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
13:35:34.0862 2260 AVGIDSHX - ok
13:35:34.0932 2260 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
13:35:34.0942 2260 AVGIDSShim - ok
13:35:35.0023 2260 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
13:35:35.0043 2260 Avgldx86 - ok
13:35:35.0103 2260 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
13:35:35.0103 2260 Avgmfx86 - ok
13:35:35.0143 2260 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
13:35:35.0143 2260 Avgrkx86 - ok
13:35:35.0233 2260 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
13:35:35.0283 2260 Avgtdix - ok
13:35:35.0383 2260 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
13:35:35.0393 2260 avgwd - ok
13:35:35.0473 2260 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:35:35.0473 2260 Beep - ok
13:35:35.0613 2260 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
13:35:35.0644 2260 BITS - ok
13:35:35.0754 2260 catchme - ok
13:35:35.0814 2260 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:35:35.0814 2260 cbidf2k - ok
13:35:35.0854 2260 cd20xrnt - ok
13:35:35.0914 2260 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:35:35.0914 2260 Cdaudio - ok
13:35:35.0974 2260 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:35:35.0994 2260 Cdfs - ok
13:35:36.0054 2260 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:35:36.0054 2260 Cdrom - ok
13:35:36.0094 2260 Changer - ok
13:35:36.0254 2260 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
13:35:36.0254 2260 CiSvc - ok
13:35:36.0425 2260 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
13:35:36.0435 2260 ClipSrv - ok
13:35:36.0475 2260 CmdIde - ok
13:35:36.0625 2260 COMSysApp - ok
13:35:36.0695 2260 Cpqarray - ok
13:35:36.0885 2260 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
13:35:36.0895 2260 CryptSvc - ok
13:35:36.0965 2260 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
13:35:36.0965 2260 ctljystk - ok
13:35:37.0025 2260 dac2w2k - ok
13:35:37.0076 2260 dac960nt - ok
13:35:37.0206 2260 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
13:35:37.0236 2260 DcomLaunch - ok
13:35:37.0346 2260 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
13:35:37.0356 2260 Dhcp - ok
13:35:37.0416 2260 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:35:37.0416 2260 Disk - ok
13:35:37.0556 2260 dmadmin - ok
13:35:37.0696 2260 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:35:37.0757 2260 dmboot - ok
13:35:37.0817 2260 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:35:37.0837 2260 dmio - ok
13:35:37.0887 2260 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:35:37.0887 2260 dmload - ok
13:35:38.0017 2260 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
13:35:38.0027 2260 dmserver - ok
13:35:38.0107 2260 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:35:38.0117 2260 DMusic - ok
13:35:38.0257 2260 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
13:35:38.0267 2260 Dnscache - ok
13:35:38.0458 2260 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
13:35:38.0478 2260 Dot3svc - ok
13:35:38.0518 2260 dpti2o - ok
13:35:38.0578 2260 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:35:38.0578 2260 drmkaud - ok
13:35:38.0698 2260 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
13:35:38.0708 2260 EapHost - ok
13:35:38.0778 2260 emu10k (01f83e1b5dce05f5cb7d99113ca9e890) C:\WINDOWS\system32\drivers\emu10k1m.sys
13:35:38.0798 2260 emu10k - ok
13:35:38.0858 2260 emu10k1 (7ffa171cce6a8bfc774862a578ba39a2) C:\WINDOWS\system32\drivers\ctlfacem.sys
13:35:38.0858 2260 emu10k1 - ok
13:35:39.0048 2260 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
13:35:39.0058 2260 ERSvc - ok
13:35:39.0149 2260 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:35:39.0149 2260 Eventlog - ok
13:35:39.0339 2260 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
13:35:39.0359 2260 EventSystem - ok
13:35:39.0409 2260 EverestDriver - ok
13:35:39.0489 2260 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:35:39.0499 2260 Fastfat - ok
13:35:39.0609 2260 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:35:39.0629 2260 FastUserSwitchingCompatibility - ok
13:35:39.0830 2260 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
13:35:39.0850 2260 Fax - ok
13:35:39.0900 2260 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:35:39.0910 2260 Fdc - ok
13:35:40.0010 2260 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:35:40.0010 2260 Fips - ok
13:35:40.0060 2260 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:35:40.0060 2260 Flpydisk - ok
13:35:40.0130 2260 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:35:40.0140 2260 FltMgr - ok
13:35:40.0190 2260 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:35:40.0220 2260 Fs_Rec - ok
13:35:40.0270 2260 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:35:40.0290 2260 Ftdisk - ok
13:35:40.0330 2260 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
13:35:40.0330 2260 gameenum - ok
13:35:40.0390 2260 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:35:40.0390 2260 Gpc - ok
13:35:40.0521 2260 gupdate1c9c0fd7f27d8c0 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
13:35:40.0531 2260 gupdate1c9c0fd7f27d8c0 - ok
13:35:40.0561 2260 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
13:35:40.0561 2260 gupdatem - ok
13:35:40.0661 2260 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:35:40.0691 2260 helpsvc - ok
13:35:40.0741 2260 hidgame (923ee4eef2582909a056904ca8026015) C:\WINDOWS\system32\DRIVERS\hidgame.sys
13:35:40.0751 2260 hidgame - ok
13:35:40.0841 2260 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
13:35:40.0851 2260 HidServ - ok
13:35:40.0911 2260 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:35:40.0911 2260 HidUsb - ok
13:35:41.0081 2260 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
13:35:41.0081 2260 hkmsvc - ok
13:35:41.0131 2260 hpn - ok
13:35:41.0222 2260 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:35:41.0282 2260 HTTP - ok
13:35:41.0452 2260 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
13:35:41.0462 2260 HTTPFilter - ok
13:35:41.0512 2260 i2omgmt - ok
13:35:41.0552 2260 i2omp - ok
13:35:41.0632 2260 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:35:41.0632 2260 i8042prt - ok
13:35:41.0682 2260 IAI3300FilterService - ok
13:35:41.0752 2260 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:35:41.0772 2260 Imapi - ok
13:35:41.0973 2260 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
13:35:41.0983 2260 ImapiService - ok
13:35:42.0053 2260 ini910u - ok
13:35:42.0103 2260 IntelIde - ok
13:35:42.0163 2260 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:35:42.0163 2260 Ip6Fw - ok
13:35:42.0273 2260 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:35:42.0333 2260 IpFilterDriver - ok
13:35:42.0403 2260 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:35:42.0403 2260 IpInIp - ok
13:35:42.0483 2260 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:35:42.0493 2260 IpNat - ok
13:35:42.0563 2260 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:35:42.0573 2260 IPSec - ok
13:35:42.0644 2260 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:35:42.0644 2260 IRENUM - ok
13:35:42.0714 2260 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:35:42.0724 2260 isapnp - ok
13:35:42.0824 2260 ISWKL (d068bf274c6fc880e43d7b4a7740c451) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
13:35:42.0824 2260 ISWKL - ok
13:35:42.0934 2260 IswSvc (02ddbb7a11f5ecc1da782790e3f57cef) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
13:35:42.0944 2260 IswSvc - ok
13:35:43.0084 2260 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
13:35:43.0084 2260 JavaQuickStarterService - ok
13:35:43.0144 2260 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:35:43.0154 2260 Kbdclass - ok
13:35:43.0224 2260 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:35:43.0224 2260 kbdhid - ok
13:35:43.0315 2260 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:35:43.0335 2260 kmixer - ok
13:35:43.0385 2260 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:35:43.0395 2260 KSecDD - ok
13:35:43.0455 2260 Lavasoft Kernexplorer - ok
13:35:43.0505 2260 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
13:35:43.0505 2260 Lbd - ok
13:35:43.0565 2260 lbrtfdc - ok
13:35:43.0785 2260 LexBceS (bbff8de885fc005fd38b0496c994afbd) C:\WINDOWS\system32\LEXBCES.EXE
13:35:43.0805 2260 LexBceS - ok
13:35:43.0905 2260 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
13:35:43.0905 2260 LmHosts - ok
13:35:44.0006 2260 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
13:35:44.0056 2260 ltmodem5 - ok
13:35:44.0126 2260 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:35:44.0126 2260 mnmdd - ok
13:35:44.0236 2260 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
13:35:44.0246 2260 mnmsrvc - ok
13:35:44.0286 2260 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:35:44.0286 2260 Modem - ok
13:35:44.0366 2260 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
13:35:44.0366 2260 MODEMCSA - ok
13:35:44.0426 2260 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:35:44.0426 2260 Mouclass - ok
13:35:44.0486 2260 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:35:44.0486 2260 mouhid - ok
13:35:44.0546 2260 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:35:44.0546 2260 MountMgr - ok
13:35:44.0606 2260 mraid35x - ok
13:35:44.0656 2260 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:35:44.0676 2260 MRxDAV - ok
13:35:44.0827 2260 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
13:35:44.0837 2260 MSDTC - ok
13:35:44.0917 2260 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:35:44.0927 2260 Msfs - ok
13:35:45.0067 2260 MSIServer - ok
13:35:45.0137 2260 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:35:45.0137 2260 MSKSSRV - ok
13:35:45.0197 2260 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:35:45.0207 2260 MSPCLOCK - ok
13:35:45.0267 2260 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:35:45.0267 2260 MSPQM - ok
13:35:45.0327 2260 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:35:45.0327 2260 mssmbios - ok
13:35:45.0398 2260 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:35:45.0418 2260 Mup - ok
13:35:45.0438 2260 mxInsMon - ok
13:35:45.0648 2260 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
13:35:45.0668 2260 napagent - ok
13:35:45.0738 2260 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:35:45.0748 2260 NDIS - ok
13:35:45.0808 2260 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:35:45.0808 2260 NdisTapi - ok
13:35:45.0888 2260 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:35:45.0888 2260 Ndisuio - ok
13:35:45.0928 2260 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:35:45.0938 2260 NdisWan - ok
13:35:45.0988 2260 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:35:45.0998 2260 NDProxy - ok
13:35:46.0058 2260 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:35:46.0068 2260 NetBT - ok
13:35:46.0259 2260 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:35:46.0269 2260 NetDDE - ok
13:35:46.0299 2260 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:35:46.0309 2260 NetDDEdsdm - ok
13:35:46.0509 2260 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
13:35:46.0529 2260 Netman - ok
13:35:46.0629 2260 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
13:35:46.0659 2260 Nla - ok
13:35:46.0749 2260 nosGetPlusHelper (25d6b2eb0a1fc4ab413afe7ec4793ec1) C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
13:35:46.0759 2260 nosGetPlusHelper - ok
13:35:46.0820 2260 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:35:46.0820 2260 Npfs - ok
13:35:46.0930 2260 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:35:46.0970 2260 Ntfs - ok
13:35:47.0180 2260 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
13:35:47.0240 2260 NtmsSvc - ok
13:35:47.0310 2260 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:35:47.0310 2260 Null - ok
13:35:47.0531 2260 nv (981666c0fbd10816db943cbceac82ab3) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:35:47.0681 2260 nv - ok
13:35:47.0741 2260 nv4 (981666c0fbd10816db943cbceac82ab3) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:35:47.0791 2260 nv4 - ok
13:35:47.0941 2260 NVSvc (4bfa2dc8b18cf70577564cb4379c09cb) C:\WINDOWS\system32\nvsvc32.exe
13:35:47.0951 2260 NVSvc - ok
13:35:48.0011 2260 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:35:48.0011 2260 NwlnkFlt - ok
13:35:48.0061 2260 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:35:48.0071 2260 NwlnkFwd - ok
13:35:48.0131 2260 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:35:48.0131 2260 Parport - ok
13:35:48.0182 2260 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:35:48.0192 2260 PartMgr - ok
13:35:48.0262 2260 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:35:48.0272 2260 ParVdm - ok
13:35:48.0322 2260 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:35:48.0322 2260 PCI - ok
13:35:48.0362 2260 PCIDump - ok
13:35:48.0412 2260 PCIIde - ok
13:35:48.0492 2260 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:35:48.0502 2260 Pcmcia - ok
13:35:48.0542 2260 PDCOMP - ok
13:35:48.0582 2260 PDFRAME - ok
13:35:48.0622 2260 PDRELI - ok
13:35:48.0672 2260 PDRFRAME - ok
13:35:48.0712 2260 perc2 - ok
13:35:48.0762 2260 perc2hib - ok
13:35:48.0893 2260 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:35:48.0893 2260 PlugPlay - ok
13:35:49.0023 2260 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:35:49.0033 2260 PolicyAgent - ok
13:35:49.0093 2260 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:35:49.0103 2260 PptpMiniport - ok
13:35:49.0163 2260 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
13:35:49.0163 2260 Processor - ok
13:35:49.0293 2260 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:35:49.0293 2260 ProtectedStorage - ok
13:35:49.0333 2260 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:35:49.0343 2260 Ptilink - ok
13:35:49.0383 2260 ql1080 - ok
13:35:49.0423 2260 Ql10wnt - ok
13:35:49.0463 2260 ql12160 - ok
13:35:49.0523 2260 ql1240 - ok
13:35:49.0564 2260 ql1280 - ok
13:35:49.0624 2260 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:35:49.0624 2260 RasAcd - ok
13:35:49.0724 2260 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
13:35:49.0734 2260 RasAuto - ok
13:35:49.0804 2260 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:35:49.0814 2260 Rasl2tp - ok
13:35:50.0004 2260 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
13:35:50.0024 2260 RasMan - ok
13:35:50.0074 2260 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:35:50.0074 2260 RasPppoe - ok
13:35:50.0114 2260 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:35:50.0114 2260 Raspti - ok
13:35:50.0154 2260 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:35:50.0154 2260 RDPCDD - ok
13:35:50.0325 2260 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
13:35:50.0335 2260 RDPWD - ok
13:35:50.0425 2260 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
13:35:50.0435 2260 RDSessMgr - ok
13:35:50.0505 2260 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:35:50.0515 2260 redbook - ok
13:35:50.0685 2260 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
13:35:50.0695 2260 RemoteAccess - ok
13:35:50.0835 2260 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
13:35:50.0845 2260 RpcSs - ok
13:35:50.0946 2260 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
13:35:50.0966 2260 RSVP - ok
13:35:51.0056 2260 SaiH040B (de7a2fc379671998865122a08fd9db52) C:\WINDOWS\system32\DRIVERS\SaiH040B.sys
13:35:51.0086 2260 SaiH040B - ok
13:35:51.0136 2260 SaiMini (191b8f3b3dfa1e199d398dbc0c09544e) C:\WINDOWS\system32\DRIVERS\SaiMini.sys
13:35:51.0146 2260 SaiMini - ok
13:35:51.0196 2260 SaiNtBus (534161d0a07014a7d81c6721a7ae6c08) C:\WINDOWS\system32\drivers\SaiBus.sys
13:35:51.0206 2260 SaiNtBus - ok
13:35:51.0256 2260 SaiU040B (1890bd6b225d8e612b81c9c7171bca83) C:\WINDOWS\system32\DRIVERS\SaiU040B.sys
13:35:51.0256 2260 SaiU040B - ok
13:35:51.0376 2260 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:35:51.0386 2260 SamSs - ok
13:35:51.0476 2260 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
13:35:51.0486 2260 SCardSvr - ok
13:35:51.0667 2260 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
13:35:51.0687 2260 Schedule - ok
13:35:51.0767 2260 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:35:51.0767 2260 Secdrv - ok
13:35:51.0947 2260 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
13:35:51.0947 2260 seclogon - ok
13:35:52.0127 2260 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
13:35:52.0147 2260 SENS - ok
13:35:52.0187 2260 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:35:52.0187 2260 serenum - ok
13:35:52.0237 2260 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:35:52.0247 2260 Serial - ok
13:35:52.0317 2260 sermouse (1f16931c722c69e4a7866244796c66a0) C:\WINDOWS\system32\DRIVERS\sermouse.sys
13:35:52.0317 2260 sermouse - ok
13:35:52.0418 2260 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:35:52.0418 2260 Sfloppy - ok
13:35:52.0478 2260 sfman (0b1a5e9cacb5cdd54a2815107bd7c772) C:\WINDOWS\system32\drivers\sfmanm.sys
13:35:52.0488 2260 sfman - ok
13:35:52.0678 2260 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
13:35:52.0728 2260 SharedAccess - ok
13:35:52.0858 2260 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:35:52.0868 2260 ShellHWDetection - ok
13:35:52.0908 2260 Simbad - ok
13:35:52.0978 2260 Sparrow - ok
13:35:53.0029 2260 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:35:53.0029 2260 splitter - ok
13:35:53.0129 2260 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
13:35:53.0139 2260 Spooler - ok
13:35:53.0189 2260 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:35:53.0189 2260 sr - ok
13:35:53.0359 2260 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
13:35:53.0379 2260 srservice - ok
13:35:53.0719 2260 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
13:35:53.0730 2260 SSDPSRV - ok
13:35:53.0890 2260 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
13:35:53.0920 2260 stisvc - ok
13:35:53.0970 2260 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:35:53.0970 2260 swenum - ok
13:35:54.0030 2260 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:35:54.0040 2260 swmidi - ok
13:35:54.0180 2260 SwPrv - ok
13:35:54.0230 2260 symc810 - ok
13:35:54.0290 2260 symc8xx - ok
13:35:54.0330 2260 sym_hi - ok
13:35:54.0380 2260 sym_u3 - ok
13:35:54.0821 2260 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:35:54.0951 2260 sysaudio - ok
13:35:55.0302 2260 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
13:35:55.0312 2260 SysmonLog - ok
13:35:55.0642 2260 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
13:35:55.0672 2260 TapiSrv - ok
13:35:55.0802 2260 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:35:55.0843 2260 Tcpip - ok
13:35:55.0943 2260 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:35:55.0943 2260 TDPIPE - ok
13:35:56.0043 2260 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:35:56.0043 2260 TDTCP - ok
13:35:56.0113 2260 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:35:56.0123 2260 TermDD - ok
13:35:56.0333 2260 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
13:35:56.0393 2260 TermService - ok
13:35:56.0564 2260 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:35:56.0574 2260 Themes - ok
13:35:56.0624 2260 TosIde - ok
13:35:56.0764 2260 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
13:35:56.0774 2260 TrkWks - ok
13:35:56.0834 2260 TSP - ok
13:35:56.0954 2260 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:35:56.0964 2260 Udfs - ok
13:35:57.0034 2260 ultra - ok
13:35:57.0124 2260 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:35:57.0154 2260 Update - ok
13:35:57.0325 2260 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
13:35:57.0345 2260 upnphost - ok
13:35:57.0485 2260 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
13:35:57.0485 2260 UPS - ok
13:35:57.0555 2260 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:35:57.0565 2260 usbhub - ok
13:35:57.0615 2260 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:35:57.0615 2260 usbprint - ok
13:35:57.0675 2260 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:35:57.0675 2260 USBSTOR - ok
13:35:57.0725 2260 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:35:57.0735 2260 usbuhci - ok
13:35:57.0795 2260 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:35:57.0795 2260 VgaSave - ok
13:35:57.0845 2260 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
13:35:57.0845 2260 ViaIde - ok
13:35:57.0896 2260 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:35:57.0896 2260 VolSnap - ok
13:35:58.0026 2260 Vsdatant (265c7cb9611e8ce0e9115cda45f109b2) C:\WINDOWS\system32\vsdatant.sys
13:35:58.0056 2260 Vsdatant - ok
13:35:58.0156 2260 vsmon - ok
13:35:58.0316 2260 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
13:35:58.0336 2260 VSS - ok
13:35:58.0506 2260 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
13:35:58.0526 2260 W32Time - ok
13:35:58.0586 2260 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:35:58.0586 2260 Wanarp - ok
13:35:58.0637 2260 WDICA - ok
13:35:58.0727 2260 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:35:58.0727 2260 wdmaud - ok
13:35:58.0857 2260 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
13:35:58.0867 2260 WebClient - ok
13:35:58.0997 2260 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:35:59.0007 2260 winmgmt - ok
13:35:59.0127 2260 WmBEnum (c8caeaeac96f4ef64d05198fe22223d8) C:\WINDOWS\system32\drivers\WmBEnum.sys
13:35:59.0127 2260 WmBEnum - ok
13:35:59.0267 2260 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
13:35:59.0277 2260 WmdmPmSN - ok
13:35:59.0348 2260 WmFilter (7355acb97101cfc6372e1d8da18d820c) C:\WINDOWS\system32\drivers\WmFilter.sys
13:35:59.0348 2260 WmFilter - ok
13:35:59.0398 2260 WmHidLo (131d0e6e7bf530e9d141644f7a708b53) C:\WINDOWS\system32\drivers\WmHidLo.sys
13:35:59.0408 2260 WmHidLo - ok
13:35:59.0488 2260 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:35:59.0508 2260 WmiApSrv - ok
13:35:59.0648 2260 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
13:35:59.0928 2260 WMPNetworkSvc - ok
13:36:00.0049 2260 WmVirHid (3749038c3fab5e8dd83cafef958a98ce) C:\WINDOWS\system32\drivers\WmVirHid.sys
13:36:00.0049 2260 WmVirHid - ok
13:36:00.0119 2260 WmXlCore (23dda103381bcaac9cfb233f040428c7) C:\WINDOWS\system32\drivers\WmXlCore.sys
13:36:00.0129 2260 WmXlCore - ok
13:36:00.0199 2260 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:36:00.0199 2260 WS2IFSL - ok
13:36:00.0389 2260 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll
13:36:00.0399 2260 wscsvc - ok
13:36:00.0549 2260 WSearch - ok
13:36:00.0700 2260 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
13:36:00.0700 2260 wuauserv - ok
13:36:01.0250 2260 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:36:01.0260 2260 WudfPf - ok
13:36:01.0421 2260 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
13:36:01.0431 2260 WudfSvc - ok
13:36:01.0551 2260 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
13:36:01.0601 2260 WZCSVC - ok
13:36:01.0721 2260 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
13:36:01.0741 2260 xmlprov - ok
13:36:01.0771 2260 MBR (0x1B8) (92c5e7677be580e74935392e39e290e2) \Device\Harddisk0\DR0
13:36:02.0532 2260 \Device\Harddisk0\DR0 - ok
13:36:02.0562 2260 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
13:36:02.0572 2260 \Device\Harddisk1\DR1 - ok
13:36:02.0612 2260 Boot (0x1200) (3adbc1b897a2212688f757eb3f7e71dd) \Device\Harddisk0\DR0\Partition0
13:36:02.0612 2260 \Device\Harddisk0\DR0\Partition0 - ok
13:36:02.0642 2260 Boot (0x1200) (9df2f6d788ea4cb13beddd6216db315d) \Device\Harddisk1\DR1\Partition0
13:36:02.0642 2260 \Device\Harddisk1\DR1\Partition0 - ok
13:36:02.0642 2260 ============================================================
13:36:02.0642 2260 Scan finished
13:36:02.0662 2260 ============================================================
13:36:02.0702 2264 Detected object count: 0
13:36:02.0702 2264 Actual detected object count: 0
13:37:29.0708 0252 Deinitialize success


TDSSKiller.exe ran, log is above. aswMBR.exe froze while scanning services, no log and no MBR.dat file on the desktop. Combofix froze at the usual place, no combofix.txt file.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:26 PM

Posted 08 August 2012 - 07:40 AM

I will try to identify the malware with this tool.
If after my next fix if the problem remains you will have to remove AVG completely. I'll let you know.

  • Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    proquota.exe
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
===

#9 lthftd

lthftd
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 08 August 2012 - 09:53 AM

OTL logfile created on: 8/8/2012 10:22:23 AM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\All Users\Documents\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

511.47 Mb Total Physical Memory | 257.25 Mb Available Physical Memory | 50.30% Memory free
1.22 Gb Paging File | 0.71 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.51 Gb Total Space | 47.68 Gb Free Space | 63.99% Space Free | Partition Type: FAT32
Drive D: | 37.27 Gb Total Space | 21.34 Gb Free Space | 57.26% Space Free | Partition Type: NTFS

Computer Name: OEMCOMPUTER | User Name: Arnold | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\All Users\Documents\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\SYSTEM32\devldr32.exe (Creative Technology Ltd.)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - (aspnet_state) -- File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (vsmon) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (nosGetPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (TSP) -- C:\WINDOWS\system32\drivers\klif.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (mxInsMon) -- C:\PROGRA~1\Ontrack\EASYUN~1\mxInsMon.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (IAI3300FilterService) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (EverestDriver) -- C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Arnold\LOCALS~1\Temp\catchme.sys File not found
DRV - (AVGIDSHX) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Vsdatant) -- C:\WINDOWS\SYSTEM32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (Avgtdix) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (Avgldx86) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Lbd) -- C:\WINDOWS\SYSTEM32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (gameenum) -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (SaiNtBus) -- C:\WINDOWS\SYSTEM32\DRIVERS\SaiBus.sys (Saitek)
DRV - (SaiMini) -- C:\WINDOWS\SYSTEM32\DRIVERS\SaiMini.sys (Saitek)
DRV - (SaiH040B) -- C:\WINDOWS\SYSTEM32\DRIVERS\SaiH040B.sys (Saitek)
DRV - (SaiU040B) -- C:\WINDOWS\SYSTEM32\DRIVERS\SaiU040B.sys (Saitek)
DRV - (AmdPPM) -- C:\WINDOWS\SYSTEM32\DRIVERS\AmdPPM.sys (Advanced Micro Devices)
DRV - (hidgame) -- C:\WINDOWS\SYSTEM32\DRIVERS\hidgame.sys (Microsoft Corporation)
DRV - (ltmodem5) -- C:\WINDOWS\SYSTEM32\DRIVERS\ltmdmnt.sys (LT)
DRV - (WmHidLo) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmHidLo.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmBEnum.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmVirHid.sys (Logitech Inc.)
DRV - (WmXlCore) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmXlCore.sys (Logitech Inc.)
DRV - (sfman) -- C:\WINDOWS\SYSTEM32\DRIVERS\sfmanm.sys (Creative Technology Ltd.)
DRV - (emu10k1) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctlfacem.sys (Creative Technology Ltd.)
DRV - (emu10k) -- C:\WINDOWS\SYSTEM32\DRIVERS\emu10k1m.sys (Creative Technology Ltd.)
DRV - (ctljystk) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctljystk.sys (Creative Technology Ltd.)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.99: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.3.37: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.3.37: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.3.37: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.3.37: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.3.37: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/25 16:47:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/06/13 14:57:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/06/13 17:26:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/06/13 17:26:28 | 000,000,000 | ---D | M]

[2012/06/13 14:58:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2011/07/25 16:23:28 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.20.3\bh\zonealarm.dll (Montera Technologeis LTD)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.20.3\zonealarmTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ISW] File not found
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\SYSTEM32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\printray.exe (Lexmark)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SupportSoft] RunDLL32.exe "C:\Documents and Settings\Arnold\Local Settings\Application Data\SupportSoft\zocwyehr.dll",InitEplgOE File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15031/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1194815985332 (MUCatalogWebControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1343059898297 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su/ocx/15031/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: DirectAnimation Java Classes file://c:\windows\SYSTEM\dajava.cab (Reg Error: Key error.)
O16 - DPF: Internet Explorer Classes for Java file://c:\windows\SYSTEM\iejava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\WEB\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\WEB\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/07 21:17:32 | 000,000,433 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2000/06/01 05:44:56 | 000,000,435 | -HS- | M] () - C:\AUTOEXEC.DOS -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (smrgdf C:\Program Files\iolo\System Mechanic 6\)
O34 - HKLM BootExecute: (iolobtdfg C:\WINDOWS\system32)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: LanmanWorkstation - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/08/08 09:57:14 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\Desktop\OTL.exe
[2012/08/07 18:55:29 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/08/07 18:51:56 | 000,000,000 | -HSD | C] -- C:\FOUND.003
[2012/08/07 18:44:39 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\All Users\Documents\Desktop\aswMBR.exe
[2012/08/07 18:26:44 | 000,000,000 | -HSD | C] -- C:\FOUND.002
[2012/08/07 18:12:20 | 000,000,000 | -HSD | C] -- C:\FOUND.001
[2012/08/07 13:33:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Desktop\tdsskiller
[2012/08/04 14:07:04 | 004,724,408 | R--- | C] (Swearware) -- C:\Documents and Settings\All Users\Documents\Desktop\ComboFix.exe
[2012/08/03 13:09:12 | 000,000,000 | -HSD | C] -- C:\FOUND.000
[2012/08/03 10:27:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/08/03 10:09:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/08/03 10:09:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/08/03 10:09:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/08/03 10:09:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/08/03 10:08:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/03 10:07:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/08/03 09:45:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2012/07/28 15:38:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Desktop\bleeping computer
[2012/07/28 10:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/07/23 09:25:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\SupportSoft
[2012/07/19 11:31:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Arnold\Local Settings\Application Data\SupportSoft
[2012/07/16 16:16:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[17 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/08 09:57:12 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\Desktop\OTL.exe
[2012/08/08 09:55:20 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/08 09:48:22 | 000,002,507 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Desktop\WordPerfect.lnk
[2012/08/08 09:36:30 | 000,002,485 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Desktop\Quattro Pro.lnk
[2012/08/08 09:31:16 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/08 09:31:04 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/08 09:15:20 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/08 09:14:20 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1123561945-706699826-1343024091-1004.job
[2012/08/08 09:13:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/08 09:13:52 | 536,383,488 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/07 18:44:38 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\All Users\Documents\Desktop\aswMBR.exe
[2012/08/06 10:53:06 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/08/06 10:53:06 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/08/04 14:07:00 | 004,724,408 | R--- | M] (Swearware) -- C:\Documents and Settings\All Users\Documents\Desktop\ComboFix.exe
[2012/08/03 10:27:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/08/01 10:30:14 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\jucheck.job
[2012/08/01 10:09:38 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\Arnold\My Documents\spider.sav
[2012/07/28 12:46:50 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Arnold\defogger_reenable
[2012/07/25 14:33:06 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1123561945-706699826-1343024091-1004.job
[2012/07/19 18:52:02 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/16 16:20:08 | 000,183,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/16 16:16:40 | 000,000,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/07/16 11:56:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[17 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/04 18:37:41 | 536,383,488 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/03 10:27:23 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/08/03 10:27:19 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/08/03 10:09:10 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/08/03 10:09:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/08/03 10:09:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/08/03 10:09:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/08/03 10:09:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/08/01 10:09:37 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\Arnold\My Documents\spider.sav
[2012/07/28 12:46:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Arnold\defogger_reenable
[2012/07/15 09:53:12 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/20 11:13:37 | 000,033,758 | ---- | C] () -- C:\Documents and Settings\Arnold\Local Settings\Application Data\dt.dat
[2012/02/16 10:14:22 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/22 13:49:00 | 000,581,632 | R--- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2011/08/12 14:27:08 | 000,000,014 | ---- | C] () -- C:\Documents and Settings\Arnold\usb
[2011/08/12 14:24:11 | 000,000,013 | ---- | C] () -- C:\Documents and Settings\Arnold\usboo1
[2011/05/14 14:17:16 | 000,227,386 | ---- | C] () -- C:\Documents and Settings\Arnold\Local Settings\Application Data\census.cache
[2011/05/14 14:16:50 | 000,175,742 | ---- | C] () -- C:\Documents and Settings\Arnold\Local Settings\Application Data\ars.cache
[2011/05/02 13:48:34 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/02 13:48:34 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/04/23 16:00:02 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Arnold\Local Settings\Application Data\housecall.guid.cache
[2006/07/31 11:37:44 | 000,002,664 | ---- | C] () -- C:\Program Files\Player00.chp
[2006/06/19 13:12:29 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Arnold\Application Data\PFP100JPR.{PB
[2006/06/19 13:12:29 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Arnold\Application Data\PFP100JCM.{PB
[2006/06/16 10:22:26 | 000,000,014 | ---- | C] () -- C:\Documents and Settings\Arnold\USB001
[2006/06/15 12:19:46 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\Arnold\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/07 21:15:49 | 000,011,079 | -H-- | C] () -- C:\Program Files\folder.htt

========== LOP Check ==========

[2006/12/21 13:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NFS Underground
[2007/09/19 16:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2008/03/24 11:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/02/11 15:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PassMark
[2009/02/14 13:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Saitek
[2009/04/10 15:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zenturi
[2009/04/16 13:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2009/06/25 11:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/07/17 11:35:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
[2011/01/25 10:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/06/13 13:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2012/06/13 15:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/06/13 15:28:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/06/13 17:26:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2007/05/11 15:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arnold\Application Data\WholeSecurity
[2009/02/14 15:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arnold\Application Data\Windows Search
[2009/05/20 14:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arnold\Application Data\Windows Desktop Search
[2010/01/23 12:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arnold\Application Data\Tific
[2010/11/11 13:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arnold\Application Data\AnvSoft
[2011/01/25 09:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arnold\Application Data\CheckPoint
[2011/10/24 17:47:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arnold\Application Data\Auslogics
[2012/06/13 17:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arnold\Application Data\Check Point Software Technologies LTD
[2012/06/13 17:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arnold\Application Data\AVG2012
[2012/08/01 10:30:14 | 000,000,332 | ---- | M] () -- C:\WINDOWS\Tasks\jucheck.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-07-16 21:49:51

< MD5 for: AGP440.SYS >
[2004/08/04 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/07/09 12:53:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/07/09 12:53:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\dllcache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SDTemp\Download.old\354955e5a48449db338e32557238a670\backup\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/07/09 12:53:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/07/09 12:53:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\dllcache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/04 12:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 12:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SDTemp\Download.old\354955e5a48449db338e32557238a670\backup\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008/04/13 20:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\cmdcons\autochk.exe
[2008/04/13 20:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008/04/13 20:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\SYSTEM32\autochk.exe
[2008/04/13 20:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\SYSTEM32\dllcache\autochk.exe
[2004/08/04 12:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe
[2004/08/04 12:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\SDTemp\Download.old\354955e5a48449db338e32557238a670\backup\autochk.exe

< MD5 for: BEEP.SYS >
[2004/08/04 12:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\SYSTEM32\dllcache\beep.sys
[2004/08/04 12:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\SYSTEM32\DRIVERS\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\dllcache\eventlog.dll
[2008/04/13 20:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 12:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/08/04 12:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\SDTemp\Download.old\354955e5a48449db338e32557238a670\backup\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 20:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SYSTEM32\dllcache\explorer.exe
[2007/06/13 07:26:04 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2004/08/04 12:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 12:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2004/08/04 12:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\SDTemp\Download.old\354955e5a48449db338e32557238a670\backup\explorer.exe

< MD5 for: KERNEL32.DLL >
[2007/04/16 12:07:28 | 000,986,112 | ---- | M] (Microsoft Corporation) MD5=09F7CB3687F86EDAA4CA081F7AB66C03 -- C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[2006/07/05 06:57:10 | 000,985,088 | ---- | M] (Microsoft Corporation) MD5=0FDD84928A5DDE2510761B7EC76CCEC9 -- C:\WINDOWS\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[2004/08/04 12:00:00 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
[2004/08/04 12:00:00 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\$NtUninstallKB935839$\kernel32.dll
[2004/08/04 12:00:00 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\SDTemp\Download.old\354955e5a48449db338e32557238a670\backup\kernel32.dll
[2009/03/21 10:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\SYSTEM32\dllcache\kernel32.dll
[2009/03/21 10:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\SYSTEM32\kernel32.dll
[2008/04/13 20:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
[2008/04/13 20:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[2009/03/21 09:59:24 | 000,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2004/08/04 12:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2004/08/04 12:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\SDTemp\Download.old\354955e5a48449db338e32557238a670\backup\mswsock.dll
[2008/06/20 13:46:58 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$NtUninstallKB2509553$\mswsock.dll
[2008/06/20 12:02:48 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\SYSTEM32\dllcache\mswsock.dll
[2008/06/20 12:02:48 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\SYSTEM32\mswsock.dll
[2008/04/13 20:12:02 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/13 20:12:02 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 13:43:06 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[2008/06/20 13:43:06 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/04/13 15:20:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 15:20:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SYSTEM32\dllcache\ndis.sys
[2008/04/13 15:20:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SYSTEM32\DRIVERS\ndis.sys
[2004/08/04 12:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
[2004/08/04 12:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\SDTemp\Download.old\354955e5a48449db338e32557238a670\backup\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\dllcache\netlogon.dll
[2008/04/13 20:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2004/08/04 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/04 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\SDTemp\Download.old\354955e5a48449db338e32557238a670\backup\netlogon.dll

< MD5 for: NTFS.SYS >
[2007/02/09 07:23:36 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=05AB81909514BFD69CBB1F2C147CF6B9 -- C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[2008/04/13 15:15:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008/04/13 15:15:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\SYSTEM32\dllcache\ntfs.sys
[2008/04/13 15:15:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\SYSTEM32\DRIVERS\ntfs.sys
[2004/08/03 23:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\cmdcons\NTFS.SYS
[2004/08/04 12:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
[2004/08/04 12:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtUninstallKB930916$\ntfs.sys
[2004/08/04 12:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\SDTemp\Download.old\354955e5a48449db338e32557238a670\backup\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2008/04/13 20:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[2008/04/13 20:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\SYSTEM32\dllcache\ntmssvc.dll
[2008/04/13 20:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\SYSTEM32\ntmssvc.dll
[2004/08/04 12:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll
[2004/08/04 12:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\WINDOWS\SDTemp\Download.old\354955e5a48449db338e32557238a670\backup\ntmssvc.dll

< MD5 for: PROQUOTA.EXE >
[2004/08/04 12:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2004/08/04 12:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\SDTemp\Download.old\354955e5a48449db338e32557238a670\backup\proquota.exe
[2008/04/13 20:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/13 20:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\SYSTEM32\dllcache\proquota.exe
[2008/04/13 20:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\SYSTEM32\proquota.exe

< MD5 for: QMGR.DLL >
[2004/08/04 08:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/13 20:12:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\SDTemp\Download.old\354955e5a48449db338e32557238a670\qmgr.dll
[2008/04/13 20:12:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 20:12:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\SYSTEM32\bits\qmgr.dll
[2008/04/13 20:12:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\SYSTEM32\dllcache\qmgr.dll
[2008/04/13 20:12:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\SYSTEM32\qmgr.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 12:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2004/08/04 12:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\SDTemp\Download.old\354955e5a48449db338e32557238a670\backup\scecli.dll
[2008/04/13 20:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\dllcache\scecli.dll
[2008/04/13 20:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2004/08/04 12:00:00 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2004/08/04 12:00:00 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\SDTemp\Download.old\354955e5a48449db338e32557238a670\backup\sfcfiles.dll
[2008/04/13 20:12:06 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/13 20:12:06 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\SYSTEM32\dllcache\sfcfiles.dll
[2008/04/13 20:12:06 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\SYSTEM32\sfcfiles.dll

< MD5 for: SPOOLSV.EXE >
[2010/08/17 09:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\SYSTEM32\dllcache\spoolsv.exe
[2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\SYSTEM32\spoolsv.exe
[2004/08/04 12:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
[2004/08/04 12:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
[2004/08/04 12:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\SDTemp\Download.old\354955e5a48449db338e32557238a670\backup\spoolsv.exe
[2005/06/10 17:17:14 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=AD3D9D191AEA7B5445FE1D82FFBB4788 -- C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[2008/04/13 20:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe
[2008/04/13 20:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe

< MD5 for: SRSVC.DLL >
[2008/04/13 20:12:08 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/13 20:12:08 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\SYSTEM32\dllcache\srsvc.dll
[2008/04/13 20:12:08 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\SYSTEM32\srsvc.dll
[2004/08/04 08:00:00 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll
[2004/08/04 08:00:00 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\SDTemp\Download.old\354955e5a48449db338e32557238a670\backup\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SYSTEM32\dllcache\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SYSTEM32\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/04 12:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2004/08/04 12:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\SDTemp\Download.old\354955e5a48449db338e32557238a670\backup\svchost.exe

< MD5 for: TERMSRV.DLL >
[2004/08/04 08:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04ADF16E6 -- C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
[2004/08/04 08:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04ADF16E6 -- C:\WINDOWS\SDTemp\Download.old\354955e5a48449db338e32557238a670\backup\termsrv.dll
[2008/04/13 20:12:08 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[2008/04/13 20:12:08 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\SYSTEM32\dllcache\termsrv.dll
[2008/04/13 20:12:08 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\SYSTEM32\termsrv.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 12:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2004/08/04 12:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\SDTemp\Download.old\354955e5a48449db338e32557238a670\backup\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2011/01/25 12:50:10 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SYSTEM32\dllcache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SYSTEM32\userinit.exe

< MD5 for: XMLPROV.DLL >
[2008/04/13 20:12:12 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[2008/04/13 20:12:12 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\SYSTEM32\dllcache\xmlprov.dll
[2008/04/13 20:12:12 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\SYSTEM32\xmlprov.dll
[2004/08/04 12:00:00 | 000,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll
[2004/08/04 12:00:00 | 000,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\WINDOWS\SDTemp\Download.old\354955e5a48449db338e32557238a670\backup\xmlprov.dll

< End of report >

#10 lthftd

lthftd
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 08 August 2012 - 09:54 AM

OTL Extras logfile created on: 8/8/2012 10:22:23 AM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\All Users\Documents\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

511.47 Mb Total Physical Memory | 257.25 Mb Available Physical Memory | 50.30% Memory free
1.22 Gb Paging File | 0.71 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.51 Gb Total Space | 47.68 Gb Free Space | 63.99% Space Free | Partition Type: FAT32
Drive D: | 37.27 Gb Total Space | 21.34 Gb Free Space | 57.26% Space Free | Partition Type: NTFS

Computer Name: OEMCOMPUTER | User Name: Arnold | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29D88826-2AB9-11D5-8854-00902761A46D}" = WordPerfect Office 2002 OEM
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E0C89A4-4040-47C7-AD0C-0E8226B6AFE2}" = AVG 2012
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6E84D0-AA30-11D1-A245-00A024C41DAA}" = Tasco SkyWatch (Remove only)
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE4E3960-DB28-4968-8B93-D26C79B50F10}" = WinFast GeForce2 MX Display Driver
"{B143D835-EBAF-4A39-8B31-1868FF4166C1}" = AVG 2012
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{D9313DEC-F4B0-430A-8565-63F8450D2D42}" = ZoneAlarm Security
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E8DBC0AE-4A2D-4859-84E9-C50C3EBA4DB0}" = ZoneAlarm Firewall
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8C8FC80-E542-11D3-8F7F-009027591AA8}" = CMN
"{FF70923C-8A51-47F4-A7E9-893C6D54EB68}" = TES Construction Set
"3ivx D4 4.5.1 Decoder" = 3ivx D4 4.5.1 Decoder (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Any Video Converter_is1" = Any Video Converter 3.1.0
"ASUS Probe V2.12.07" = ASUS Probe V2.12.07
"AVG" = AVG 2012
"DroneZ" = DroneZ
"FMS" = FMS
"GoldWave v4.12" = GoldWave v4.12
"Home Improvement 1-2-3" = Home Improvement 1-2-3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Insane Uninstall" = Insane
"LandDesigner 3D" = Sierra LandDesigner 3D
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mission Humanity" = Mission Humanity
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA Drivers" = NVIDIA Drivers
"QuickTime" = QuickTime
"RealPlayer 15.0" = RealPlayer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WNW Dictionary V2" = WNW Dictionary v2.0
"WordPerfect Office 2002 OEM" = WordPerfect Office 2002 OEM
"ZoneAlarm Free" = ZoneAlarm Free
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
"ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/20/2012 12:09:15 PM | Computer Name = OEMCOMPUTER | Source = Application Error | ID = 1001
Description = Fault bucket -1398798622.

Error - 7/19/2012 4:24:39 PM | Computer Name = OEMCOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/24/2012 3:12:18 PM | Computer Name = OEMCOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application fh.exe, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/26/2012 9:38:30 AM | Computer Name = OEMCOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/26/2012 9:39:58 AM | Computer Name = OEMCOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/26/2012 9:40:55 AM | Computer Name = OEMCOMPUTER | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 7/26/2012 3:34:09 PM | Computer Name = OEMCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 9.2.0.124, faulting module
jp2klib.dll, version 2.0.0.4526, fault address 0x00032c0d.

Error - 7/26/2012 3:34:48 PM | Computer Name = OEMCOMPUTER | Source = Application Error | ID = 1001
Description = Fault bucket 1505427799.

Error - 7/28/2012 1:39:43 PM | Computer Name = OEMCOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/28/2012 1:40:30 PM | Computer Name = OEMCOMPUTER | Source = Application Hang | ID = 1001
Description = Fault bucket 734037209.

[ System Events ]
Error - 8/6/2012 9:06:48 AM | Computer Name = OEMCOMPUTER | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 8/7/2012 8:34:14 AM | Computer Name = OEMCOMPUTER | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 8/7/2012 9:04:41 AM | Computer Name = OEMCOMPUTER | Source = Print | ID = 6161
Description = The document Document owned by Arnold failed to print on printer Lexmark
Z53 Color Jetprinter. Data type: NT EMF 1.008. Size of the spool file in bytes:
21592. Number of bytes printed: 0. Total number of pages in the document: 1. Number
of pages printed: 0. Client machine: \\OEMCOMPUTER. Win32 error code returned by
the print processor: 2 (0x2).

Error - 8/7/2012 1:30:58 PM | Computer Name = OEMCOMPUTER | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 8/7/2012 2:08:59 PM | Computer Name = OEMCOMPUTER | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 8/7/2012 6:14:02 PM | Computer Name = OEMCOMPUTER | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 8/7/2012 6:27:58 PM | Computer Name = OEMCOMPUTER | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 8/7/2012 6:53:37 PM | Computer Name = OEMCOMPUTER | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 8/7/2012 7:19:31 PM | Computer Name = OEMCOMPUTER | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 8/8/2012 9:15:18 AM | Computer Name = OEMCOMPUTER | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747


< End of report >

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:26 PM

Posted 08 August 2012 - 01:45 PM

Nothing suspicious was found. Only these items that are empty remnant entries in the registry.

Run OTL - Double-click OTL.exe Posted Image to start it.

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - (aspnet_state) -- File not found
    DRV - (WDICA) -- File not found
    DRV - (TSP) -- C:\WINDOWS\system32\drivers\klif.sys File not found
    DRV - (PDRFRAME) -- File not found
    DRV - (PDRELI) -- File not found
    DRV - (PDFRAME) -- File not found
    DRV - (PDCOMP) -- File not found
    DRV - (PCIDump) -- File not found
    DRV - (mxInsMon) -- C:\PROGRA~1\Ontrack\EASYUN~1\mxInsMon.sys File not found
    DRV - (lbrtfdc) -- File not found
    DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
    DRV - (IAI3300FilterService) -- File not found
    DRV - (i2omgmt) -- File not found
    DRV - (EverestDriver) -- C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt File not found
    DRV - (Changer) -- File not found
    DRV - (catchme) -- C:\DOCUME~1\Arnold\LOCALS~1\Temp\catchme.sys File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    O4 - HKCU..\Run: [SupportSoft] RunDLL32.exe "C:\Documents and Settings\Arnold\Local Settings\Application Data\SupportSoft\zocwyehr.dll",InitEplgOE File not found
    O16 - DPF: DirectAnimation Java Classes file://c:\windows\SYSTEM\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Internet Explorer Classes for Java file://c:\windows\SYSTEM\iejava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

If still unable to run ComboFix and the problem persists I suggest you remove AVG..

Use this tool to remove it completely.

Please download the AVG Remover and Save it to your Desktop.
  • Close all programs and double-click avgremover.exe then click Run
  • In Vista/Win7, right-click and choose 'Run as administrator'.
  • Follow the on-screen instructions.
  • Restart your computer if asked.
  • Then delete avgremover.exe from your desktop.

===

Before you remove AVG install the Microsoft Security Essentials.

http://windows.microsoft.com/en-US/windows/products/security-essentials
Run the Tool.

Then proceed to remove AVG, and run ComboFix.

Post the lots if you can.

Edited by nasdaq, 21 August 2012 - 07:47 AM.


#12 lthftd

lthftd
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 09 August 2012 - 09:31 AM

Ran otl.exe with the second Custom Scans/Fixes code, here's the log:

OTL logfile created on: 8/8/2012 4:16:12 PM - Run 2
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\All Users\Documents\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

511.47 Mb Total Physical Memory | 215.66 Mb Available Physical Memory | 42.16% Memory free
1.22 Gb Paging File | 0.93 Gb Available in Paging File | 75.84% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.51 Gb Total Space | 47.69 Gb Free Space | 64.00% Space Free | Partition Type: FAT32
Drive D: | 37.27 Gb Total Space | 21.34 Gb Free Space | 57.26% Space Free | Partition Type: NTFS

Computer Name: OEMCOMPUTER | User Name: Arnold | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\All Users\Documents\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\SYSTEM32\devldr32.exe (Creative Technology Ltd.)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (vsmon) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (nosGetPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)


========== Driver Services (SafeList) ==========

DRV - (AVGIDSHX) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Vsdatant) -- C:\WINDOWS\SYSTEM32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (Avgtdix) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (Avgldx86) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Lbd) -- C:\WINDOWS\SYSTEM32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (gameenum) -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (SaiNtBus) -- C:\WINDOWS\SYSTEM32\DRIVERS\SaiBus.sys (Saitek)
DRV - (SaiMini) -- C:\WINDOWS\SYSTEM32\DRIVERS\SaiMini.sys (Saitek)
DRV - (SaiH040B) -- C:\WINDOWS\SYSTEM32\DRIVERS\SaiH040B.sys (Saitek)
DRV - (SaiU040B) -- C:\WINDOWS\SYSTEM32\DRIVERS\SaiU040B.sys (Saitek)
DRV - (AmdPPM) -- C:\WINDOWS\SYSTEM32\DRIVERS\AmdPPM.sys (Advanced Micro Devices)
DRV - (hidgame) -- C:\WINDOWS\SYSTEM32\DRIVERS\hidgame.sys (Microsoft Corporation)
DRV - (ltmodem5) -- C:\WINDOWS\SYSTEM32\DRIVERS\ltmdmnt.sys (LT)
DRV - (WmHidLo) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmHidLo.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmBEnum.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmVirHid.sys (Logitech Inc.)
DRV - (WmXlCore) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmXlCore.sys (Logitech Inc.)
DRV - (sfman) -- C:\WINDOWS\SYSTEM32\DRIVERS\sfmanm.sys (Creative Technology Ltd.)
DRV - (emu10k1) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctlfacem.sys (Creative Technology Ltd.)
DRV - (emu10k) -- C:\WINDOWS\SYSTEM32\DRIVERS\emu10k1m.sys (Creative Technology Ltd.)
DRV - (ctljystk) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctljystk.sys (Creative Technology Ltd.)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.99: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.3.37: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.3.37: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.3.37: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.3.37: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.3.37: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/25 16:47:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/06/13 14:57:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/06/13 17:26:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/06/13 17:26:28 | 000,000,000 | ---D | M]

[2012/06/13 14:58:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2011/07/25 16:23:28 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.20.3\bh\zonealarm.dll (Montera Technologeis LTD)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.20.3\zonealarmTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ISW] File not found
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\SYSTEM32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\printray.exe (Lexmark)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15031/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1194815985332 (MUCatalogWebControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1343059898297 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su/ocx/15031/CTPID.cab (Creative Software AutoUpdate Support Package)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\WEB\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\WEB\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/07 21:17:32 | 000,000,433 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2000/06/01 05:44:56 | 000,000,435 | -HS- | M] () - C:\AUTOEXEC.DOS -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (smrgdf C:\Program Files\iolo\System Mechanic 6\)
O34 - HKLM BootExecute: (iolobtdfg C:\WINDOWS\system32)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/08 16:10:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/08 09:57:14 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\Desktop\OTL.exe
[2012/08/07 18:55:29 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/08/07 18:51:56 | 000,000,000 | -HSD | C] -- C:\FOUND.003
[2012/08/07 18:44:39 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\All Users\Documents\Desktop\aswMBR.exe
[2012/08/07 18:26:44 | 000,000,000 | -HSD | C] -- C:\FOUND.002
[2012/08/07 18:12:20 | 000,000,000 | -HSD | C] -- C:\FOUND.001
[2012/08/07 13:33:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Desktop\tdsskiller
[2012/08/04 14:07:04 | 004,724,408 | R--- | C] (Swearware) -- C:\Documents and Settings\All Users\Documents\Desktop\ComboFix.exe
[2012/08/03 13:09:12 | 000,000,000 | -HSD | C] -- C:\FOUND.000
[2012/08/03 10:27:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/08/03 10:09:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/08/03 10:09:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/08/03 10:09:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/08/03 10:09:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/08/03 10:08:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/03 10:07:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/08/03 09:45:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2012/07/28 15:38:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Desktop\bleeping computer
[2012/07/28 10:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/07/23 09:25:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\SupportSoft
[2012/07/19 11:31:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Arnold\Local Settings\Application Data\SupportSoft
[2012/07/16 16:16:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[17 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/08 16:15:18 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/08 16:14:44 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/08 16:14:44 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1123561945-706699826-1343024091-1004.job
[2012/08/08 16:14:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/08 16:14:22 | 536,383,488 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/08 15:55:02 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/08 15:31:10 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/08 14:33:02 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1123561945-706699826-1343024091-1004.job
[2012/08/08 09:57:12 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\Desktop\OTL.exe
[2012/08/08 09:48:22 | 000,002,507 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Desktop\WordPerfect.lnk
[2012/08/08 09:36:30 | 000,002,485 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Desktop\Quattro Pro.lnk
[2012/08/07 18:44:38 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\All Users\Documents\Desktop\aswMBR.exe
[2012/08/04 14:07:00 | 004,724,408 | R--- | M] (Swearware) -- C:\Documents and Settings\All Users\Documents\Desktop\ComboFix.exe
[2012/08/03 10:27:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/08/01 10:30:14 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\jucheck.job
[2012/08/01 10:09:38 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\Arnold\My Documents\spider.sav
[2012/07/28 12:46:50 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Arnold\defogger_reenable
[2012/07/19 18:52:02 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/16 16:20:08 | 000,183,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/16 16:16:40 | 000,000,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/07/16 11:56:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[17 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/04 18:37:41 | 536,383,488 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/03 10:27:23 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/08/03 10:27:19 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/08/03 10:09:10 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/08/03 10:09:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/08/03 10:09:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/08/03 10:09:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/08/03 10:09:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/08/01 10:09:37 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\Arnold\My Documents\spider.sav
[2012/07/28 12:46:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Arnold\defogger_reenable
[2012/07/15 09:53:12 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/20 11:13:37 | 000,033,758 | ---- | C] () -- C:\Documents and Settings\Arnold\Local Settings\Application Data\dt.dat
[2012/02/16 10:14:22 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/22 13:49:00 | 000,581,632 | R--- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2011/08/12 14:27:08 | 000,000,014 | ---- | C] () -- C:\Documents and Settings\Arnold\usb
[2011/08/12 14:24:11 | 000,000,013 | ---- | C] () -- C:\Documents and Settings\Arnold\usboo1
[2011/05/14 14:17:16 | 000,227,386 | ---- | C] () -- C:\Documents and Settings\Arnold\Local Settings\Application Data\census.cache
[2011/05/14 14:16:50 | 000,175,742 | ---- | C] () -- C:\Documents and Settings\Arnold\Local Settings\Application Data\ars.cache
[2011/05/02 13:48:34 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/02 13:48:34 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/04/23 16:00:02 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Arnold\Local Settings\Application Data\housecall.guid.cache
[2006/07/31 11:37:44 | 000,002,664 | ---- | C] () -- C:\Program Files\Player00.chp
[2006/06/19 13:12:29 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Arnold\Application Data\PFP100JPR.{PB
[2006/06/19 13:12:29 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Arnold\Application Data\PFP100JCM.{PB
[2006/06/16 10:22:26 | 000,000,014 | ---- | C] () -- C:\Documents and Settings\Arnold\USB001
[2006/06/15 12:19:46 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\Arnold\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/07 21:15:49 | 000,011,079 | -H-- | C] () -- C:\Program Files\folder.htt

========== LOP Check ==========

[2006/12/21 13:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NFS Underground
[2007/09/19 16:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2008/03/24 11:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/02/11 15:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PassMark
[2009/02/14 13:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Saitek
[2009/04/10 15:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zenturi
[2009/04/16 13:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2009/06/25 11:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/07/17 11:35:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
[2011/01/25 10:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/06/13 13:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2012/06/13 15:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/06/13 15:28:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/06/13 17:26:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2007/05/11 15:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arnold\Application Data\WholeSecurity
[2009/02/14 15:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arnold\Application Data\Windows Search
[2009/05/20 14:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arnold\Application Data\Windows Desktop Search
[2010/01/23 12:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arnold\Application Data\Tific
[2010/11/11 13:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arnold\Application Data\AnvSoft
[2011/01/25 09:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arnold\Application Data\CheckPoint
[2011/10/24 17:47:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arnold\Application Data\Auslogics
[2012/06/13 17:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arnold\Application Data\Check Point Software Technologies LTD
[2012/06/13 17:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arnold\Application Data\AVG2012
[2012/08/01 10:30:14 | 000,000,332 | ---- | M] () -- C:\WINDOWS\Tasks\jucheck.job

========== Purity Check ==========



< End of report >

Ran ComboFix.exe. The scan froze at the usual place.
Downloaded MS Security Essentials, installed it. Disabled AVG Anti-Virus and ran a full MSSE scan. MSSE found two malware: OTL logfile created on: 8/8/2012 4:16:12 PM - Run 2
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\All Users\Documents\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

511.47 Mb Total Physical Memory | 215.66 Mb Available Physical Memory | 42.16% Memory free
1.22 Gb Paging File | 0.93 Gb Available in Paging File | 75.84% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.51 Gb Total Space | 47.69 Gb Free Space | 64.00% Space Free | Partition Type: FAT32
Drive D: | 37.27 Gb Total Space | 21.34 Gb Free Space | 57.26% Space Free | Partition Type: NTFS

Computer Name: OEMCOMPUTER | User Name: Arnold | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\All Users\Documents\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\SYSTEM32\devldr32.exe (Creative Technology Ltd.)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (vsmon) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (nosGetPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)


========== Driver Services (SafeList) ==========

DRV - (AVGIDSHX) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Vsdatant) -- C:\WINDOWS\SYSTEM32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (Avgtdix) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (Avgldx86) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Lbd) -- C:\WINDOWS\SYSTEM32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (gameenum) -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (SaiNtBus) -- C:\WINDOWS\SYSTEM32\DRIVERS\SaiBus.sys (Saitek)
DRV - (SaiMini) -- C:\WINDOWS\SYSTEM32\DRIVERS\SaiMini.sys (Saitek)
DRV - (SaiH040B) -- C:\WINDOWS\SYSTEM32\DRIVERS\SaiH040B.sys (Saitek)
DRV - (SaiU040B) -- C:\WINDOWS\SYSTEM32\DRIVERS\SaiU040B.sys (Saitek)
DRV - (AmdPPM) -- C:\WINDOWS\SYSTEM32\DRIVERS\AmdPPM.sys (Advanced Micro Devices)
DRV - (hidgame) -- C:\WINDOWS\SYSTEM32\DRIVERS\hidgame.sys (Microsoft Corporation)
DRV - (ltmodem5) -- C:\WINDOWS\SYSTEM32\DRIVERS\ltmdmnt.sys (LT)
DRV - (WmHidLo) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmHidLo.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmBEnum.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmVirHid.sys (Logitech Inc.)
DRV - (WmXlCore) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmXlCore.sys (Logitech Inc.)
DRV - (sfman) -- C:\WINDOWS\SYSTEM32\DRIVERS\sfmanm.sys (Creative Technology Ltd.)
DRV - (emu10k1) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctlfacem.sys (Creative Technology Ltd.)
DRV - (emu10k) -- C:\WINDOWS\SYSTEM32\DRIVERS\emu10k1m.sys (Creative Technology Ltd.)
DRV - (ctljystk) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctljystk.sys (Creative Technology Ltd.)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.99: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.3.37: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.3.37: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.3.37: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.3.37: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.3.37: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/25 16:47:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/06/13 14:57:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/06/13 17:26:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/06/13 17:26:28 | 000,000,000 | ---D | M]

[2012/06/13 14:58:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2011/07/25 16:23:28 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.20.3\bh\zonealarm.dll (Montera Technologeis LTD)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.20.3\zonealarmTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ISW] File not found
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\SYSTEM32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\printray.exe (Lexmark)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15031/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1194815985332 (MUCatalogWebControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1343059898297 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su/ocx/15031/CTPID.cab (Creative Software AutoUpdate Support Package)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\WEB\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\WEB\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/07 21:17:32 | 000,000,433 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2000/06/01 05:44:56 | 000,000,435 | -HS- | M] () - C:\AUTOEXEC.DOS -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (smrgdf C:\Program Files\iolo\System Mechanic 6\)
O34 - HKLM BootExecute: (iolobtdfg C:\WINDOWS\system32)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/08 16:10:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/08 09:57:14 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\Desktop\OTL.exe
[2012/08/07 18:55:29 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/08/07 18:51:56 | 000,000,000 | -HSD | C] -- C:\FOUND.003
[2012/08/07 18:44:39 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\All Users\Documents\Desktop\aswMBR.exe
[2012/08/07 18:26:44 | 000,000,000 | -HSD | C] -- C:\FOUND.002
[2012/08/07 18:12:20 | 000,000,000 | -HSD | C] -- C:\FOUND.001
[2012/08/07 13:33:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Desktop\tdsskiller
[2012/08/04 14:07:04 | 004,724,408 | R--- | C] (Swearware) -- C:\Documents and Settings\All Users\Documents\Desktop\ComboFix.exe
[2012/08/03 13:09:12 | 000,000,000 | -HSD | C] -- C:\FOUND.000
[2012/08/03 10:27:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/08/03 10:09:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/08/03 10:09:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/08/03 10:09:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/08/03 10:09:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/08/03 10:08:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/03 10:07:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/08/03 09:45:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2012/07/28 15:38:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Desktop\bleeping computer
[2012/07/28 10:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/07/23 09:25:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\SupportSoft
[2012/07/19 11:31:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Arnold\Local Settings\Application Data\SupportSoft
[2012/07/16 16:16:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[17 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/08 16:15:18 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/08 16:14:44 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/08 16:14:44 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1123561945-706699826-1343024091-1004.job
[2012/08/08 16:14:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/08 16:14:22 | 536,383,488 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/08 15:55:02 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/08 15:31:10 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/08 14:33:02 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1123561945-706699826-1343024091-1004.job
[2012/08/08 09:57:12 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\Desktop\OTL.exe
[2012/08/08 09:48:22 | 000,002,507 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Desktop\WordPerfect.lnk
[2012/08/08 09:36:30 | 000,002,485 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Desktop\Quattro Pro.lnk
[2012/08/07 18:44:38 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\All Users\Documents\Desktop\aswMBR.exe
[2012/08/04 14:07:00 | 004,724,408 | R--- | M] (Swearware) -- C:\Documents and Settings\All Users\Documents\Desktop\ComboFix.exe
[2012/08/03 10:27:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/08/01 10:30:14 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\jucheck.job
[2012/08/01 10:09:38 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\Arnold\My Documents\spider.sav
[2012/07/28 12:46:50 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Arnold\defogger_reenable
[2012/07/19 18:52:02 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/16 16:20:08 | 000,183,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/16 16:16:40 | 000,000,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/07/16 11:56:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[17 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/04 18:37:41 | 536,383,488 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/03 10:27:23 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/08/03 10:27:19 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/08/03 10:09:10 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/08/03 10:09:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/08/03 10:09:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/08/03 10:09:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/08/03 10:09:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/08/01 10:09:37 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\Arnold\My Documents\spider.sav
[2012/07/28 12:46:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Arnold\defogger_reenable
[2012/07/15 09:53:12 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/20 11:13:37 | 000,033,758 | ---- | C] () -- C:\Documents and Settings\Arnold\Local Settings\Application Data\dt.dat
[2012/02/16 10:14:22 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/22 13:49:00 | 000,581,632 | R--- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2011/08/12 14:27:08 | 000,000,014 | ---- | C] () -- C:\Documents and Settings\Arnold\usb
[2011/08/12 14:24:11 | 000,000,013 | ---- | C] () -- C:\Documents and Settings\Arnold\usboo1
[2011/05/14 14:17:16 | 000,227,386 | ---- | C] () -- C:\Documents and Settings\Arnold\Local Settings\Application Data\census.cache
[2011/05/14 14:16:50 | 000,175,742 | ---- | C] () -- C:\Documents and Settings\Arnold\Local Settings\Application Data\ars.cache
[2011/05/02 13:48:34 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/02 13:48:34 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/04/23 16:00:02 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Arnold\Local Settings\Application Data\housecall.guid.cache
[2006/07/31 11:37:44 | 000,002,664 | ---- | C] () -- C:\Program Files\Player00.chp
[2006/06/19 13:12:29 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Arnold\Application Data\PFP100JPR.{PB
[2006/06/19 13:12:29 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Arnold\Application Data\PFP100JCM.{PB
[2006/06/16 10:22:26 | 000,000,014 | ---- | C] () -- C:\Documents and Settings\Arnold\USB001
[2006/06/15 12:19:46 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\Arnold\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/07 21:15:49 | 000,011,079 | -H-- | C] () -- C:\Program Files\folder.htt

========== LOP Check ==========

[2006/12/21 13:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NFS Underground
[2007/09/19 16:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2008/03/24 11:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/02/11 15:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PassMark
[2009/02/14 13:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Saitek
[2009/04/10 15:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zenturi
[2009/04/16 13:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2009/06/25 11:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/07/17 11:35:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
[2011/01/25 10:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/06/13 13:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2012/06/13 15:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/06/13 15:28:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/06/13 17:26:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2007/05/11 15:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arnold\Application Data\WholeSecurity
[2009/02/14 15:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arnold\Application Data\Windows Search
[2009/05/20 14:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arnold\Application Data\Windows Desktop Search
[2010/01/23 12:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arnold\Application Data\Tific
[2010/11/11 13:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arnold\Application Data\AnvSoft
[2011/01/25 09:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arnold\Application Data\CheckPoint
[2011/10/24 17:47:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arnold\Application Data\Auslogics
[2012/06/13 17:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arnold\Application Data\Check Point Software Technologies LTD
[2012/06/13 17:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arnold\Application Data\AVG2012
[2012/08/01 10:30:14 | 000,000,332 | ---- | M] () -- C:\WINDOWS\Tasks\jucheck.job

========== Purity Check ==========



< End of report >
Ran ComboFix. It froze at the usual place.
Downloaded MS Security Essentials.
Disabled AVG Anti-Virus
Installed MSSE. Ran a full scan, found two malware: Trojan:Win32/Tracur.AU ITEMS:file:C:\System Volume Information\_restore{D60EBC2B-A5B0-4F21-9801-3809967FD1AD}\RP151\A0016221.old
Also found: Adware:Win32/opencandy Items: containerfile:C:\My Downloads\video\avc-free.exe file:C:\My Downloads\video\avc-free.exe->(inno#000279)
Removed the two threats.
MSSE: unchecked the settings>turn on realtime protection.
Ran avgremover.ex. The AVG Anti-virus tray icon and user interface are still on the computer. Ran avgremover two more times and rebooted. AVG Anti-Virus is still here.
Ran Combofix and recieved the message: ComboFix has detected the following realtime scanner(s) to be active: Antivirus: AVG Anti-Virus Free Editiion 2012. Did not finish running Combofix.

#13 lthftd

lthftd
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 09 August 2012 - 09:37 AM

Attached the avgremover.exe log

Attached Files



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:26 PM

Posted 09 August 2012 - 01:19 PM

Download Revo Uninstaller

http://majorgeeks.com/Revo_Uninstaller_d5706.html

Revo Uninstaller helps you to remove any unwanted application installed on your computer.

Remove all traces of AVG 2012.

When done restart the computer.

Try to run ComboFix to completion.

#15 lthftd

lthftd
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 10 August 2012 - 02:25 PM

Ran a scan with MSSE. It found another instance of Adware:win32/OpenCandy Item: file:C:\System Volume Information\_restore{D60EBC2B-A5B0-4F21-9801-3809967FD1AD}\RP156\A0024666.exe
Ran revo. The AVG uninstaller had a setup error:
Driver installation failed
severity: error
error message: general internal error
additional message: the removal of the product failed
@AVGMSI_Error27046
driver installation failed (0xE0010057)
context: uninstallation of AVG,MSI action failed
After AVG's native uninstaller failed Revo continued with the uninstallation, deleting registry entries and files. It appeared to have worked, the AVG icon is gone from the tray.
Rebooted.
When Combofix is run the (disabled) MSSE icon dissappears from the tray, then a message appears: ComboFix has detected the following realtime scanner(s) to be active: Anti-virus: AVG Anti-Virus Free Edition 2012. Another warning about the scanner and Combofix conflicting comes up. I ran combofix anyway and it stalled in the usual place. Tried rebooting one more time and running Combofix with the same result.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users