Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Security Sheild keeps coming back


  • This topic is locked This topic is locked
12 replies to this topic

#1 ImmortalJman

ImmortalJman

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 30 July 2012 - 01:37 PM

Computer Configuration:

Windows XP professional 32bit Service Pack 3

My wife started complaining that when she would click a link to go to a webpage from a search engine or even on a webpage that it would redirect here to some weird webpage with similar search results, etc. But now, Windows Firewall has been disabled and so has Microsoft Security Essentials. After trying to do the preparation guide. I also ran Malware Bytes with some effectiveness before I found this forum. It did get rid of Windows Security Shield and didn't have the same web browser problems. I even got Microsoft Security Essentials reinstalled. However, it came back overnight and disabled everything again. I can't get DDS to finish and post a log. And now I've got a screen that came up saying that the FBI has locked the computer until I pay them $200 (FBI MoneyPak Malware Scam). I can't even use CTRL ALT DELETE to get that up or use ALT TAB to get to a different screen. Really quite ingenious, unfortunately. I'm kind of at a loss if I can't even log into a normal desktop. I might be able to load into Safe Mode. Any ideas?

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,943 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:33 AM

Posted 04 August 2012 - 10:41 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Execute the instructions on this page.

Remove the FBI MoneyPak Ransomware
http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware

At any time you need advice on how to proceed please ask.

===

When done,


Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

Let me know what problem persists.

#3 ImmortalJman

ImmortalJman
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 04 August 2012 - 07:29 PM

So, before I got your reply (thank you very much by the way), I ended up using Kaspersky Rescue Disk to remove the MoneyPak thing. It did work and I can get into a normal boot environment. I've also ran Malware Bytes and that got some things too. I haven't been running the computer long enough since then to see if something strange has happened other than the fact that my Desktop icons and files won't show up. They are still there however because I can find them under the desktop folder just fine. Even if you just copy a file to the desktop it doesn't show up either. Anyways, it's lot of info so here are their logs.

DDS.scr

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Jason at 8:11:04 on 2012-08-01
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.starwars.com/
uSearch Page =
uSearch Bar =
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Ai Nap] "c:\program files\asus\ai suite\ainap\AiNap.exe"
mRun: [QFan Help] "c:\program files\asus\ai suite\qfan3\QFanHelp.exe"
mRun: [Cpu Level Up help] c:\program files\asus\ai suite\CpuLevelUpHelp.exe
mRun: [Adobe Version Cue CS2] "c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [CY_BG] c:\windows\bp_bg.exe
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQ"&"inst=NwA3AC0AMwAzADIANgA4ADEANAAyADkALQBLAFYAMwArADcALQBCAEEAKwAxAC0AWABMACsAMQAtAFQANAAtAFMAVAAxACsAMgAtAA"&"prod=90"&"ver=9.0.864
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\activc~1.lnk - c:\program files\actividentity\activclient\acsagent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-100000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
uPolicies-explorer: NoDesktop = 1 (0x1)
uPolicies-system: disableregistrytools = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1343480055817
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343480123442
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{BC87A760-27D2-4E70-A529-D557276B29FA} : NameServer = 68.105.28.12,68.105.29.12
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program files\mimectl.dll
Handler: x-owacid - {0215258f-f0a8-49de-bf1b-0ff02eda8807} - c:\program files\microsoft\outlook web access smime client\mimectl.dll
Notify: ackpbsc - c:\windows\system32\ackpbsc.dll
Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 66.197.194.231 www.google-analytics.com.
Hosts: 66.197.194.231 ad-emea.doubleclick.net.
Hosts: 66.197.194.231 www.statcounter.com.
Hosts: 69.72.252.254 www.google-analytics.com.
Hosts: 69.72.252.254 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jason\application data\mozilla\firefox\profiles\pl4oxq27.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.starwars.com/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm4584AUS&ptnrS=ZUxdm4584AUS&ptb=9hN9uexMCIJ_PKeMKZmnSA&ind=2010091819&n=77cf912b&psa=&st=kwd&searchfor=
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\adobe\adobe acrobat 7.0\acrobat\browser\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-07-31 10:05:37 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-07-29 20:30:44 -------- d-----w- c:\documents and settings\jason\application data\Roaming
2012-07-29 17:19:52 -------- d-----w- c:\program files\ESET
2012-07-29 16:30:53 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5180b801-4bb4-4183-a6fb-e9e029d79f46}\mpengine.dll
2012-07-29 16:26:26 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-28 17:32:55 -------- d-sha-r- C:\cmdcons
2012-07-28 14:52:24 -------- d-----w- c:\documents and settings\jason\application data\Malwarebytes
2012-07-28 14:51:45 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-07-28 14:51:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-28 14:51:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-28 14:32:43 -------- d-----w- c:\documents and settings\jason\local settings\application data\Google
2012-07-28 12:54:33 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-07-04 19:16:21 8832 ----a-w- c:\windows\system32\drivers\UsbCm_pj.sys
2012-07-04 19:16:21 -------- d-----w- c:\program files\ILA-FPJ
.
==================== Find3M ====================
.
2012-06-04 22:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 17:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 8:13:06.64 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Hosts File Hijack ======================
.
Hosts: 66.197.194.231 www.google-analytics.com.
Hosts: 66.197.194.231 ad-emea.doubleclick.net.
Hosts: 66.197.194.231 www.statcounter.com.
Hosts: 69.72.252.254 www.google-analytics.com.
Hosts: 69.72.252.254 ad-emea.doubleclick.net.
Hosts: 69.72.252.254 www.statcounter.com.
.
==== Installed Programs ======================
.
7-Zip 9.20
ActivClient CAC 6.1 AFR
Adobe Acrobat 7.0 Professional
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe GoLive CS2
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe InDesign CS2
Adobe Photoshop CS2
Adobe Premiere Pro 1.5
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe Version Cue CS2
AI Suite
AMD Catalyst Install Manager
AMD OverDrive
AMD Processor Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI AVIVO Codecs
ATI Parental Control & Encoder
Backpack Driver
Bonjour
BootDisk2BootStick 0.10
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cessna Multimedia Version 5.1
Cessna Multimedia Version 5.1a
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
DeinoMPI
DVRMSToolbox
ESET Online Scanner v3
Evrsoft First Page 2006
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 2100 series
hp psc 2100 series
ILA-FPJ Updater for X3
iTunes
Java Auto Updater
Java™ 6 Update 24
JumpStart Advanced Discovery Time
JumpStart Advanced Play & Learn Time
JumpStart Advanced School Time
JumpStart Advanced Sing-Along Time
LG USB Modem driver
Malwarebytes Anti-Malware version 1.62.0.1300
Memorex exPressit Label Design Studio
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Flight Simulator X
Microsoft Flight Simulator X Service Pack 1
Microsoft Flight Simulator X Service Pack 2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Outlook Web Access S/MIME
Microsoft Outlook Web Access S/MIME (2007)
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft WinUsb 1.0
Mozilla Firefox 11.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MyDVD
OGA Notifier 2.0.0048.0
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
ShowAnalyzer
ShowBiz
Shutterfly Express Uploader
Skype Toolbars
Skype™ 5.3
Suite Specific
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinISO 5.3
.
==== End Of File ===========================

DDS.com


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Jason at 18:59:11 on 2012-08-04
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2578 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DeinoMPI\bin\DeinoPM.exe
c:\program files\dvrmstoolbox\dvrmsfilewatcherservice.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\bp_bg.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcrobatInfo.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.starwars.com/
uSearch Page =
uSearch Bar =
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Ai Nap] "c:\program files\asus\ai suite\ainap\AiNap.exe"
mRun: [QFan Help] "c:\program files\asus\ai suite\qfan3\QFanHelp.exe"
mRun: [Cpu Level Up help] c:\program files\asus\ai suite\CpuLevelUpHelp.exe
mRun: [Adobe Version Cue CS2] "c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [CY_BG] c:\windows\bp_bg.exe
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQ"&"inst=NwA3AC0AMwAzADIANgA4ADEANAAyADkALQBLAFYAMwArADcALQBCAEEAKwAxAC0AWABMACsAMQAtAFQANAAtAFMAVAAxACsAMgAtAA"&"prod=90"&"ver=9.0.864
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\activc~1.lnk - c:\program files\actividentity\activclient\acsagent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-100000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
uPolicies-system: DisableTaskMgr = 0
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1343480055817
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343480123442
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{BC87A760-27D2-4E70-A529-D557276B29FA} : NameServer = 68.105.28.12,68.105.29.12
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program files\mimectl.dll
Handler: x-owacid - {0215258f-f0a8-49de-bf1b-0ff02eda8807} - c:\program files\microsoft\outlook web access smime client\mimectl.dll
Notify: ackpbsc - c:\windows\system32\ackpbsc.dll
Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 66.197.194.231 www.google-analytics.com.
Hosts: 66.197.194.231 ad-emea.doubleclick.net.
Hosts: 66.197.194.231 www.statcounter.com.
Hosts: 69.72.252.254 www.google-analytics.com.
Hosts: 69.72.252.254 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jason\application data\mozilla\firefox\profiles\pl4oxq27.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.starwars.com/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm4584AUS&ptnrS=ZUxdm4584AUS&ptb=9hN9uexMCIJ_PKeMKZmnSA&ind=2010091819&n=77cf912b&psa=&st=kwd&searchfor=
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\adobe\adobe acrobat 7.0\acrobat\browser\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 bpfinder;BACKPACK Finder;c:\windows\system32\drivers\bpfinder.sys [2009-4-29 62311]
R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2008-5-29 198184]
R2 DeinoPM;DeinoMPI process manager service;c:\program files\deinompi\bin\DeinoPM.exe [2007-1-17 20480]
R2 DVRMSFileWatcherService;DVRMSFileWatcherService;c:\program files\dvrmstoolbox\DVRMSFileWatcherService.exe [2008-3-19 20480]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-3-25 100368]
R3 AvcUWilo;Adaptec AVC-2210/2310 USB Device;c:\windows\system32\drivers\avcuwilo.sys [2009-4-29 51166]
R3 bpflt;BACKPACK Filter;c:\windows\system32\drivers\bpflt.sys [2009-4-29 4538]
S2 9;9;\??\c:\docume~1\jason\locals~1\temp\9.sys --> c:\docume~1\jason\locals~1\temp\9.sys [?]
S2 AODService;AODService;c:\program files\amd\overdrive\AODAssist.exe [2009-4-22 124256]
S2 PEVSystemStart;PEVSystemStart;"c:\combofix\pev.3xe" exec /i "c:\combofix\hidec.3xe" "c:\combofix\swreg.3xe" acl "hkey_local_machine\system\currentcontrolset\enum\root\legacy_beep" /reset /q --> c:\combofix\pev.3XE [?]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\jason\locals~1\temp\alsysio.sys --> c:\docume~1\jason\locals~1\temp\ALSysIO.sys [?]
S3 AVC2310F;AVC-2310/AVC-2210 USB Loader;c:\windows\system32\drivers\avcuwfl.sys [2009-4-29 18644]
S3 BP_FX_AT;BACKPACK USB;c:\windows\system32\drivers\BP_fx_at.sys [2009-4-29 32640]
S3 bppccard;BACKPACK PC Card;c:\windows\system32\drivers\bppccard.sys [2009-4-29 5493]
S3 bppnpdrv;BACKPACK Driver;c:\windows\system32\drivers\bppnpdrv.sys [2009-4-29 19670]
S3 bpusbdrv;BACKPACK USB 1 Cable;c:\windows\system32\drivers\bpusbdrv.sys [2009-4-29 109676]
S3 bpusbflt;BACKPACK USB Filter;c:\windows\system32\drivers\bpusbflt.sys [2009-4-29 9085]
S3 Ipet_cex;Ipet_cex; [x]
S3 SCMUSB;SCR301 USB Smart Card Reader;c:\windows\system32\drivers\stcusb.sys [2002-2-1 18912]
S3 UsbComm;USB Communication Driver;c:\windows\system32\drivers\UsbCm_pj.sys [2012-7-4 8832]
.
=============== Created Last 30 ================
.
2012-08-01 16:30:10 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e5d94f58-16b2-4e2e-9e73-ddfbc6b829f6}\mpengine.dll
2012-08-01 16:28:48 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-31 10:05:37 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-07-29 20:30:44 -------- d-----w- c:\documents and settings\jason\application data\Roaming
2012-07-29 17:19:52 -------- d-----w- c:\program files\ESET
2012-07-28 17:32:55 -------- d-sha-r- C:\cmdcons
2012-07-28 14:52:24 -------- d-----w- c:\documents and settings\jason\application data\Malwarebytes
2012-07-28 14:51:45 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-07-28 14:51:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-28 14:51:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-28 14:32:43 -------- d-----w- c:\documents and settings\jason\local settings\application data\Google
2012-07-28 12:54:33 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
.
==================== Find3M ====================
.
2012-06-04 22:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 17:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 19:00:49.87 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/25/2009 9:01:44 PM
System Uptime: 8/4/2012 6:56:21 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M3A78 PRO
Processor: AMD Phenom™ II X3 720 Processor | CPU 1 | 2807/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 234 GiB total, 163.012 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP754: 5/7/2012 9:21:33 PM - Software Distribution Service 3.0
RP755: 5/9/2012 4:39:32 PM - Software Distribution Service 3.0
RP756: 5/11/2012 10:14:05 PM - Software Distribution Service 3.0
RP757: 5/11/2012 10:36:04 PM - Software Distribution Service 3.0
RP758: 5/15/2012 8:27:39 PM - Software Distribution Service 3.0
RP759: 6/7/2012 9:34:16 AM - Software Distribution Service 3.0
RP760: 6/8/2012 6:33:54 PM - Software Distribution Service 3.0
RP761: 6/8/2012 6:42:14 PM - Software Distribution Service 3.0
RP762: 6/12/2012 11:55:23 AM - Software Distribution Service 3.0
RP763: 7/4/2012 2:19:56 PM - Unsigned driver install
RP764: 7/28/2012 8:00:25 AM - ComboFix created restore point
RP765: 7/28/2012 9:32:11 AM - Removed PC Probe II
RP766: 7/28/2012 9:34:16 AM - Removed SweetIM for Messenger 3.4
RP767: 7/28/2012 9:34:36 AM - Removed SweetIM Toolbar for Internet Explorer 4.1
RP768: 7/28/2012 9:34:58 AM - Removed World of Warcraft FREE Trial
RP769: 7/28/2012 8:04:39 PM - Microsoft Antimalware Checkpoint
RP770: 7/30/2012 11:06:54 AM - System Checkpoint
RP771: 8/1/2012 10:04:46 AM - System Checkpoint
.
==== Hosts File Hijack ======================
.
Hosts: 66.197.194.231 www.google-analytics.com.
Hosts: 66.197.194.231 ad-emea.doubleclick.net.
Hosts: 66.197.194.231 www.statcounter.com.
Hosts: 69.72.252.254 www.google-analytics.com.
Hosts: 69.72.252.254 ad-emea.doubleclick.net.
Hosts: 69.72.252.254 www.statcounter.com.
.
==== Installed Programs ======================
.
7-Zip 9.20
ActivClient CAC 6.1 AFR
Adobe Acrobat 7.0 Professional
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe GoLive CS2
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe InDesign CS2
Adobe Photoshop CS2
Adobe Premiere Pro 1.5
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe Version Cue CS2
AI Suite
AMD Catalyst Install Manager
AMD OverDrive
AMD Processor Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI AVIVO Codecs
ATI Parental Control & Encoder
Backpack Driver
Bonjour
BootDisk2BootStick 0.10
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cessna Multimedia Version 5.1
Cessna Multimedia Version 5.1a
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
DeinoMPI
DVRMSToolbox
ESET Online Scanner v3
Evrsoft First Page 2006
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 2100 series
hp psc 2100 series
ILA-FPJ Updater for X3
iTunes
Java Auto Updater
Java™ 6 Update 24
JumpStart Advanced Discovery Time
JumpStart Advanced Play & Learn Time
JumpStart Advanced School Time
JumpStart Advanced Sing-Along Time
LG USB Modem driver
Malwarebytes Anti-Malware version 1.62.0.1300
Memorex exPressit Label Design Studio
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Flight Simulator X
Microsoft Flight Simulator X Service Pack 1
Microsoft Flight Simulator X Service Pack 2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Outlook Web Access S/MIME
Microsoft Outlook Web Access S/MIME (2007)
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft WinUsb 1.0
Mozilla Firefox 11.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MyDVD
OGA Notifier 2.0.0048.0
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
ShowAnalyzer
ShowBiz
Shutterfly Express Uploader
Skype Toolbars
Skype™ 5.3
Suite Specific
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinISO 5.3
.
==== Event Viewer Messages From Past Week ========
.
8/1/2012 11:31:08 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1153.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
8/1/2012 11:31:08 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1153.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
8/1/2012 11:31:08 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1153.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
8/1/2012 11:31:08 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1153.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
8/1/2012 11:31:08 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1153.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
8/1/2012 11:30:03 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
8/1/2012 11:29:11 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
8/1/2012 11:24:51 AM, error: Service Control Manager [7023] - The MicroSoft NetBIOS Engine service terminated with the following error: The system cannot find the file specified.
7/30/2012 8:04:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdPPM AsIO bpfinder Fips IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL
7/30/2012 8:04:00 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
7/30/2012 8:04:00 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/30/2012 8:04:00 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/30/2012 8:04:00 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
7/30/2012 8:04:00 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/30/2012 8:04:00 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/29/2012 7:17:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}
7/29/2012 7:17:09 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
7/29/2012 7:13:27 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdPPM AsIO bpfinder Fips MpFilter
7/29/2012 7:12:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/29/2012 5:44:59 PM, error: Service Control Manager [7022] - The WebClient service hung on starting.
7/29/2012 11:28:36 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.943.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
7/29/2012 11:28:36 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.943.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
7/29/2012 11:28:36 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.943.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
7/29/2012 11:28:36 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.943.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
7/29/2012 11:28:36 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.943.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
7/29/2012 11:27:42 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
7/29/2012 11:26:54 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
7/28/2012 9:39:55 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
7/28/2012 9:39:55 AM, error: Service Control Manager [7000] - The Zune Bus Enumerator Driver service failed to start due to the following error: The system cannot find the file specified.
7/28/2012 9:39:55 AM, error: Service Control Manager [7000] - The 9 service failed to start due to the following error: The system cannot find the file specified.
7/28/2012 7:59:34 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.1867.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x8007050a Error description:
7/28/2012 7:59:33 AM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: %%1290
7/28/2012 7:59:33 AM, error: DCOM [10005] - DCOM got error "%1290" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
7/28/2012 7:53:58 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: tdx
7/28/2012 7:53:51 AM, error: Service Control Manager [7003] - The @%SystemRoot%\system32\iphlpsvc.dll,-200 service depends on the following nonexistent service: nsi
7/28/2012 6:56:51 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.901.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
7/28/2012 6:56:51 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.901.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
7/28/2012 6:56:51 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.901.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
7/28/2012 6:56:51 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.901.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
7/28/2012 6:56:51 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.901.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
7/28/2012 6:53:49 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
7/28/2012 6:53:13 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
7/28/2012 6:50:56 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
7/28/2012 6:50:32 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
7/28/2012 6:50:03 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
7/28/2012 12:29:13 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
7/28/2012 11:57:59 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
.
==== End Of File ===========================


And here's GMER

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-01 17:06:02
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD2500YD-01NVB1 rev.10.02E01
Running: gmer.exe; Driver: C:\DOCUME~1\Jason\LOCALS~1\Temp\kfliraod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB4B2D000, 0x2C8C48, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1480] msvcrt.dll!??2@YAPAXI@Z 77C29CC5 5 Bytes JMP 0A90D480 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1480] msvcrt.dll!??3@YAXPAX@Z 77C29CDD 5 Bytes JMP 0A90D2D0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1480] msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 77C29D9F 5 Bytes JMP 0A90D500 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1480] msvcrt.dll!_aligned_offset_malloc 77C29DAF 5 Bytes JMP 0A90D3E0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1480] msvcrt.dll!_aligned_free 77C29E33 5 Bytes JMP 0A90D2D0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1480] msvcrt.dll!_aligned_malloc 77C29E52 5 Bytes JMP 0A90D3C0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1480] msvcrt.dll!_aligned_offset_realloc 77C29E6E 5 Bytes JMP 0A90D420 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1480] msvcrt.dll!_aligned_realloc 77C29FC6 5 Bytes JMP 0A90D400 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1480] msvcrt.dll!_expand 77C29FE5 5 Bytes JMP 0A90D3A0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1480] msvcrt.dll!_heapadd 77C2BC9F 5 Bytes JMP 0A90D550 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1480] msvcrt.dll!_heapchk 77C2BCB3 5 Bytes JMP 0A90D560 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1480] msvcrt.dll!_heapset + 1 77C2BD83 4 Bytes JMP 0A90D581 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1480] msvcrt.dll!_heapmin 77C2BD8C 5 Bytes JMP 0A90D650 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1480] msvcrt.dll!_heapused 77C2BE3A 5 Bytes JMP 0A90D620 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1480] msvcrt.dll!_heapwalk 77C2BE4D 5 Bytes JMP 0A90D590 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1480] msvcrt.dll!_msize 77C2BF6C 5 Bytes JMP 0A90D2E0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1480] msvcrt.dll!calloc 77C2C0C3 5 Bytes JMP 0A90D270 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1480] msvcrt.dll!free 77C2C21B 5 Bytes JMP 0A90D2D0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1480] msvcrt.dll!malloc 77C2C407 5 Bytes JMP 0A90D230 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1480] msvcrt.dll!realloc 77C2C437 5 Bytes JMP 0A90D2B0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1

---- EOF - GMER 1.0.15 ----

And here's the two sets of logs from Kaspersky

Objects Scan: malfunction (events: 2, objects: 0, time: 00:00:00)
7/31/12 12:32 PM Unable to start tasks Databases are corrupted
7/31/12 12:32 PM Task started
Objects Scan: completed 1 minute ago (events: 119, objects: 749175, time: 04:09:32)
7/31/12 6:21 PM Task started
7/31/12 6:21 PM Detected: Rootkit.Boot.SST.b /dev/sda
7/31/12 6:21 PM Untreated: Rootkit.Boot.SST.b /dev/sda Postponed
7/31/12 6:25 PM Detected: Trojan.Win32.Buzus.lvwl C:/Documents and Settings/Administrator.JASON-2BA77E1C4.002/Application Data/qN7tevvD.exe
7/31/12 6:25 PM Untreated: Trojan.Win32.Buzus.lvwl C:/Documents and Settings/Administrator.JASON-2BA77E1C4.002/Application Data/qN7tevvD.exe Postponed
7/31/12 6:26 PM Detected: Trojan.Win32.Buzus.lvwl C:/Documents and Settings/Bethany/Application Data/qN7tevvD.exe
7/31/12 6:26 PM Untreated: Trojan.Win32.Buzus.lvwl C:/Documents and Settings/Bethany/Application Data/qN7tevvD.exe Postponed
7/31/12 6:33 PM Detected: Trojan-Downloader.JS.Expack.oa C:/Documents and Settings/Bethany/Local Settings/Application Data/Mozilla/Firefox/Profiles/xjzbwltw.default/Cache/C/FF/753D6d01/xjzbwltw
7/31/12 6:33 PM Untreated: Trojan-Downloader.JS.Expack.oa C:/Documents and Settings/Bethany/Local Settings/Application Data/Mozilla/Firefox/Profiles/xjzbwltw.default/Cache/C/FF/753D6d01/xjzbwltw Postponed
7/31/12 6:34 PM Detected: Exploit.Java.CVE-2012-0507.ff C:/Documents and Settings/Bethany/Local Settings/Temp/jar_cache5306080994697692814.tmp/li/a.class
7/31/12 6:34 PM Untreated: Exploit.Java.CVE-2012-0507.ff C:/Documents and Settings/Bethany/Local Settings/Temp/jar_cache5306080994697692814.tmp/li/a.class Postponed
7/31/12 6:34 PM Detected: Exploit.Java.CVE-2012-0507.aq C:/Documents and Settings/Bethany/Local Settings/Temp/jar_cache6770170584551660683.tmp/XwnwqPtaq/VwvatkaMscezpg.class
7/31/12 6:34 PM Untreated: Exploit.Java.CVE-2012-0507.aq C:/Documents and Settings/Bethany/Local Settings/Temp/jar_cache6770170584551660683.tmp/XwnwqPtaq/VwvatkaMscezpg.class Postponed
7/31/12 6:39 PM Detected: Trojan.Win32.Buzus.lvwl C:/Documents and Settings/Jason/Application Data/qN7tevvD.exe
7/31/12 6:39 PM Untreated: Trojan.Win32.Buzus.lvwl C:/Documents and Settings/Jason/Application Data/qN7tevvD.exe Postponed
7/31/12 7:03 PM Detected: Trojan.Win32.FakeAV.nsqj C:/Documents and Settings/Jason/Local Settings/Application Data/abbbi.exe
7/31/12 7:03 PM Untreated: Trojan.Win32.FakeAV.nsqj C:/Documents and Settings/Jason/Local Settings/Application Data/abbbi.exe Postponed
7/31/12 7:04 PM Detected: HEUR:Trojan.Win32.Generic C:/Documents and Settings/Jason/Local Settings/Application Data/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/n
7/31/12 7:04 PM Untreated: HEUR:Trojan.Win32.Generic C:/Documents and Settings/Jason/Local Settings/Application Data/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/n Postponed
7/31/12 7:04 PM Detected: Trojan-Downloader.Java.Agent.rj C:/Documents and Settings/Jason/Local Settings/Temp/V.class
7/31/12 7:04 PM Untreated: Trojan-Downloader.Java.Agent.rj C:/Documents and Settings/Jason/Local Settings/Temp/V.class Postponed
7/31/12 7:04 PM Detected: Trojan.Win32.Buzus.lvwl C:/Documents and Settings/Jason/Local Settings/Temp/fvJcrgR.exe
7/31/12 7:04 PM Untreated: Trojan.Win32.Buzus.lvwl C:/Documents and Settings/Jason/Local Settings/Temp/fvJcrgR.exe Postponed
7/31/12 7:42 PM Detected: Hoax.JS.BadJoke.RJump (analysis according to the database of dangerous URLs) C:/Program Files/Evrsoft First Page 2006/Iscripts/Page Details/crazy-window.izs
7/31/12 7:42 PM Untreated: Hoax.JS.BadJoke.RJump (analysis according to the database of dangerous URLs) C:/Program Files/Evrsoft First Page 2006/Iscripts/Page Details/crazy-window.izs Postponed
7/31/12 7:46 PM Detected: HEUR:Trojan.Win32.Generic C:/Qoobox/Quarantine/C/WINDOWS/Installer/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/n.vir
7/31/12 7:46 PM Untreated: HEUR:Trojan.Win32.Generic C:/Qoobox/Quarantine/C/WINDOWS/Installer/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/n.vir Postponed
7/31/12 7:46 PM Detected: HEUR:Trojan.Win32.Generic C:/Qoobox/Quarantine/C/Documents and Settings/Jason/Local Settings/Application Data/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/n.vir
7/31/12 7:46 PM Untreated: HEUR:Trojan.Win32.Generic C:/Qoobox/Quarantine/C/Documents and Settings/Jason/Local Settings/Application Data/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/n.vir Postponed
7/31/12 7:48 PM Detected: Worm.Win32.Cridex.bu C:/System Volume Information/_restore{B9A889E6-EA22-420B-BA25-1623C0EAAB75}/RP758/A0080495.exe
7/31/12 7:48 PM Untreated: Worm.Win32.Cridex.bu C:/System Volume Information/_restore{B9A889E6-EA22-420B-BA25-1623C0EAAB75}/RP758/A0080495.exe Postponed
7/31/12 7:50 PM Detected: Trojan-Dropper.Win32.Dorifel.gom C:/System Volume Information/_restore{B9A889E6-EA22-420B-BA25-1623C0EAAB75}/RP768/A0090950.exe
7/31/12 7:50 PM Untreated: Trojan-Dropper.Win32.Dorifel.gom C:/System Volume Information/_restore{B9A889E6-EA22-420B-BA25-1623C0EAAB75}/RP768/A0090950.exe Postponed
7/31/12 7:50 PM Detected: Trojan-Dropper.Win32.Dorifel.gom C:/System Volume Information/_restore{B9A889E6-EA22-420B-BA25-1623C0EAAB75}/RP768/A0091007.exe
7/31/12 7:50 PM Untreated: Trojan-Dropper.Win32.Dorifel.gom C:/System Volume Information/_restore{B9A889E6-EA22-420B-BA25-1623C0EAAB75}/RP768/A0091007.exe Postponed
7/31/12 7:51 PM Detected: Trojan-Spy.Win32.Delf.aeag C:/WINDOWS/msiserv.exe
7/31/12 7:51 PM Untreated: Trojan-Spy.Win32.Delf.aeag C:/WINDOWS/msiserv.exe Postponed
7/31/12 7:53 PM Detected: Trojan-Spy.Win32.Agent.cctg C:/WINDOWS/system32/6to4ex.dll
7/31/12 7:53 PM Untreated: Trojan-Spy.Win32.Agent.cctg C:/WINDOWS/system32/6to4ex.dll Postponed
7/31/12 8:04 PM Detected: Backdoor.Win32.ZAccess.mbt C:/WINDOWS/Installer/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/U/00000004.@
7/31/12 8:04 PM Detected: HEUR:Trojan.Win32.Generic C:/WINDOWS/Installer/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/n
7/31/12 8:04 PM Detected: Trojan-Dropper.Win32.Miner.i C:/WINDOWS/Installer/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/U/00000008.@
7/31/12 8:04 PM Untreated: Backdoor.Win32.ZAccess.mbt C:/WINDOWS/Installer/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/U/00000004.@ Postponed
7/31/12 8:04 PM Untreated: HEUR:Trojan.Win32.Generic C:/WINDOWS/Installer/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/n Postponed
7/31/12 8:04 PM Untreated: Trojan-Dropper.Win32.Miner.i C:/WINDOWS/Installer/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/U/00000008.@ Postponed
7/31/12 8:04 PM Detected: Backdoor.Win32.ZAccess.mbs C:/WINDOWS/Installer/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/U/000000cb.@
7/31/12 8:04 PM Detected: Trojan.Win32.Small.bmsk C:/WINDOWS/Installer/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/U/80000000.@
7/31/12 8:04 PM Untreated: Backdoor.Win32.ZAccess.mbs C:/WINDOWS/Installer/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/U/000000cb.@ Postponed
7/31/12 8:04 PM Untreated: Trojan.Win32.Small.bmsk C:/WINDOWS/Installer/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/U/80000000.@ Postponed
7/31/12 8:04 PM Detected: Backdoor.Win32.ZAccess.wrq C:/WINDOWS/Installer/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/U/80000032.@
7/31/12 8:04 PM Untreated: Backdoor.Win32.ZAccess.wrq C:/WINDOWS/Installer/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/U/80000032.@ Postponed
7/31/12 8:04 PM Detected: Trojan.Win32.Buzus.lvwl C:/Documents and Settings/Jason/Application Data/qN7tevvD.exe
7/31/12 8:04 PM Untreated: Trojan.Win32.Buzus.lvwl C:/Documents and Settings/Jason/Application Data/qN7tevvD.exe Postponed
7/31/12 8:04 PM Detected: Trojan.Win32.Buzus.lvwl C:/Documents and Settings/Bethany/Application Data/qN7tevvD.exe
7/31/12 8:04 PM Untreated: Trojan.Win32.Buzus.lvwl C:/Documents and Settings/Bethany/Application Data/qN7tevvD.exe Postponed
7/31/12 8:04 PM Detected: Trojan-Spy.Win32.Agent.cctg C:/WINDOWS/system32/6to4ex.dll
7/31/12 8:04 PM Untreated: Trojan-Spy.Win32.Agent.cctg C:/WINDOWS/system32/6to4ex.dll Postponed
7/31/12 8:04 PM Detected: Trojan-Spy.Win32.Delf.aeag C:/WINDOWS/msiserv.exe
7/31/12 8:04 PM Untreated: Trojan-Spy.Win32.Delf.aeag C:/WINDOWS/msiserv.exe Postponed
7/31/12 8:05 PM Detected: Trojan.Win32.Buzus.lvwl C:/Documents and Settings/Administrator.JASON-2BA77E1C4.002/Application Data/qN7tevvD.exe
7/31/12 10:27 PM Deleted: Trojan.Win32.Buzus.lvwl C:/Documents and Settings/Administrator.JASON-2BA77E1C4.002/Application Data/qN7tevvD.exe
7/31/12 10:27 PM Detected: Trojan.Win32.Buzus.lvwl C:/Documents and Settings/Bethany/Application Data/qN7tevvD.exe
7/31/12 10:27 PM Disinfected: Trojan.Win32.Buzus.lvwl HKEY_USERS\S-1-5-21-1060284298-1614895754-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\Winlogon/Shell
7/31/12 10:27 PM Disinfected: Trojan.Win32.Buzus.lvwl HKEY_USERS\S-1-5-21-1060284298-1614895754-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run/ZeVr9S61cvDIn71
7/31/12 10:27 PM Deleted: Trojan.Win32.Buzus.lvwl C:/Documents and Settings/Bethany/Application Data/qN7tevvD.exe
7/31/12 10:27 PM Detected: Trojan-Downloader.JS.Expack.oa C:/Documents and Settings/Bethany/Local Settings/Application Data/Mozilla/Firefox/Profiles/xjzbwltw.default/Cache/C/FF/753D6d01/xjzbwltw
7/31/12 10:28 PM Deleted: Trojan-Downloader.JS.Expack.oa C:/Documents and Settings/Bethany/Local Settings/Application Data/Mozilla/Firefox/Profiles/xjzbwltw.default/Cache/C/FF/753D6d01
7/31/12 10:28 PM Detected: Exploit.Java.CVE-2012-0507.ff C:/Documents and Settings/Bethany/Local Settings/Temp/jar_cache5306080994697692814.tmp/li/a.class
7/31/12 10:28 PM Deleted: Exploit.Java.CVE-2012-0507.ff C:/Documents and Settings/Bethany/Local Settings/Temp/jar_cache5306080994697692814.tmp
7/31/12 10:28 PM Detected: Exploit.Java.CVE-2012-0507.aq C:/Documents and Settings/Bethany/Local Settings/Temp/jar_cache6770170584551660683.tmp/XwnwqPtaq/VwvatkaMscezpg.class
7/31/12 10:28 PM Deleted: Exploit.Java.CVE-2012-0507.aq C:/Documents and Settings/Bethany/Local Settings/Temp/jar_cache6770170584551660683.tmp
7/31/12 10:28 PM Detected: Trojan.Win32.Buzus.lvwl C:/Documents and Settings/Jason/Application Data/qN7tevvD.exe
7/31/12 10:28 PM Disinfected: Trojan.Win32.Buzus.lvwl HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon/Shell
7/31/12 10:28 PM Disinfected: Trojan.Win32.Buzus.lvwl HKEY_USERS\S-1-5-21-1060284298-1614895754-839522115-1003\Software\Microsoft\Windows NT\CurrentVersion\Winlogon/Shell
7/31/12 10:28 PM Disinfected: Trojan.Win32.Buzus.lvwl HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run/ZeVr9S61cvDIn71
7/31/12 10:28 PM Disinfected: Trojan.Win32.Buzus.lvwl HKEY_USERS\S-1-5-21-1060284298-1614895754-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run/ZeVr9S61cvDIn71
7/31/12 10:28 PM Deleted: Trojan.Win32.Buzus.lvwl C:/Documents and Settings/Jason/Application Data/qN7tevvD.exe
7/31/12 10:28 PM Detected: Trojan.Win32.FakeAV.nsqj C:/Documents and Settings/Jason/Local Settings/Application Data/abbbi.exe
7/31/12 10:28 PM Deleted: Trojan.Win32.FakeAV.nsqj C:/Documents and Settings/Jason/Local Settings/Application Data/abbbi.exe
7/31/12 10:28 PM Detected: HEUR:Trojan.Win32.Generic C:/Documents and Settings/Jason/Local Settings/Application Data/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/n
7/31/12 10:28 PM Deleted: HEUR:Trojan.Win32.Generic C:/Documents and Settings/Jason/Local Settings/Application Data/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/n
7/31/12 10:28 PM Detected: Trojan-Downloader.Java.Agent.rj C:/Documents and Settings/Jason/Local Settings/Temp/V.class
7/31/12 10:28 PM Deleted: Trojan-Downloader.Java.Agent.rj C:/Documents and Settings/Jason/Local Settings/Temp/V.class
7/31/12 10:28 PM Detected: Trojan.Win32.Buzus.lvwl C:/Documents and Settings/Jason/Local Settings/Temp/fvJcrgR.exe
7/31/12 10:28 PM Deleted: Trojan.Win32.Buzus.lvwl C:/Documents and Settings/Jason/Local Settings/Temp/fvJcrgR.exe
7/31/12 10:28 PM Detected: Hoax.JS.BadJoke.RJump (analysis according to the database of dangerous URLs) C:/Program Files/Evrsoft First Page 2006/Iscripts/Page Details/crazy-window.izs
7/31/12 10:28 PM Deleted: Hoax.JS.BadJoke.RJump (analysis according to the database of dangerous URLs) C:/Program Files/Evrsoft First Page 2006/Iscripts/Page Details/crazy-window.izs
7/31/12 10:28 PM Detected: HEUR:Trojan.Win32.Generic C:/Qoobox/Quarantine/C/Documents and Settings/Jason/Local Settings/Application Data/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/n.vir
7/31/12 10:29 PM Detected: HEUR:Trojan.Win32.Generic C:/Qoobox/Quarantine/C/WINDOWS/Installer/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/n.vir
7/31/12 10:29 PM Detected: Worm.Win32.Cridex.bu C:/System Volume Information/_restore{B9A889E6-EA22-420B-BA25-1623C0EAAB75}/RP758/A0080495.exe
7/31/12 10:29 PM Deleted: Worm.Win32.Cridex.bu C:/System Volume Information/_restore{B9A889E6-EA22-420B-BA25-1623C0EAAB75}/RP758/A0080495.exe
7/31/12 10:29 PM Detected: Trojan-Dropper.Win32.Dorifel.gom C:/System Volume Information/_restore{B9A889E6-EA22-420B-BA25-1623C0EAAB75}/RP768/A0090950.exe
7/31/12 10:29 PM Deleted: Trojan-Dropper.Win32.Dorifel.gom C:/System Volume Information/_restore{B9A889E6-EA22-420B-BA25-1623C0EAAB75}/RP768/A0090950.exe
7/31/12 10:29 PM Detected: Trojan-Dropper.Win32.Dorifel.gom C:/System Volume Information/_restore{B9A889E6-EA22-420B-BA25-1623C0EAAB75}/RP768/A0091007.exe
7/31/12 10:29 PM Deleted: Trojan-Dropper.Win32.Dorifel.gom C:/System Volume Information/_restore{B9A889E6-EA22-420B-BA25-1623C0EAAB75}/RP768/A0091007.exe
7/31/12 10:29 PM Detected: Backdoor.Win32.ZAccess.mbt C:/WINDOWS/Installer/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/U/00000004.@
7/31/12 10:29 PM Deleted: Backdoor.Win32.ZAccess.mbt C:/WINDOWS/Installer/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/U/00000004.@
7/31/12 10:29 PM Detected: Trojan-Dropper.Win32.Miner.i C:/WINDOWS/Installer/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/U/00000008.@
7/31/12 10:29 PM Deleted: Trojan-Dropper.Win32.Miner.i C:/WINDOWS/Installer/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/U/00000008.@
7/31/12 10:29 PM Detected: Backdoor.Win32.ZAccess.mbs C:/WINDOWS/Installer/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/U/000000cb.@
7/31/12 10:29 PM Deleted: Backdoor.Win32.ZAccess.mbs C:/WINDOWS/Installer/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/U/000000cb.@
7/31/12 10:29 PM Detected: Trojan.Win32.Small.bmsk C:/WINDOWS/Installer/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/U/80000000.@
7/31/12 10:29 PM Deleted: Trojan.Win32.Small.bmsk C:/WINDOWS/Installer/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/U/80000000.@
7/31/12 10:29 PM Detected: Backdoor.Win32.ZAccess.wrq C:/WINDOWS/Installer/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/U/80000032.@
7/31/12 10:29 PM Deleted: Backdoor.Win32.ZAccess.wrq C:/WINDOWS/Installer/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/U/80000032.@
7/31/12 10:29 PM Detected: HEUR:Trojan.Win32.Generic C:/WINDOWS/Installer/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/n
7/31/12 10:29 PM Deleted: HEUR:Trojan.Win32.Generic C:/WINDOWS/Installer/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/n
7/31/12 10:29 PM Detected: Trojan-Spy.Win32.Delf.aeag C:/WINDOWS/msiserv.exe
7/31/12 10:30 PM Deleted: Trojan-Spy.Win32.Delf.aeag HKLM\System\ControlSet002\Services\W32Sch/W32Sch
7/31/12 10:30 PM Deleted: Trojan-Spy.Win32.Delf.aeag HKLM\System\ControlSet003\Services\W32Sch/W32Sch
7/31/12 10:30 PM Deleted: Trojan-Spy.Win32.Delf.aeag C:/WINDOWS/msiserv.exe
7/31/12 10:30 PM Detected: Trojan-Spy.Win32.Agent.cctg C:/WINDOWS/system32/6to4ex.dll
7/31/12 10:30 PM Disinfected: Trojan-Spy.Win32.Agent.cctg HKLM\System\ControlSet002\Services\6to4\Parameters/ServiceDll
7/31/12 10:30 PM Disinfected: Trojan-Spy.Win32.Agent.cctg HKLM\System\ControlSet003\Services\6to4\Parameters/ServiceDll
7/31/12 10:30 PM Deleted: Trojan-Spy.Win32.Agent.cctg C:/WINDOWS/system32/6to4ex.dll
7/31/12 10:30 PM Detected: Rootkit.Boot.SST.b /dev/sda
7/31/12 10:30 PM Disinfected: Rootkit.Boot.SST.b /dev/sda
7/31/12 10:30 PM Disinfected: Rootkit.Boot.SST.b /dev/sda
7/31/12 10:30 PM Task completed

Second Kaspersky Log

Status: Disinfected (events: 1)
7/31/12 10:30 PM Disinfected Trojan program Rootkit.Boot.SST.b /dev/sda High
Status: Deleted (events: 25)
7/31/12 10:27 PM Deleted Trojan program Trojan.Win32.Buzus.lvwl C:/Documents and Settings/Administrator.JASON-2BA77E1C4.002/Application Data/qN7tevvD.exe High
7/31/12 10:27 PM Deleted Trojan program Trojan.Win32.Buzus.lvwl C:/Documents and Settings/Bethany/Application Data/qN7tevvD.exe High
7/31/12 10:28 PM Deleted Trojan program Trojan-Downloader.JS.Expack.oa C:/Documents and Settings/Bethany/Local Settings/Application Data/Mozilla/Firefox/Profiles/xjzbwltw.default/Cache/C/FF/753D6d01 High
7/31/12 10:28 PM Deleted Trojan program Trojan-Downloader.JS.Expack.oa C:/Documents and Settings/Bethany/Local Settings/Application Data/Mozilla/Firefox/Profiles/xjzbwltw.default/Cache/C/FF/753D6d01//xjzbwltw High
7/31/12 10:28 PM Deleted Trojan program Exploit.Java.CVE-2012-0507.ff C:/Documents and Settings/Bethany/Local Settings/Temp/jar_cache5306080994697692814.tmp High
7/31/12 10:28 PM Deleted Trojan program Exploit.Java.CVE-2012-0507.ff C:/Documents and Settings/Bethany/Local Settings/Temp/jar_cache5306080994697692814.tmp//li/a.class High
7/31/12 10:28 PM Deleted Trojan program Exploit.Java.CVE-2012-0507.aq C:/Documents and Settings/Bethany/Local Settings/Temp/jar_cache6770170584551660683.tmp High
7/31/12 10:28 PM Deleted Trojan program Exploit.Java.CVE-2012-0507.aq C:/Documents and Settings/Bethany/Local Settings/Temp/jar_cache6770170584551660683.tmp//XwnwqPtaq/VwvatkaMscezpg.class High
7/31/12 10:28 PM Deleted Trojan program Trojan.Win32.Buzus.lvwl C:/Documents and Settings/Jason/Application Data/qN7tevvD.exe High
7/31/12 10:28 PM Deleted Trojan program Trojan.Win32.FakeAV.nsqj C:/Documents and Settings/Jason/Local Settings/Application Data/abbbi.exe High
7/31/12 10:28 PM Deleted virus HEUR:Trojan.Win32.Generic C:/Documents and Settings/Jason/Local Settings/Application Data/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/n High
7/31/12 10:28 PM Deleted Trojan program Trojan-Downloader.Java.Agent.rj C:/Documents and Settings/Jason/Local Settings/Temp/V.class High
7/31/12 10:28 PM Deleted Trojan program Trojan.Win32.Buzus.lvwl C:/Documents and Settings/Jason/Local Settings/Temp/fvJcrgR.exe High
7/31/12 10:28 PM Deleted malicious application Hoax.JS.BadJoke.RJump C:/Program Files/Evrsoft First Page 2006/Iscripts/Page Details/crazy-window.izs Medium
7/31/12 10:29 PM Deleted virus Worm.Win32.Cridex.bu C:/System Volume Information/_restore{B9A889E6-EA22-420B-BA25-1623C0EAAB75}/RP758/A0080495.exe High
7/31/12 10:29 PM Deleted Trojan program Trojan-Dropper.Win32.Dorifel.gom C:/System Volume Information/_restore{B9A889E6-EA22-420B-BA25-1623C0EAAB75}/RP768/A0090950.exe High
7/31/12 10:29 PM Deleted Trojan program Trojan-Dropper.Win32.Dorifel.gom C:/System Volume Information/_restore{B9A889E6-EA22-420B-BA25-1623C0EAAB75}/RP768/A0091007.exe High
7/31/12 10:30 PM Deleted Trojan program Trojan-Spy.Win32.Delf.aeag C:/WINDOWS/msiserv.exe High
7/31/12 10:30 PM Deleted Trojan program Trojan-Spy.Win32.Agent.cctg C:/WINDOWS/system32/6to4ex.dll High
7/31/12 10:29 PM Deleted Trojan program Backdoor.Win32.ZAccess.mbt C:/WINDOWS/Installer/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/U/00000004.@ High
7/31/12 10:29 PM Deleted virus HEUR:Trojan.Win32.Generic C:/WINDOWS/Installer/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/n High
7/31/12 10:29 PM Deleted Trojan program Trojan-Dropper.Win32.Miner.i C:/WINDOWS/Installer/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/U/00000008.@ High
7/31/12 10:29 PM Deleted Trojan program Backdoor.Win32.ZAccess.mbs C:/WINDOWS/Installer/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/U/000000cb.@ High
7/31/12 10:29 PM Deleted Trojan program Trojan.Win32.Small.bmsk C:/WINDOWS/Installer/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/U/80000000.@ High
7/31/12 10:29 PM Deleted Trojan program Backdoor.Win32.ZAccess.wrq C:/WINDOWS/Installer/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/U/80000032.@ High
Status: Quarantined (events: 2)
7/31/12 10:29 PM Quarantined virus HEUR:Trojan.Win32.Generic C:/Qoobox/Quarantine/C/WINDOWS/Installer/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/n.vir High
7/31/12 10:29 PM Quarantined virus HEUR:Trojan.Win32.Generic C:/Qoobox/Quarantine/C/Documents and Settings/Jason/Local Settings/Application Data/{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}/n.vir High

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,943 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:33 AM

Posted 05 August 2012 - 08:07 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

We have to deal with a ZeroAccess infection.

Your Hosts file was compromised.
How do I reset the hosts file back to the default?
http://support.microsoft.com/kb/972034

Use the Fix it button on the page.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.
Wait for further instructions.

#5 ImmortalJman

ImmortalJman
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 06 August 2012 - 12:53 PM

After running the host file repair, it went off successfully but I don't know if that was supposed to fix the desktop files and icons disappearing issue. Nothing happened on that front, everything is still gone or disappearing if I move a file to there. But here are the other logs.

TDSSKiller

08:54:46.0609 0532 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
08:54:46.0906 0532 ============================================================
08:54:46.0906 0532 Current date / time: 2012/08/06 08:54:46.0906
08:54:46.0906 0532 SystemInfo:
08:54:46.0906 0532
08:54:46.0906 0532 OS Version: 5.1.2600 ServicePack: 3.0
08:54:46.0906 0532 Product type: Workstation
08:54:46.0906 0532 ComputerName: JASON-2BA77E1C4
08:54:46.0906 0532 UserName: Jason
08:54:46.0906 0532 Windows directory: C:\WINDOWS
08:54:46.0906 0532 System windows directory: C:\WINDOWS
08:54:46.0906 0532 Processor architecture: Intel x86
08:54:46.0906 0532 Number of processors: 3
08:54:46.0906 0532 Page size: 0x1000
08:54:46.0906 0532 Boot type: Normal boot
08:54:46.0906 0532 ============================================================
08:54:48.0609 0532 Drive \Device\Harddisk0\DR0 - Size: 0x3A70C70000 (233.76 Gb), SectorSize: 0x200, Cylinders: 0x7733, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:54:48.0656 0532 ============================================================
08:54:48.0656 0532 \Device\Harddisk0\DR0:
08:54:48.0656 0532 MBR partitions:
08:54:48.0656 0532 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D37F873
08:54:48.0656 0532 ============================================================
08:54:48.0718 0532 C: <-> \Device\Harddisk0\DR0\Partition0
08:54:48.0750 0532 ============================================================
08:54:48.0750 0532 Initialize success
08:54:48.0750 0532 ============================================================
08:54:59.0828 1032 ============================================================
08:54:59.0828 1032 Scan started
08:54:59.0828 1032 Mode: Manual;
08:54:59.0828 1032 ============================================================
08:55:00.0078 1032 9 - ok
08:55:00.0140 1032 Abiosdsk - ok
08:55:00.0140 1032 abp480n5 - ok
08:55:00.0187 1032 accoca (a613b45e3bffb73c1de5f021870be352) C:\Program Files\ActivIdentity\ActivClient\accoca.exe
08:55:00.0187 1032 accoca - ok
08:55:00.0218 1032 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:55:00.0218 1032 ACPI - ok
08:55:00.0250 1032 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:55:00.0250 1032 ACPIEC - ok
08:55:00.0296 1032 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
08:55:00.0296 1032 Adobe LM Service - ok
08:55:00.0343 1032 Adobe Version Cue CS2 (41d15ead554396bf35b7c5246ad47a28) C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
08:55:00.0343 1032 Adobe Version Cue CS2 - ok
08:55:00.0359 1032 adpu160m - ok
08:55:00.0375 1032 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:55:00.0375 1032 aec - ok
08:55:00.0390 1032 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:55:00.0406 1032 AFD - ok
08:55:00.0406 1032 Aha154x - ok
08:55:00.0406 1032 aic78u2 - ok
08:55:00.0421 1032 aic78xx - ok
08:55:00.0437 1032 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
08:55:00.0437 1032 Alerter - ok
08:55:00.0453 1032 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
08:55:00.0453 1032 ALG - ok
08:55:00.0453 1032 AliIde - ok
08:55:00.0453 1032 ALSysIO - ok
08:55:00.0468 1032 amdide (6e58654cb25730b2579e45e1fd116a47) C:\WINDOWS\system32\DRIVERS\amdide.sys
08:55:00.0484 1032 amdide - ok
08:55:00.0531 1032 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
08:55:00.0531 1032 AmdPPM - ok
08:55:00.0531 1032 amsint - ok
08:55:00.0578 1032 AODService (45747a388f70b05e3ee777b238997ed4) C:\Program Files\AMD\OverDrive\AODAssist.exe
08:55:00.0578 1032 AODService - ok
08:55:00.0609 1032 Apple Mobile Device (4b5ae15e5c73eb4dc8dbec2788230d41) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
08:55:00.0609 1032 Apple Mobile Device - ok
08:55:00.0640 1032 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
08:55:00.0640 1032 AppMgmt - ok
08:55:00.0640 1032 asc - ok
08:55:00.0640 1032 asc3350p - ok
08:55:00.0656 1032 asc3550 - ok
08:55:00.0671 1032 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys
08:55:00.0687 1032 AsIO - ok
08:55:00.0750 1032 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:55:00.0765 1032 aspnet_state - ok
08:55:00.0781 1032 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:55:00.0781 1032 AsyncMac - ok
08:55:00.0796 1032 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:55:00.0796 1032 atapi - ok
08:55:00.0796 1032 Atdisk - ok
08:55:00.0843 1032 Ati HotKey Poller (c434b72352fadd9249d5541274021570) C:\WINDOWS\system32\Ati2evxx.exe
08:55:00.0890 1032 Ati HotKey Poller - ok
08:55:00.0921 1032 ATI Smart (5f90b5a3381f5795e852960fccebff6a) C:\WINDOWS\system32\ati2sgag.exe
08:55:00.0921 1032 ATI Smart - ok
08:55:01.0218 1032 ati2mtag (b4368b39a18630c3ec8d7f496f76f19b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
08:55:01.0250 1032 ati2mtag - ok
08:55:01.0328 1032 AtiHDAudioService (bd9ca8136738040d3257363ed12be693) C:\WINDOWS\system32\drivers\AtihdXP3.sys
08:55:01.0328 1032 AtiHDAudioService - ok
08:55:01.0343 1032 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:55:01.0343 1032 Atmarpc - ok
08:55:01.0359 1032 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
08:55:01.0359 1032 AudioSrv - ok
08:55:01.0390 1032 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:55:01.0390 1032 audstub - ok
08:55:01.0421 1032 AVC2310F (308bb3c3f2dcc62bb82001ba8c0c9a24) C:\WINDOWS\system32\Drivers\avcuwfl.sys
08:55:01.0421 1032 AVC2310F - ok
08:55:01.0468 1032 AvcUWilo (de65139d07498e530644d1931d8e3951) C:\WINDOWS\system32\DRIVERS\avcuwilo.sys
08:55:01.0484 1032 AvcUWilo - ok
08:55:01.0531 1032 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:55:01.0531 1032 Beep - ok
08:55:01.0578 1032 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe
08:55:01.0578 1032 Bonjour Service - ok
08:55:01.0609 1032 bpfinder (fe588be5c788852d3fbb75443bd32137) C:\WINDOWS\system32\DRIVERS\bpfinder.sys
08:55:01.0625 1032 bpfinder - ok
08:55:01.0625 1032 bpflt (bc0e0b14c370b973ce392f51171fb3b4) C:\WINDOWS\system32\DRIVERS\bpflt.sys
08:55:01.0625 1032 bpflt - ok
08:55:01.0640 1032 bppccard (ba46209e8c1afcd8b26a00700f0a58e0) C:\WINDOWS\system32\DRIVERS\bppccard.sys
08:55:01.0640 1032 bppccard - ok
08:55:01.0656 1032 bppnpdrv (2ea37cc56c8748b1273baefb1d2ff741) C:\WINDOWS\system32\DRIVERS\bppnpdrv.sys
08:55:01.0671 1032 bppnpdrv - ok
08:55:01.0687 1032 bpusbdrv (c388f69656eabf17d0ca5c24302ceaa6) C:\WINDOWS\system32\DRIVERS\bpusbdrv.sys
08:55:01.0703 1032 bpusbdrv - ok
08:55:01.0734 1032 bpusbflt (f60b3dc8fc4aa630416fbe83b600ca9b) C:\WINDOWS\system32\DRIVERS\bpusbflt.sys
08:55:01.0734 1032 bpusbflt - ok
08:55:01.0796 1032 BP_FX_AT (7914847a7c0314f7179982f88b5cec9e) C:\WINDOWS\system32\DRIVERS\bp_fx_at.sys
08:55:01.0812 1032 BP_FX_AT - ok
08:55:01.0828 1032 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
08:55:01.0828 1032 Browser - ok
08:55:01.0906 1032 catchme - ok
08:55:01.0921 1032 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:55:01.0921 1032 cbidf2k - ok
08:55:01.0937 1032 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:55:01.0937 1032 CCDECODE - ok
08:55:01.0937 1032 cd20xrnt - ok
08:55:01.0953 1032 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:55:01.0953 1032 Cdaudio - ok
08:55:01.0968 1032 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:55:01.0968 1032 Cdfs - ok
08:55:01.0984 1032 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:55:01.0984 1032 Cdrom - ok
08:55:01.0984 1032 Changer - ok
08:55:02.0000 1032 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
08:55:02.0000 1032 CiSvc - ok
08:55:02.0000 1032 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
08:55:02.0000 1032 ClipSrv - ok
08:55:02.0046 1032 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:55:02.0062 1032 clr_optimization_v2.0.50727_32 - ok
08:55:02.0078 1032 CmdIde - ok
08:55:02.0078 1032 COMSysApp - ok
08:55:02.0078 1032 Cpqarray - ok
08:55:02.0093 1032 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
08:55:02.0093 1032 CryptSvc - ok
08:55:02.0093 1032 dac2w2k - ok
08:55:02.0109 1032 dac960nt - ok
08:55:02.0125 1032 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
08:55:02.0171 1032 DcomLaunch - ok
08:55:02.0187 1032 DeinoPM (89aabe2be4ca15cef806ffd0b8367794) C:\Program Files\DeinoMPI\bin\DeinoPM.exe
08:55:02.0203 1032 DeinoPM - ok
08:55:02.0218 1032 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
08:55:02.0218 1032 Dhcp - ok
08:55:02.0218 1032 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:55:02.0218 1032 Disk - ok
08:55:02.0234 1032 dmadmin - ok
08:55:02.0281 1032 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:55:02.0312 1032 dmboot - ok
08:55:02.0328 1032 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:55:02.0328 1032 dmio - ok
08:55:02.0343 1032 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:55:02.0343 1032 dmload - ok
08:55:02.0359 1032 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
08:55:02.0359 1032 dmserver - ok
08:55:02.0375 1032 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:55:02.0375 1032 DMusic - ok
08:55:02.0406 1032 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
08:55:02.0406 1032 Dnscache - ok
08:55:02.0421 1032 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
08:55:02.0421 1032 Dot3svc - ok
08:55:02.0421 1032 dpti2o - ok
08:55:02.0437 1032 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:55:02.0437 1032 drmkaud - ok
08:55:02.0453 1032 DVRMSFileWatcherService (6ace8800317b1e5004af06ae5a6c78dc) c:\program files\dvrmstoolbox\dvrmsfilewatcherservice.exe
08:55:02.0453 1032 DVRMSFileWatcherService - ok
08:55:02.0468 1032 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
08:55:02.0468 1032 EapHost - ok
08:55:02.0484 1032 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
08:55:02.0484 1032 ERSvc - ok
08:55:02.0500 1032 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:55:02.0500 1032 Eventlog - ok
08:55:02.0531 1032 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
08:55:02.0531 1032 EventSystem - ok
08:55:02.0562 1032 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:55:02.0562 1032 Fastfat - ok
08:55:02.0578 1032 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:55:02.0593 1032 FastUserSwitchingCompatibility - ok
08:55:02.0609 1032 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
08:55:02.0609 1032 Fdc - ok
08:55:02.0625 1032 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:55:02.0625 1032 Fips - ok
08:55:02.0625 1032 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:55:02.0625 1032 Flpydisk - ok
08:55:02.0640 1032 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
08:55:02.0640 1032 FltMgr - ok
08:55:02.0687 1032 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:55:02.0687 1032 FontCache3.0.0.0 - ok
08:55:02.0703 1032 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:55:02.0703 1032 Fs_Rec - ok
08:55:02.0734 1032 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:55:02.0734 1032 Ftdisk - ok
08:55:02.0750 1032 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
08:55:02.0750 1032 GEARAspiWDM - ok
08:55:02.0765 1032 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:55:02.0765 1032 Gpc - ok
08:55:02.0781 1032 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:55:02.0781 1032 HDAudBus - ok
08:55:02.0812 1032 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:55:02.0828 1032 helpsvc - ok
08:55:02.0828 1032 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
08:55:02.0828 1032 HidServ - ok
08:55:02.0843 1032 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:55:02.0843 1032 HidUsb - ok
08:55:02.0859 1032 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
08:55:02.0859 1032 hkmsvc - ok
08:55:02.0859 1032 hpn - ok
08:55:02.0890 1032 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
08:55:02.0890 1032 HPZid412 - ok
08:55:02.0921 1032 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
08:55:02.0921 1032 HPZipr12 - ok
08:55:02.0937 1032 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
08:55:02.0937 1032 HPZius12 - ok
08:55:02.0984 1032 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:55:03.0000 1032 HTTP - ok
08:55:03.0015 1032 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
08:55:03.0015 1032 HTTPFilter - ok
08:55:03.0015 1032 i2omgmt - ok
08:55:03.0015 1032 i2omp - ok
08:55:03.0031 1032 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:55:03.0031 1032 i8042prt - ok
08:55:03.0093 1032 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
08:55:03.0093 1032 IDriverT - ok
08:55:03.0203 1032 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:55:03.0234 1032 idsvc - ok
08:55:03.0234 1032 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:55:03.0234 1032 Imapi - ok
08:55:03.0265 1032 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
08:55:03.0265 1032 ImapiService - ok
08:55:03.0281 1032 ini910u - ok
08:55:03.0515 1032 IntcAzAudAddService (19afbb8427ce65042599555e578170df) C:\WINDOWS\system32\drivers\RtkHDAud.sys
08:55:03.0531 1032 IntcAzAudAddService - ok
08:55:03.0593 1032 IntelIde - ok
08:55:03.0609 1032 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
08:55:03.0609 1032 Ip6Fw - ok
08:55:03.0640 1032 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:55:03.0640 1032 IpFilterDriver - ok
08:55:03.0671 1032 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:55:03.0671 1032 IpInIp - ok
08:55:03.0703 1032 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:55:03.0703 1032 IpNat - ok
08:55:03.0750 1032 iPod Service (7a3611564fce7c8be50b03f58cb3eb7d) C:\Program Files\iPod\bin\iPodService.exe
08:55:03.0765 1032 iPod Service - ok
08:55:03.0781 1032 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:55:03.0781 1032 IPSec - ok
08:55:03.0796 1032 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:55:03.0796 1032 IRENUM - ok
08:55:03.0796 1032 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:55:03.0796 1032 isapnp - ok
08:55:03.0843 1032 JavaQuickStarterService (5e06a9d23727daf96faa796f1135fdcd) C:\Program Files\Java\jre6\bin\jqs.exe
08:55:03.0843 1032 JavaQuickStarterService - ok
08:55:03.0859 1032 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:55:03.0859 1032 Kbdclass - ok
08:55:03.0859 1032 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:55:03.0875 1032 kbdhid - ok
08:55:03.0890 1032 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:55:03.0890 1032 kmixer - ok
08:55:03.0906 1032 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:55:03.0906 1032 KSecDD - ok
08:55:03.0937 1032 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
08:55:03.0937 1032 lanmanserver - ok
08:55:03.0953 1032 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
08:55:03.0968 1032 lanmanworkstation - ok
08:55:03.0968 1032 lbrtfdc - ok
08:55:04.0000 1032 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
08:55:04.0000 1032 LmHosts - ok
08:55:04.0031 1032 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
08:55:04.0031 1032 MDM - ok
08:55:04.0046 1032 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
08:55:04.0062 1032 Messenger - ok
08:55:04.0062 1032 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:55:04.0062 1032 mnmdd - ok
08:55:04.0093 1032 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
08:55:04.0093 1032 mnmsrvc - ok
08:55:04.0109 1032 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:55:04.0109 1032 Modem - ok
08:55:04.0125 1032 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:55:04.0125 1032 Mouclass - ok
08:55:04.0156 1032 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:55:04.0156 1032 mouhid - ok
08:55:04.0156 1032 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:55:04.0156 1032 MountMgr - ok
08:55:04.0171 1032 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
08:55:04.0171 1032 MpFilter - ok
08:55:04.0171 1032 mraid35x - ok
08:55:04.0203 1032 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:55:04.0203 1032 MRxDAV - ok
08:55:04.0250 1032 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:55:04.0250 1032 MRxSmb - ok
08:55:04.0281 1032 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
08:55:04.0281 1032 MSDTC - ok
08:55:04.0296 1032 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:55:04.0296 1032 Msfs - ok
08:55:04.0296 1032 MSIServer - ok
08:55:04.0328 1032 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:55:04.0328 1032 MSKSSRV - ok
08:55:04.0375 1032 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
08:55:04.0375 1032 MsMpSvc - ok
08:55:04.0375 1032 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:55:04.0375 1032 MSPCLOCK - ok
08:55:04.0390 1032 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:55:04.0390 1032 MSPQM - ok
08:55:04.0406 1032 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:55:04.0406 1032 mssmbios - ok
08:55:04.0437 1032 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
08:55:04.0437 1032 MSTEE - ok
08:55:04.0468 1032 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
08:55:04.0468 1032 MTsensor - ok
08:55:04.0484 1032 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:55:04.0484 1032 Mup - ok
08:55:04.0500 1032 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
08:55:04.0500 1032 NABTSFEC - ok
08:55:04.0546 1032 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
08:55:04.0593 1032 napagent - ok
08:55:04.0609 1032 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:55:04.0609 1032 NDIS - ok
08:55:04.0640 1032 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
08:55:04.0640 1032 NdisIP - ok
08:55:04.0656 1032 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:55:04.0656 1032 NdisTapi - ok
08:55:04.0671 1032 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:55:04.0671 1032 Ndisuio - ok
08:55:04.0671 1032 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:55:04.0671 1032 NdisWan - ok
08:55:04.0687 1032 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:55:04.0687 1032 NDProxy - ok
08:55:04.0703 1032 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:55:04.0703 1032 NetBIOS - ok
08:55:04.0718 1032 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:55:04.0718 1032 NetBT - ok
08:55:04.0734 1032 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:55:04.0750 1032 NetDDE - ok
08:55:04.0750 1032 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:55:04.0750 1032 NetDDEdsdm - ok
08:55:04.0781 1032 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:55:04.0781 1032 Netlogon - ok
08:55:04.0812 1032 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
08:55:04.0812 1032 Netman - ok
08:55:04.0921 1032 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:55:04.0921 1032 NetTcpPortSharing - ok
08:55:04.0953 1032 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
08:55:04.0953 1032 Nla - ok
08:55:04.0968 1032 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:55:04.0968 1032 Npfs - ok
08:55:05.0000 1032 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:55:05.0015 1032 Ntfs - ok
08:55:05.0015 1032 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:55:05.0015 1032 NtLmSsp - ok
08:55:05.0062 1032 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
08:55:05.0078 1032 NtmsSvc - ok
08:55:05.0093 1032 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:55:05.0093 1032 Null - ok
08:55:05.0109 1032 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:55:05.0109 1032 NwlnkFlt - ok
08:55:05.0125 1032 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:55:05.0125 1032 NwlnkFwd - ok
08:55:05.0171 1032 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:55:05.0171 1032 ose - ok
08:55:05.0218 1032 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
08:55:05.0218 1032 Parport - ok
08:55:05.0234 1032 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:55:05.0234 1032 PartMgr - ok
08:55:05.0250 1032 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:55:05.0250 1032 ParVdm - ok
08:55:05.0265 1032 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:55:05.0265 1032 PCI - ok
08:55:05.0265 1032 PCIDump - ok
08:55:05.0265 1032 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:55:05.0281 1032 PCIIde - ok
08:55:05.0296 1032 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:55:05.0296 1032 Pcmcia - ok
08:55:05.0312 1032 PDCOMP - ok
08:55:05.0312 1032 PDFRAME - ok
08:55:05.0312 1032 PDRELI - ok
08:55:05.0328 1032 PDRFRAME - ok
08:55:05.0328 1032 perc2 - ok
08:55:05.0328 1032 perc2hib - ok
08:55:05.0343 1032 PEVSystemStart - ok
08:55:05.0359 1032 pfc (da86016f0672ada925f589ede715f185) C:\WINDOWS\system32\drivers\pfc.sys
08:55:05.0359 1032 pfc - ok
08:55:05.0390 1032 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:55:05.0390 1032 PlugPlay - ok
08:55:05.0406 1032 Pml Driver HPZ12 (fb03f341ff5380394bf2ee52f1979925) C:\WINDOWS\system32\HPZipm12.exe
08:55:05.0406 1032 Pml Driver HPZ12 - ok
08:55:05.0421 1032 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:55:05.0421 1032 PolicyAgent - ok
08:55:05.0421 1032 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:55:05.0421 1032 PptpMiniport - ok
08:55:05.0437 1032 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
08:55:05.0437 1032 Processor - ok
08:55:05.0437 1032 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:55:05.0437 1032 ProtectedStorage - ok
08:55:05.0468 1032 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:55:05.0468 1032 PSched - ok
08:55:05.0484 1032 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:55:05.0484 1032 Ptilink - ok
08:55:05.0500 1032 PxHelp20 (b572ed0c3e6165643fa116af20425a54) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
08:55:05.0500 1032 PxHelp20 - ok
08:55:05.0500 1032 ql1080 - ok
08:55:05.0500 1032 Ql10wnt - ok
08:55:05.0515 1032 ql12160 - ok
08:55:05.0515 1032 ql1240 - ok
08:55:05.0515 1032 ql1280 - ok
08:55:05.0531 1032 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:55:05.0531 1032 RasAcd - ok
08:55:05.0546 1032 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
08:55:05.0546 1032 RasAuto - ok
08:55:05.0562 1032 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:55:05.0562 1032 Rasl2tp - ok
08:55:05.0609 1032 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
08:55:05.0609 1032 RasMan - ok
08:55:05.0609 1032 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:55:05.0609 1032 RasPppoe - ok
08:55:05.0609 1032 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:55:05.0625 1032 Raspti - ok
08:55:05.0625 1032 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:55:05.0625 1032 Rdbss - ok
08:55:05.0640 1032 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:55:05.0640 1032 RDPCDD - ok
08:55:05.0656 1032 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:55:05.0656 1032 rdpdr - ok
08:55:05.0687 1032 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
08:55:05.0687 1032 RDPWD - ok
08:55:05.0703 1032 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
08:55:05.0703 1032 RDSessMgr - ok
08:55:05.0703 1032 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:55:05.0703 1032 redbook - ok
08:55:05.0734 1032 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
08:55:05.0734 1032 RemoteAccess - ok
08:55:05.0750 1032 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
08:55:05.0750 1032 RemoteRegistry - ok
08:55:05.0796 1032 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
08:55:05.0796 1032 RpcLocator - ok
08:55:05.0828 1032 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
08:55:05.0828 1032 RpcSs - ok
08:55:05.0843 1032 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
08:55:05.0843 1032 RSVP - ok
08:55:06.0000 1032 RTHDMIAzAudService (017cc2e361a47461472bc4c08bd12440) C:\WINDOWS\system32\drivers\RtHDMI.sys
08:55:06.0078 1032 RTHDMIAzAudService - ok
08:55:06.0156 1032 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
08:55:06.0156 1032 RTLE8023xp - ok
08:55:06.0187 1032 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:55:06.0187 1032 SamSs - ok
08:55:06.0203 1032 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
08:55:06.0250 1032 SCardSvr - ok
08:55:06.0265 1032 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
08:55:06.0265 1032 Schedule - ok
08:55:06.0296 1032 SCMUSB (5a8746880648f274d77a7e4b69307be3) C:\WINDOWS\system32\DRIVERS\stcusb.sys
08:55:06.0296 1032 SCMUSB - ok
08:55:06.0328 1032 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:55:06.0328 1032 Secdrv - ok
08:55:06.0328 1032 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
08:55:06.0343 1032 seclogon - ok
08:55:06.0343 1032 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
08:55:06.0343 1032 SENS - ok
08:55:06.0343 1032 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
08:55:06.0343 1032 serenum - ok
08:55:06.0359 1032 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
08:55:06.0359 1032 Serial - ok
08:55:06.0375 1032 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:55:06.0375 1032 Sfloppy - ok
08:55:06.0406 1032 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
08:55:06.0453 1032 SharedAccess - ok
08:55:06.0484 1032 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:55:06.0484 1032 ShellHWDetection - ok
08:55:06.0484 1032 Simbad - ok
08:55:06.0515 1032 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
08:55:06.0515 1032 SLIP - ok
08:55:06.0531 1032 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
08:55:06.0531 1032 SONYPVU1 - ok
08:55:06.0531 1032 Sparrow - ok
08:55:06.0562 1032 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:55:06.0562 1032 splitter - ok
08:55:06.0593 1032 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
08:55:06.0593 1032 Spooler - ok
08:55:06.0609 1032 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:55:06.0609 1032 sr - ok
08:55:06.0656 1032 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
08:55:06.0656 1032 srservice - ok
08:55:06.0687 1032 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:55:06.0687 1032 Srv - ok
08:55:06.0718 1032 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
08:55:06.0718 1032 SSDPSRV - ok
08:55:06.0750 1032 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
08:55:06.0765 1032 stisvc - ok
08:55:06.0765 1032 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
08:55:06.0765 1032 streamip - ok
08:55:06.0781 1032 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:55:06.0781 1032 swenum - ok
08:55:06.0796 1032 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:55:06.0796 1032 swmidi - ok
08:55:06.0796 1032 SwPrv - ok
08:55:06.0812 1032 symc810 - ok
08:55:06.0812 1032 symc8xx - ok
08:55:06.0812 1032 sym_hi - ok
08:55:06.0828 1032 sym_u3 - ok
08:55:06.0859 1032 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:55:06.0859 1032 sysaudio - ok
08:55:06.0875 1032 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
08:55:06.0875 1032 SysmonLog - ok
08:55:06.0906 1032 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
08:55:06.0937 1032 TapiSrv - ok
08:55:06.0968 1032 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:55:07.0031 1032 Tcpip - ok
08:55:07.0046 1032 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:55:07.0046 1032 TDPIPE - ok
08:55:07.0078 1032 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:55:07.0078 1032 TDTCP - ok
08:55:07.0078 1032 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:55:07.0093 1032 TermDD - ok
08:55:07.0109 1032 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
08:55:07.0140 1032 TermService - ok
08:55:07.0156 1032 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:55:07.0156 1032 Themes - ok
08:55:07.0187 1032 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
08:55:07.0187 1032 TlntSvr - ok
08:55:07.0187 1032 TosIde - ok
08:55:07.0218 1032 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
08:55:07.0218 1032 TrkWks - ok
08:55:07.0250 1032 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:55:07.0250 1032 Udfs - ok
08:55:07.0265 1032 ultra - ok
08:55:07.0296 1032 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:55:07.0312 1032 Update - ok
08:55:07.0359 1032 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
08:55:07.0406 1032 upnphost - ok
08:55:07.0421 1032 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
08:55:07.0421 1032 UPS - ok
08:55:07.0453 1032 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
08:55:07.0453 1032 usbaudio - ok
08:55:07.0515 1032 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
08:55:07.0515 1032 usbbus - ok
08:55:07.0531 1032 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:55:07.0531 1032 usbccgp - ok
08:55:07.0562 1032 UsbComm (835cecee262d8070ba84ae32ab8c24b2) C:\WINDOWS\system32\Drivers\UsbCm_pj.sys
08:55:07.0562 1032 UsbComm - ok
08:55:07.0609 1032 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
08:55:07.0609 1032 UsbDiag - ok
08:55:07.0625 1032 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:55:07.0640 1032 usbehci - ok
08:55:07.0640 1032 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:55:07.0640 1032 usbhub - ok
08:55:07.0671 1032 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
08:55:07.0671 1032 USBModem - ok
08:55:07.0703 1032 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
08:55:07.0703 1032 usbohci - ok
08:55:07.0734 1032 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:55:07.0734 1032 usbprint - ok
08:55:07.0765 1032 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:55:07.0765 1032 usbscan - ok
08:55:07.0796 1032 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:55:07.0796 1032 usbstor - ok
08:55:07.0812 1032 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:55:07.0812 1032 usbuhci - ok
08:55:07.0828 1032 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
08:55:07.0828 1032 usbvideo - ok
08:55:07.0859 1032 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:55:07.0859 1032 VgaSave - ok
08:55:07.0859 1032 ViaIde - ok
08:55:07.0875 1032 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:55:07.0875 1032 VolSnap - ok
08:55:07.0890 1032 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
08:55:07.0906 1032 VSS - ok
08:55:07.0921 1032 vulfnths (c9a8ba443f809b70bccccd60cc73fa5c) C:\WINDOWS\System32\Drivers\vulfnth.sys
08:55:07.0921 1032 vulfnths - ok
08:55:07.0921 1032 vulfntrs (2d8c55889616f7767e9fb8adee37a02a) C:\WINDOWS\System32\Drivers\vulfntr.sys
08:55:07.0937 1032 vulfntrs - ok
08:55:07.0953 1032 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
08:55:08.0000 1032 W32Time - ok
08:55:08.0015 1032 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:55:08.0015 1032 Wanarp - ok
08:55:08.0062 1032 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
08:55:08.0078 1032 Wdf01000 - ok
08:55:08.0078 1032 WDICA - ok
08:55:08.0093 1032 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:55:08.0093 1032 wdmaud - ok
08:55:08.0125 1032 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
08:55:08.0125 1032 WebClient - ok
08:55:08.0171 1032 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
08:55:08.0171 1032 winmgmt - ok
08:55:08.0218 1032 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
08:55:08.0218 1032 WinUSB - ok
08:55:08.0250 1032 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
08:55:08.0250 1032 WmdmPmSN - ok
08:55:08.0296 1032 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
08:55:08.0312 1032 Wmi - ok
08:55:08.0328 1032 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
08:55:08.0328 1032 WmiAcpi - ok
08:55:08.0375 1032 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:55:08.0375 1032 WmiApSrv - ok
08:55:08.0484 1032 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
08:55:08.0515 1032 WMPNetworkSvc - ok
08:55:08.0546 1032 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:55:08.0546 1032 WS2IFSL - ok
08:55:08.0562 1032 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
08:55:08.0562 1032 WSTCODEC - ok
08:55:08.0578 1032 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:55:08.0578 1032 WudfPf - ok
08:55:08.0593 1032 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:55:08.0593 1032 WudfRd - ok
08:55:08.0625 1032 WudfSvc (575a4190d989f64732119e4114045a4f) C:\WINDOWS\System32\WUDFSvc.dll
08:55:08.0640 1032 WudfSvc - ok
08:55:08.0671 1032 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
08:55:08.0687 1032 WZCSVC - ok
08:55:08.0718 1032 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
08:55:08.0718 1032 xmlprov - ok
08:55:08.0718 1032 zumbus - ok
08:55:08.0765 1032 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
08:55:09.0187 1032 \Device\Harddisk0\DR0 - ok
08:55:09.0187 1032 Boot (0x1200) (45d460760f38bf1d34dbbea03a4fe5d8) \Device\Harddisk0\DR0\Partition0
08:55:09.0187 1032 \Device\Harddisk0\DR0\Partition0 - ok
08:55:09.0187 1032 ============================================================
08:55:09.0187 1032 Scan finished
08:55:09.0187 1032 ============================================================
08:55:09.0203 0868 Detected object count: 0
08:55:09.0203 0868 Actual detected object count: 0

ASWMbr

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-06 09:17:19
-----------------------------
09:17:19.171 OS Version: Windows 5.1.2600 Service Pack 3
09:17:19.171 Number of processors: 3 586 0x402
09:17:19.171 ComputerName: JASON-2BA77E1C4 UserName: Jason
09:17:19.671 Initialize success
09:17:26.625 AVAST engine defs: 12080600
09:17:42.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:17:42.781 Disk 0 Vendor: WDC_WD2500YD-01NVB1 10.02E01 Size: 239372MB BusType: 3
09:17:42.796 Disk 0 MBR read successfully
09:17:42.796 Disk 0 MBR scan
09:17:42.796 Disk 0 Windows XP default MBR code
09:17:42.796 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 239359 MB offset 63
09:17:42.796 Disk 0 scanning sectors +490207410
09:17:42.843 Disk 0 scanning C:\WINDOWS\system32\drivers
09:17:53.812 Service scanning
09:18:02.609 Service MpKslbb785079 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E5D94F58-16B2-4E2E-9E73-DDFBC6B829F6}\MpKslbb785079.sys **LOCKED** 32
09:18:10.531 Modules scanning
09:18:12.812 Disk 0 trace - called modules:
09:18:12.828 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll amdide.sys PCIIDEX.SYS
09:18:13.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b29eab8]
09:18:13.328 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b2bab00]
09:18:14.031 AVAST engine scan C:\
12:41:38.812 Scan finished successfully
12:43:13.250 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jason\My Documents\MBR.dat"
12:43:13.265 The log file has been saved successfully to "C:\Documents and Settings\Jason\My Documents\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   546bytes   0 downloads


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,943 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:33 AM

Posted 07 August 2012 - 06:48 AM

Your Hosts file was compromised.
How do I reset the hosts file back to the default?
http://support.microsoft.com/kb/972034

Use the Fix it button on the page.

===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please post the logs and let me know what problem persists.

#7 ImmortalJman

ImmortalJman
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 07 August 2012 - 10:03 AM

I ran the Windows Host File fix it solution and it didn't seem to do anything for the desktop, however, after running ComboFix it rebooted and the desktop and everything now shows up. I've browsed the internet and done some searches and there's no redirecting to strange sites, etc. Everything seems to be working fine and it feels a lot faster too. Here's the Combo Fix log.

ComboFix 12-08-07.02 - Jason 08/07/2012 8:44.1.3 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2514 [GMT -5:00]
Running from: c:\documents and settings\Jason\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator.JASON-2BA77E1C4.002\Application Data\Roaming
c:\documents and settings\Jason\Application Data\Roaming
c:\documents and settings\Jason\Application Data\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#p8dmn.com\settings.sol
c:\documents and settings\Jason\Application Data\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
c:\documents and settings\Jason\Local Settings\Application Data\{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}\@
c:\documents and settings\Jason\Local Settings\Application Data\{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}\n
c:\documents and settings\Jason\WINDOWS
c:\windows\EventSystem.log
c:\windows\Installer\{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}\@
c:\windows\Installer\{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}\L\00000004.@
c:\windows\Installer\{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}\n
c:\windows\Installer\{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}\U\000000cb.@
c:\windows\Installer\{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}\U\80000000.@
c:\windows\Installer\{f7fa7b7d-33c4-5d07-4e12-282667a4ca05}\U\80000032.@
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Service_6to4
.
.
((((((((((((((((((((((((( Files Created from 2012-07-07 to 2012-08-07 )))))))))))))))))))))))))))))))
.
.
2012-08-07 13:43 . 2012-07-16 07:41 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E23E7917-BA09-40E3-8FB9-3C05998EA9EF}\mpengine.dll
2012-08-05 04:19 . 2012-08-05 04:20 -------- d-----w- c:\windows\system32\NtmsData
2012-08-01 16:30 . 2012-07-16 07:41 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-01 16:28 . 2012-08-01 16:29 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-31 10:05 . 2012-07-31 22:30 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-07-30 00:11 . 2012-07-30 00:12 -------- d-----w- c:\documents and settings\Administrator.JASON-2BA77E1C4.002
2012-07-29 17:19 . 2012-07-29 17:19 -------- d-----w- c:\program files\ESET
2012-07-29 05:40 . 2012-07-29 05:40 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-07-28 14:52 . 2012-07-28 14:52 -------- d-----w- c:\documents and settings\Jason\Application Data\Malwarebytes
2012-07-28 14:51 . 2012-07-28 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-07-28 14:51 . 2012-07-28 14:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-28 14:51 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-28 14:32 . 2012-07-28 14:32 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\Google
2012-07-28 12:54 . 2012-06-02 20:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-31 13:22 . 2012-07-31 13:22 3419036 ----a-w- C:\av-i386-daily.zip
2012-06-04 22:35 . 2009-04-26 01:58 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-04 22:35 . 2008-10-16 19:07 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:19 . 2009-04-26 05:57 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2009-04-26 05:57 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2009-04-26 01:58 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2009-04-26 01:58 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2009-04-26 05:57 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 20:19 . 2009-04-26 01:58 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2009-04-26 01:58 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 20:19 . 2004-08-04 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2009-04-26 05:57 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2009-04-26 01:58 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2009-04-26 01:58 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 20:18 . 2009-04-29 23:23 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18 . 2009-04-29 23:23 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 17:25 . 2010-11-22 01:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-31 13:22 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-03-25 03:37 . 2011-11-12 21:20 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2008-05-21 1423360]
"QFan Help"="c:\program files\ASUS\AI Suite\QFan3\QFanHelp.exe" [2008-05-06 594432]
"Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-12-01 881152]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"CY_BG"="c:\windows\bp_bg.exe" [2003-04-18 118784]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2008-05-29 298024]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 98304]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQ&inst=NwA3AC0AMwAzADIANgA4ADEANAAyADkALQBLAFYAMwArADcALQBCAEEAKwAxAC0AWABMACsAMQAtAFQANAAtAFMAVAAxACsAMgAtAA&prod=90&ver=9.0.864" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2008-5-29 128552]
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2009-4-28 25214]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2008-05-29 22:57 109568 ----a-w- c:\windows\system32\ackpbsc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2008-05-29 22:57 293888 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
R1 bpfinder;BACKPACK Finder;c:\windows\system32\drivers\bpfinder.sys [4/29/2009 7:25 PM 62311]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/29/2008 5:57 PM 198184]
R2 DeinoPM;DeinoMPI process manager service;c:\program files\DeinoMPI\bin\DeinoPM.exe [1/17/2007 5:53 AM 20480]
R2 DVRMSFileWatcherService;DVRMSFileWatcherService;c:\program files\DVRMSToolbox\DVRMSFileWatcherService.exe [3/19/2008 8:09 PM 20480]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [3/25/2012 8:59 PM 100368]
R3 AvcUWilo;Adaptec AVC-2210/2310 USB Device;c:\windows\system32\drivers\avcuwilo.sys [4/29/2009 7:38 PM 51166]
R3 bpflt;BACKPACK Filter;c:\windows\system32\drivers\bpflt.sys [4/29/2009 7:25 PM 4538]
S2 9;9;\??\c:\docume~1\Jason\LOCALS~1\Temp\9.sys --> c:\docume~1\Jason\LOCALS~1\Temp\9.sys [?]
S2 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe [4/22/2009 12:01 PM 124256]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\Jason\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Jason\LOCALS~1\Temp\ALSysIO.sys [?]
S3 AVC2310F;AVC-2310/AVC-2210 USB Loader;c:\windows\system32\drivers\avcuwfl.sys [4/29/2009 7:38 PM 18644]
S3 BP_FX_AT;BACKPACK USB;c:\windows\system32\drivers\BP_fx_at.sys [4/29/2009 7:25 PM 32640]
S3 bppccard;BACKPACK PC Card;c:\windows\system32\drivers\bppccard.sys [4/29/2009 7:25 PM 5493]
S3 bppnpdrv;BACKPACK Driver;c:\windows\system32\drivers\bppnpdrv.sys [4/29/2009 7:25 PM 19670]
S3 bpusbdrv;BACKPACK USB 1 Cable;c:\windows\system32\drivers\bpusbdrv.sys [4/29/2009 7:25 PM 109676]
S3 bpusbflt;BACKPACK USB Filter;c:\windows\system32\drivers\bpusbflt.sys [4/29/2009 7:25 PM 9085]
S3 Ipet_cex;Ipet_cex; [x]
S3 SCMUSB;SCR301 USB Smart Card Reader;c:\windows\system32\drivers\stcusb.sys [2/1/2002 2:09 AM 18912]
S3 UsbComm;USB Communication Driver;c:\windows\system32\drivers\UsbCm_pj.sys [7/4/2012 2:16 PM 8832]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - BITS
*NewlyCreated* - WUAUSERV
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2012-08-07 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 22:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.starwars.com/
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{BC87A760-27D2-4E70-A529-D557276B29FA}: NameServer = 68.105.28.12,68.105.29.12
FF - ProfilePath - c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\pl4oxq27.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.starwars.com/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm4584AUS&ptnrS=ZUxdm4584AUS&ptb=9hN9uexMCIJ_PKeMKZmnSA&ind=2010091819&n=77cf912b&psa=&st=kwd&searchfor=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-07 08:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(768)
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\system32\accrypto.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\asphatrc.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\windows\system32\aicext.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\acunlockrc.dll
.
- - - - - - - > 'explorer.exe'(3600)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\SoftwareDistribution\Download\Install\NDP20SP2-KB2686828-x86.exe
c:\4f91c37c484ebad9238c9eed48ae5ff0\HotFixInstaller.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\MsiExec.exe
.
**************************************************************************
.
Completion time: 2012-08-07 09:00:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-07 14:00
.
Pre-Run: 174,620,409,856 bytes free
Post-Run: 177,463,988,224 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - EC4222F7C25FA32BB590190F7C36EA51

#8 ImmortalJman

ImmortalJman
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 07 August 2012 - 10:26 AM

A little extra note. So I logged into the other user and the desktop had the same issue. So, I ran ComboFix on that profile too. And to my surprise it found more stuff and deleted some things and the desktop came back on that one too. Here is the log.

ComboFix 12-08-07.02 - Bethany 08/07/2012 10:16:18.2.3 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2616 [GMT -5:00]
Running from: c:\documents and settings\Bethany\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Bethany\Application Data\Roaming
c:\documents and settings\Bethany\My Documents\~WRL0978.tmp
c:\documents and settings\Bethany\My Documents\~WRL1497.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-07-07 to 2012-08-07 )))))))))))))))))))))))))))))))
.
.
2012-08-07 15:09 . 2012-08-07 15:09 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7E7CAD58-8396-4310-BB8A-5D753D80BBE8}\MpKsld44c12e7.sys
2012-08-07 15:09 . 2012-08-07 15:09 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7E7CAD58-8396-4310-BB8A-5D753D80BBE8}\offreg.dll
2012-08-07 14:51 . 2012-07-16 07:41 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7E7CAD58-8396-4310-BB8A-5D753D80BBE8}\mpengine.dll
2012-08-05 04:19 . 2012-08-05 04:20 -------- d-----w- c:\windows\system32\NtmsData
2012-08-01 16:30 . 2012-07-16 07:41 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-01 16:28 . 2012-08-01 16:29 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-31 10:05 . 2012-07-31 22:30 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-07-30 00:11 . 2012-07-30 00:12 -------- d-----w- c:\documents and settings\Administrator.JASON-2BA77E1C4.002
2012-07-29 17:19 . 2012-07-29 17:19 -------- d-----w- c:\program files\ESET
2012-07-29 05:40 . 2012-07-29 05:40 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-07-28 14:51 . 2012-07-28 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-07-28 14:51 . 2012-07-28 14:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-28 14:51 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-28 14:02 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-07-28 12:54 . 2012-06-02 20:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-31 13:22 . 2012-07-31 13:22 3419036 ----a-w- C:\av-i386-daily.zip
2012-06-13 13:19 . 2004-08-04 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 00:12 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 22:35 . 2009-04-26 01:58 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-04 22:35 . 2008-10-16 19:07 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2004-08-04 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19 . 2009-04-26 05:57 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2009-04-26 05:57 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2009-04-26 01:58 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2009-04-26 01:58 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2009-04-26 05:57 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 20:19 . 2009-04-26 01:58 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2009-04-26 01:58 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 20:19 . 2004-08-04 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2009-04-26 05:57 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2009-04-26 01:58 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2009-04-26 01:58 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 20:18 . 2009-04-29 23:23 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18 . 2009-04-29 23:23 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 17:25 . 2010-11-22 01:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-31 13:22 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-03-25 03:37 . 2011-11-12 21:20 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-07_13.54.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-07 14:23 . 2012-08-07 14:23 16384 c:\windows\Temp\Perflib_Perfdata_59c.dat
- 2004-08-04 12:00 . 2012-05-12 03:19 72312 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2012-08-07 14:06 72312 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2012-05-11 14:42 67072 c:\windows\system32\mshtmled.dll
+ 2007-08-13 23:54 . 2012-05-11 14:42 55296 c:\windows\system32\msfeedsbs.dll
- 2007-08-13 23:54 . 2012-03-01 11:01 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-04 12:00 . 2012-05-11 14:42 25600 c:\windows\system32\jsproxy.dll
- 2004-08-04 12:00 . 2012-03-01 11:01 25600 c:\windows\system32\jsproxy.dll
+ 2009-06-12 00:21 . 2012-05-11 14:42 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-06-12 00:21 . 2012-03-01 11:01 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2007-08-13 23:54 . 2012-05-11 14:42 67072 c:\windows\system32\dllcache\mshtmled.dll
- 2009-04-27 23:52 . 2012-03-01 11:01 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-04-27 23:52 . 2012-05-11 14:42 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-08-13 23:44 . 2012-03-01 11:01 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2007-08-13 23:44 . 2012-05-11 14:42 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2007-08-13 23:54 . 2012-03-01 11:01 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-08-13 23:54 . 2012-05-11 14:42 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-04-29 00:11 . 2012-08-07 14:02 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-04-29 00:11 . 2012-05-16 01:31 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-04-29 00:11 . 2012-05-16 01:31 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-04-29 00:11 . 2012-08-07 14:02 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2009-04-29 00:11 . 2012-05-16 01:31 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-04-29 00:11 . 2012-08-07 14:02 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-04-29 00:11 . 2012-05-16 01:31 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-04-29 00:11 . 2012-08-07 14:02 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-04-29 00:11 . 2012-05-16 01:31 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-04-29 00:11 . 2012-08-07 14:02 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-04-29 00:11 . 2012-08-07 14:02 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2009-04-29 00:11 . 2012-05-16 01:31 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2012-08-07 14:03 . 2012-03-01 11:01 12800 c:\windows\ie8updates\KB2699988-IE8\xpshims.dll
+ 2012-08-07 14:03 . 2012-03-01 11:01 66560 c:\windows\ie8updates\KB2699988-IE8\mshtmled.dll
+ 2012-08-07 14:03 . 2012-03-01 11:01 55296 c:\windows\ie8updates\KB2699988-IE8\msfeedsbs.dll
+ 2012-08-07 14:03 . 2012-03-01 11:01 43520 c:\windows\ie8updates\KB2699988-IE8\licmgr10.dll
+ 2012-08-07 14:03 . 2012-03-01 11:01 25600 c:\windows\ie8updates\KB2699988-IE8\jsproxy.dll
+ 2012-08-07 14:09 . 2012-08-07 14:09 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3b34fc2c8c94ffe21f75168980b69dfe\System.Web.DynamicData.Design.ni.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-08-07 14:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2676562\update\spcustom.dll
+ 2012-05-09 21:30 . 2012-04-11 13:53 16896 c:\windows\$hf_mig$\KB2676562\update\mpsyschk.dll
+ 2012-08-07 14:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2676562\spmsg.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-04-29 00:11 . 2012-08-07 14:02 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-04-29 00:11 . 2012-05-16 01:31 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2012-05-12 03:19 . 2012-05-12 03:19 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-05-12 03:19 . 2012-05-12 03:19 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2004-08-04 12:00 . 2012-05-11 14:42 105984 c:\windows\system32\url.dll
- 2004-08-04 12:00 . 2012-03-01 11:01 105984 c:\windows\system32\url.dll
+ 2004-08-04 12:00 . 2012-08-07 14:06 444054 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2012-05-12 03:19 444054 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2012-03-01 11:01 206848 c:\windows\system32\occache.dll
+ 2004-08-04 12:00 . 2012-05-11 14:42 206848 c:\windows\system32\occache.dll
- 2004-08-04 12:00 . 2012-03-01 11:01 611840 c:\windows\system32\mstime.dll
+ 2004-08-04 12:00 . 2012-05-11 14:42 611840 c:\windows\system32\mstime.dll
+ 2007-08-13 23:54 . 2012-05-11 14:42 629760 c:\windows\system32\msfeeds.dll
+ 2004-08-04 12:00 . 2012-05-11 14:42 184320 c:\windows\system32\iepeers.dll
- 2004-08-04 12:00 . 2012-03-01 11:01 184320 c:\windows\system32\iepeers.dll
+ 2004-08-04 12:00 . 2012-05-11 14:42 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-04 12:00 . 2012-03-01 11:01 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 12:00 . 2012-05-11 11:38 174080 c:\windows\system32\ie4uinit.exe
- 2004-08-04 12:00 . 2012-02-29 12:17 174080 c:\windows\system32\ie4uinit.exe
+ 2009-04-25 20:48 . 2012-08-07 14:23 332280 c:\windows\system32\FNTCACHE.DAT
- 2009-04-25 20:48 . 2012-03-23 08:20 332280 c:\windows\system32\FNTCACHE.DAT
+ 2009-04-26 01:56 . 2012-05-02 13:46 139656 c:\windows\system32\drivers\rdpwd.sys
- 2007-08-13 23:54 . 2012-03-01 11:01 916992 c:\windows\system32\dllcache\wininet.dll
+ 2007-08-13 23:54 . 2012-05-16 15:08 916992 c:\windows\system32\dllcache\wininet.dll
- 2007-08-13 23:44 . 2012-03-01 11:01 105984 c:\windows\system32\dllcache\url.dll
+ 2007-08-13 23:44 . 2012-05-11 14:42 105984 c:\windows\system32\dllcache\url.dll
+ 2008-12-05 06:54 . 2012-06-04 04:32 152576 c:\windows\system32\dllcache\schannel.dll
+ 2011-08-10 22:29 . 2012-05-02 13:46 139656 c:\windows\system32\dllcache\rdpwd.sys
- 2007-08-13 23:44 . 2012-03-01 11:01 206848 c:\windows\system32\dllcache\occache.dll
+ 2007-08-13 23:44 . 2012-05-11 14:42 206848 c:\windows\system32\dllcache\occache.dll
+ 2007-08-13 23:54 . 2012-05-11 14:42 611840 c:\windows\system32\dllcache\mstime.dll
- 2007-08-13 23:54 . 2012-03-01 11:01 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-04-27 23:52 . 2012-05-11 14:42 629760 c:\windows\system32\dllcache\msfeeds.dll
- 2010-11-09 14:52 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll
+ 2010-11-09 14:52 . 2012-05-28 18:16 536576 c:\windows\system32\dllcache\msado15.dll
+ 2009-06-12 00:21 . 2012-05-11 14:42 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-06-12 00:21 . 2012-03-01 11:01 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2007-08-13 23:54 . 2012-05-11 14:42 184320 c:\windows\system32\dllcache\iepeers.dll
- 2007-08-13 23:54 . 2012-03-01 11:01 184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-06-14 00:01 . 2012-03-01 11:01 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-06-14 00:01 . 2012-05-11 14:42 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2007-08-13 23:39 . 2012-03-01 11:01 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-13 23:39 . 2012-05-11 14:42 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2007-08-13 23:39 . 2012-02-29 12:17 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-08-13 23:39 . 2012-05-11 11:38 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2012-04-21 12:15 . 2012-04-21 12:15 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2012-01-31 08:38 . 2012-01-31 08:38 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2012-04-22 02:55 . 2012-04-22 02:55 980480 c:\windows\Installer\501e4.msp
+ 2009-04-29 00:11 . 2012-08-07 14:02 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-04-29 00:11 . 2012-05-16 01:31 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-04-29 00:11 . 2012-05-16 01:31 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-04-29 00:11 . 2012-08-07 14:02 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-04-29 00:11 . 2012-08-07 14:02 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-04-29 00:11 . 2012-05-16 01:31 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-04-29 00:11 . 2012-08-07 14:02 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-04-29 00:11 . 2012-05-16 01:31 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-04-29 00:11 . 2012-08-07 14:02 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-04-29 00:11 . 2012-05-16 01:31 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-04-29 00:11 . 2012-08-07 14:02 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2009-04-29 00:11 . 2012-05-16 01:31 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2012-08-07 14:03 . 2012-03-01 11:01 916992 c:\windows\ie8updates\KB2699988-IE8\wininet.dll
+ 2012-08-07 14:03 . 2012-03-01 11:01 105984 c:\windows\ie8updates\KB2699988-IE8\url.dll
+ 2012-08-07 14:03 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2699988-IE8\spuninst\updspapi.dll
+ 2012-08-07 14:03 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2699988-IE8\spuninst\spuninst.exe
+ 2012-08-07 14:03 . 2012-03-01 11:01 206848 c:\windows\ie8updates\KB2699988-IE8\occache.dll
+ 2012-08-07 14:03 . 2012-03-01 11:01 611840 c:\windows\ie8updates\KB2699988-IE8\mstime.dll
+ 2012-08-07 14:03 . 2012-03-01 11:01 602112 c:\windows\ie8updates\KB2699988-IE8\msfeeds.dll
+ 2012-08-07 14:03 . 2009-03-08 09:35 521216 c:\windows\ie8updates\KB2699988-IE8\jsdbgui.dll
+ 2012-08-07 14:03 . 2012-03-01 11:01 247808 c:\windows\ie8updates\KB2699988-IE8\ieproxy.dll
+ 2012-08-07 14:03 . 2012-03-01 11:01 184320 c:\windows\ie8updates\KB2699988-IE8\iepeers.dll
+ 2012-08-07 14:03 . 2012-03-01 11:01 743424 c:\windows\ie8updates\KB2699988-IE8\iedvtool.dll
+ 2012-08-07 14:03 . 2012-03-01 11:01 387584 c:\windows\ie8updates\KB2699988-IE8\iedkcs32.dll
+ 2012-08-07 14:03 . 2012-02-29 12:17 174080 c:\windows\ie8updates\KB2699988-IE8\ie4uinit.exe
+ 2012-05-12 03:19 . 2012-05-12 03:19 303104 c:\windows\assembly\temp\BJPV17DKQW\System.Runtime.Remoting.dll
+ 2012-08-07 14:07 . 2012-08-07 14:07 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\86e11a59f02b2dda27ec2e7cba351744\WindowsFormsIntegration.ni.dll
+ 2012-08-07 14:09 . 2012-08-07 14:09 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\698c2093d7ac57af935b399d1c0b1790\System.Web.Routing.ni.dll
+ 2012-08-07 14:09 . 2012-08-07 14:09 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\75248baf640115daeb0e580f1c5ff98b\System.Web.Extensions.Design.ni.dll
+ 2012-08-07 14:09 . 2012-08-07 14:09 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\40c3b61ac38613e2b4b0f196e86185eb\System.Web.Entity.ni.dll
+ 2012-08-07 14:09 . 2012-08-07 14:09 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\39cc9a830f7f08fd9f397be452fd78b0\System.Web.Entity.Design.ni.dll
+ 2012-08-07 14:09 . 2012-08-07 14:09 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\88b1fd4792e7b698b788594d8e5e3c09\System.Web.DynamicData.ni.dll
+ 2012-08-07 14:09 . 2012-08-07 14:09 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\6333d22a2ea347432d46c40d93194c68\System.Web.Abstractions.ni.dll
+ 2012-08-07 14:09 . 2012-08-07 14:09 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
+ 2012-08-07 14:07 . 2012-08-07 14:07 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\96a3fc1f74a00b618b70bd1701600408\System.Drawing.Design.ni.dll
+ 2012-08-07 14:09 . 2012-08-07 14:09 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\badd66e1d2b8416e9bb868ad059203c6\System.Configuration.Install.ni.dll
+ 2012-08-07 14:08 . 2012-08-07 14:08 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\c0045c1c7c29c7e7cc7bd60001b729a7\AspNetMMCExt.ni.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-08-07 14:01 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2676562\update\updspapi.dll
+ 2012-08-07 14:01 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2676562\update\update.exe
+ 2012-08-07 14:01 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2676562\spuninst.exe
+ 2004-08-04 12:00 . 2012-05-11 14:42 1212416 c:\windows\system32\urlmon.dll
- 2004-08-04 12:00 . 2012-03-01 11:01 1212416 c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2012-06-08 14:26 8462848 c:\windows\system32\shell32.dll
+ 2004-08-04 12:00 . 2012-05-04 13:16 2148352 c:\windows\system32\ntoskrnl.exe
+ 2004-08-03 22:59 . 2012-05-04 12:32 2026496 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-04 12:00 . 2012-05-11 14:42 6007808 c:\windows\system32\mshtml.dll
+ 2007-08-13 23:34 . 2012-05-11 14:42 2000384 c:\windows\system32\iertutil.dll
- 2007-08-13 23:34 . 2012-03-01 11:01 2000384 c:\windows\system32\iertutil.dll
+ 2009-02-09 11:13 . 2012-06-13 13:19 1866112 c:\windows\system32\dllcache\win32k.sys
+ 2007-08-13 23:54 . 2012-05-11 14:42 1212416 c:\windows\system32\dllcache\urlmon.dll
- 2007-08-13 23:54 . 2012-03-01 11:01 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-17 19:02 . 2012-06-08 14:26 8462848 c:\windows\system32\dllcache\shell32.dll
+ 2009-04-27 23:24 . 2012-05-04 13:12 2192640 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-04-27 23:24 . 2012-05-04 12:32 2026496 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-08 00:02 . 2012-05-04 12:32 2069120 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-04-27 23:24 . 2012-05-04 13:16 2148352 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2008-04-14 00:12 . 2009-07-31 16:05 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2008-04-14 00:12 . 2012-06-05 15:50 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2009-04-27 23:13 . 2012-06-05 15:50 1172480 c:\windows\system32\dllcache\msxml3.dll
- 2009-04-27 23:13 . 2010-06-14 07:41 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2007-08-13 23:54 . 2012-05-11 14:42 6007808 c:\windows\system32\dllcache\mshtml.dll
+ 2009-04-27 23:52 . 2012-05-11 14:42 2000384 c:\windows\system32\dllcache\iertutil.dll
- 2009-04-27 23:52 . 2012-03-01 11:01 2000384 c:\windows\system32\dllcache\iertutil.dll
- 2011-12-25 08:50 . 2011-12-25 08:50 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2012-03-20 10:23 . 2012-03-20 10:23 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2008-07-25 16:17 . 2008-07-25 16:17 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2012-03-20 10:23 . 2012-03-20 10:23 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2012-06-29 19:33 . 2012-06-29 19:33 6063616 c:\windows\Installer\501dd.msp
+ 2012-04-26 00:32 . 2012-04-26 00:32 7069184 c:\windows\Installer\501c5.msp
+ 2012-03-21 04:57 . 2012-03-21 04:57 6188544 c:\windows\Installer\501c3.msp
+ 2012-04-26 00:32 . 2012-04-26 00:32 7069184 c:\windows\Installer\290eae.msp
+ 2012-08-07 14:03 . 2012-03-01 11:01 1212416 c:\windows\ie8updates\KB2699988-IE8\urlmon.dll
+ 2012-08-07 14:03 . 2012-03-01 11:01 5978624 c:\windows\ie8updates\KB2699988-IE8\mshtml.dll
+ 2012-08-07 14:03 . 2012-03-01 11:01 2000384 c:\windows\ie8updates\KB2699988-IE8\iertutil.dll
+ 2009-04-27 23:24 . 2012-05-04 13:12 2192640 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-04-27 23:24 . 2012-05-04 12:32 2026496 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-08 00:02 . 2012-05-04 12:32 2069120 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-04-27 23:24 . 2012-05-04 13:16 2148352 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2012-08-07 14:09 . 2012-08-07 14:09 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bd5bd406670d483b82bd51249eee59e3\System.WorkflowServices.ni.dll
+ 2012-08-07 14:09 . 2012-08-07 14:09 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\77361ebe9ad8ff77cc9a8d7f8363eb05\System.Workflow.Runtime.ni.dll
+ 2012-08-07 14:09 . 2012-08-07 14:09 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\1c12dfa7826b331b243b7b45daf9904d\System.Workflow.ComponentModel.ni.dll
+ 2012-08-07 14:09 . 2012-08-07 14:09 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\514bf0e69e2c9fc8509cd23236057356\System.Workflow.Activities.ni.dll
+ 2012-08-07 14:09 . 2012-08-07 14:09 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e70343406253e43964f9fe1f42cfbd7c\System.Web.Services.ni.dll
+ 2012-08-07 14:09 . 2012-08-07 14:09 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\77f8cde07b131839f1841be702837e8e\System.Web.Mobile.ni.dll
+ 2012-08-07 14:09 . 2012-08-07 14:09 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\242b168aaca18197eca371ec269e23ac\System.Web.Extensions.ni.dll
+ 2012-08-07 14:07 . 2012-08-07 14:07 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\d380f1813e27c2a086e62f0218669d67\System.Printing.ni.dll
+ 2012-08-07 14:07 . 2012-08-07 14:07 1592320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
+ 2012-08-07 14:09 . 2012-08-07 14:09 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\7a53d68ad544f8e9edfdbd5a90a48fd3\System.Deployment.ni.dll
+ 2012-08-07 14:07 . 2012-08-07 14:07 2146304 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\443dd7f0b84c3de54b1a72be655e307c\ReachFramework.ni.dll
+ 2012-08-07 14:07 . 2012-08-07 14:07 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\48ddcafff1a5603fb3289e90330275c0\PresentationUI.ni.dll
+ 2012-08-07 14:08 . 2012-08-07 14:08 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll
+ 2012-08-07 14:08 . 2012-08-07 14:08 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\4e463dcf2a03c71913a61b44c32e2389\Microsoft.Build.Tasks.ni.dll
+ 2012-08-07 14:08 . 2012-08-07 14:08 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\395b4a85c7941ac4dd9d1c6f5eb444c7\Microsoft.Build.Tasks.v3.5.ni.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2012-05-12 03:19 . 2012-05-12 03:19 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-02-28 02:30 . 2012-05-12 03:19 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-04-11 13:23 . 2012-04-11 13:23 1871360 c:\windows\$hf_mig$\KB2676562\SP3QFE\win32k.sys
+ 2012-04-11 13:22 . 2012-04-11 13:22 2192640 c:\windows\$hf_mig$\KB2676562\SP3QFE\ntoskrnl.exe
+ 2012-04-11 12:42 . 2012-04-11 12:42 2026496 c:\windows\$hf_mig$\KB2676562\SP3QFE\ntkrpamp.exe
+ 2012-04-11 12:42 . 2012-04-11 12:42 2069120 c:\windows\$hf_mig$\KB2676562\SP3QFE\ntkrnlpa.exe
+ 2012-04-11 13:26 . 2012-04-11 13:26 2148352 c:\windows\$hf_mig$\KB2676562\SP3QFE\ntkrnlmp.exe
+ 2009-04-27 23:50 . 2012-07-03 08:13 57442464 c:\windows\system32\MRT.exe
+ 2007-08-13 23:54 . 2012-05-12 01:12 11111424 c:\windows\system32\ieframe.dll
+ 2009-04-27 23:52 . 2012-05-12 01:12 11111424 c:\windows\system32\dllcache\ieframe.dll
+ 2012-08-07 14:03 . 2012-03-02 11:01 11082752 c:\windows\ie8updates\KB2699988-IE8\ieframe.dll
+ 2012-08-07 14:07 . 2012-08-07 14:07 12433920 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
+ 2012-08-07 14:09 . 2012-08-07 14:09 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
+ 2012-08-07 14:07 . 2012-08-07 14:07 10682368 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f73a8455f384e90f6925309336fece24\System.Design.ni.dll
+ 2012-08-07 14:07 . 2012-08-07 14:07 14329856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e4ecfaaf5417aceecb7fa8abddf06113\PresentationFramework.ni.dll
+ 2012-08-07 14:06 . 2012-08-07 14:06 12218368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2008-05-21 1423360]
"QFan Help"="c:\program files\ASUS\AI Suite\QFan3\QFanHelp.exe" [2008-05-06 594432]
"Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-12-01 881152]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"CY_BG"="c:\windows\bp_bg.exe" [2003-04-18 118784]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2008-05-29 298024]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 98304]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQ&inst=NwA3AC0AMwAzADIANgA4ADEANAAyADkALQBLAFYAMwArADcALQBCAEEAKwAxAC0AWABMACsAMQAtAFQANAAtAFMAVAAxACsAMgAtAA&prod=90&ver=9.0.864" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2008-5-29 128552]
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2009-4-28 25214]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [N/A]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2008-05-29 22:57 109568 ----a-w- c:\windows\system32\ackpbsc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2008-05-29 22:57 293888 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
R1 bpfinder;BACKPACK Finder;c:\windows\system32\drivers\bpfinder.sys [4/29/2009 7:25 PM 62311]
R1 MpKsld44c12e7;MpKsld44c12e7;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7E7CAD58-8396-4310-BB8A-5D753D80BBE8}\MpKsld44c12e7.sys [8/7/2012 10:09 AM 29904]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/29/2008 5:57 PM 198184]
R2 DeinoPM;DeinoMPI process manager service;c:\program files\DeinoMPI\bin\DeinoPM.exe [1/17/2007 5:53 AM 20480]
R2 DVRMSFileWatcherService;DVRMSFileWatcherService;c:\program files\DVRMSToolbox\DVRMSFileWatcherService.exe [3/19/2008 8:09 PM 20480]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [3/25/2012 8:59 PM 100368]
R3 AvcUWilo;Adaptec AVC-2210/2310 USB Device;c:\windows\system32\drivers\avcuwilo.sys [4/29/2009 7:38 PM 51166]
R3 bpflt;BACKPACK Filter;c:\windows\system32\drivers\bpflt.sys [4/29/2009 7:25 PM 4538]
S2 9;9;\??\c:\docume~1\Jason\LOCALS~1\Temp\9.sys --> c:\docume~1\Jason\LOCALS~1\Temp\9.sys [?]
S2 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe [4/22/2009 12:01 PM 124256]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\Jason\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Jason\LOCALS~1\Temp\ALSysIO.sys [?]
S3 AVC2310F;AVC-2310/AVC-2210 USB Loader;c:\windows\system32\drivers\avcuwfl.sys [4/29/2009 7:38 PM 18644]
S3 BP_FX_AT;BACKPACK USB;c:\windows\system32\drivers\BP_fx_at.sys [4/29/2009 7:25 PM 32640]
S3 bppccard;BACKPACK PC Card;c:\windows\system32\drivers\bppccard.sys [4/29/2009 7:25 PM 5493]
S3 bppnpdrv;BACKPACK Driver;c:\windows\system32\drivers\bppnpdrv.sys [4/29/2009 7:25 PM 19670]
S3 bpusbdrv;BACKPACK USB 1 Cable;c:\windows\system32\drivers\bpusbdrv.sys [4/29/2009 7:25 PM 109676]
S3 bpusbflt;BACKPACK USB Filter;c:\windows\system32\drivers\bpusbflt.sys [4/29/2009 7:25 PM 9085]
S3 Ipet_cex;Ipet_cex; [x]
S3 SCMUSB;SCR301 USB Smart Card Reader;c:\windows\system32\drivers\stcusb.sys [2/1/2002 2:09 AM 18912]
S3 UsbComm;USB Communication Driver;c:\windows\system32\drivers\UsbCm_pj.sys [7/4/2012 2:16 PM 8832]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLD44C12E7
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2012-08-07 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 22:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZUxdm4584AUS&ptb=9hN9uexMCIJ_PKeMKZmnSA
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{BC87A760-27D2-4E70-A529-D557276B29FA}: NameServer = 68.105.28.12,68.105.29.12
FF - ProfilePath - c:\documents and settings\Bethany\Application Data\Mozilla\Firefox\Profiles\xjzbwltw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm4584AUS&ptb=9hN9uexMCIJ_PKeMKZmnSA&ind=2010091819&ptnrS=ZUxdm4584AUS&si=&n=77cf912b&psa=&st=kwd&searchfor=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-KB00930585.exe - c:\documents and settings\Bethany\Application Data\KB00930585.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-07 10:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\system32\accrypto.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\asphatrc.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\windows\system32\aicext.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\acunlockrc.dll
.
- - - - - - - > 'winlogon.exe'(508)
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\system32\accrypto.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\asphatrc.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\windows\system32\aicext.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\acunlockrc.dll
.
Completion time: 2012-08-07 10:21:50
ComboFix-quarantined-files.txt 2012-08-07 15:21
ComboFix2.txt 2012-08-07 14:00
.
Pre-Run: 177,199,824,896 bytes free
Post-Run: 177,338,433,536 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - BE25F71D5BC32DE9A9EA49D6E1A6815C

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,943 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:33 AM

Posted 08 August 2012 - 06:57 AM

Looking good.


Open notepad and copy/paste the text in the quote box below into it:

Driver::
ALSysIO
Ipet_cex

ClearJavaCache::


Save this as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
===

Third party programs if not up to date can be an open door for an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs for my review.

#10 ImmortalJman

ImmortalJman
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 08 August 2012 - 01:20 PM

ComboFix Account 1

ComboFix 12-08-07.05 - Jason 08/08/2012 8:51.3.3 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2552 [GMT -5:00]
Running from: c:\documents and settings\Jason\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jason\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ALSYSIO
-------\Service_ALSysIO
-------\Service_Ipet_cex
.
.
((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 )))))))))))))))))))))))))))))))
.
.
2012-08-07 15:29 . 2012-07-16 07:41 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F05972F-14E0-4E53-BD65-DB3AAA69275D}\mpengine.dll
2012-08-07 14:55 . 2012-08-07 14:55 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\PCHealth
2012-08-05 04:19 . 2012-08-05 04:20 -------- d-----w- c:\windows\system32\NtmsData
2012-08-01 16:30 . 2012-07-16 07:41 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-01 16:28 . 2012-08-01 16:29 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-31 10:05 . 2012-07-31 22:30 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-07-30 00:11 . 2012-07-30 00:12 -------- d-----w- c:\documents and settings\Administrator.JASON-2BA77E1C4.002
2012-07-29 17:19 . 2012-07-29 17:19 -------- d-----w- c:\program files\ESET
2012-07-29 05:40 . 2012-07-29 05:40 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-07-28 14:52 . 2012-07-28 14:52 -------- d-----w- c:\documents and settings\Jason\Application Data\Malwarebytes
2012-07-28 14:51 . 2012-07-28 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-07-28 14:51 . 2012-07-28 14:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-28 14:51 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-28 14:32 . 2012-07-28 14:32 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\Google
2012-07-28 14:02 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-07-28 12:54 . 2012-06-02 20:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-31 13:22 . 2012-07-31 13:22 3419036 ----a-w- C:\av-i386-daily.zip
2012-06-13 13:19 . 2004-08-04 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 00:12 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 22:35 . 2009-04-26 01:58 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-04 22:35 . 2008-10-16 19:07 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2004-08-04 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19 . 2009-04-26 05:57 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2009-04-26 05:57 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2009-04-26 01:58 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2009-04-26 01:58 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2009-04-26 05:57 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 20:19 . 2009-04-26 01:58 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2009-04-26 01:58 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 20:19 . 2004-08-04 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2009-04-26 05:57 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2009-04-26 01:58 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2009-04-26 01:58 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 20:18 . 2009-04-29 23:23 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18 . 2009-04-29 23:23 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 17:25 . 2010-11-22 01:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-31 13:22 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-03-25 03:37 . 2011-11-12 21:20 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-08-07_15.20.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-08 13:57 . 2012-08-08 13:57 16384 c:\windows\Temp\Perflib_Perfdata_7c4.dat
+ 2012-04-26 00:32 . 2012-04-26 00:32 7069184 c:\windows\Installer\2f89e.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2008-05-21 1423360]
"QFan Help"="c:\program files\ASUS\AI Suite\QFan3\QFanHelp.exe" [2008-05-06 594432]
"Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-12-01 881152]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"CY_BG"="c:\windows\bp_bg.exe" [2003-04-18 118784]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2008-05-29 298024]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 98304]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQ&inst=NwA3AC0AMwAzADIANgA4ADEANAAyADkALQBLAFYAMwArADcALQBCAEEAKwAxAC0AWABMACsAMQAtAFQANAAtAFMAVAAxACsAMgAtAA&prod=90&ver=9.0.864" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2008-5-29 128552]
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2009-4-28 25214]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2008-05-29 22:57 109568 ----a-w- c:\windows\system32\ackpbsc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2008-05-29 22:57 293888 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
R1 bpfinder;BACKPACK Finder;c:\windows\system32\drivers\bpfinder.sys [4/29/2009 7:25 PM 62311]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/29/2008 5:57 PM 198184]
R2 DeinoPM;DeinoMPI process manager service;c:\program files\DeinoMPI\bin\DeinoPM.exe [1/17/2007 5:53 AM 20480]
R2 DVRMSFileWatcherService;DVRMSFileWatcherService;c:\program files\DVRMSToolbox\DVRMSFileWatcherService.exe [3/19/2008 8:09 PM 20480]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [3/25/2012 8:59 PM 100368]
R3 AvcUWilo;Adaptec AVC-2210/2310 USB Device;c:\windows\system32\drivers\avcuwilo.sys [4/29/2009 7:38 PM 51166]
R3 bpflt;BACKPACK Filter;c:\windows\system32\drivers\bpflt.sys [4/29/2009 7:25 PM 4538]
S2 9;9;\??\c:\docume~1\Jason\LOCALS~1\Temp\9.sys --> c:\docume~1\Jason\LOCALS~1\Temp\9.sys [?]
S2 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe [4/22/2009 12:01 PM 124256]
S3 AVC2310F;AVC-2310/AVC-2210 USB Loader;c:\windows\system32\drivers\avcuwfl.sys [4/29/2009 7:38 PM 18644]
S3 BP_FX_AT;BACKPACK USB;c:\windows\system32\drivers\BP_fx_at.sys [4/29/2009 7:25 PM 32640]
S3 bppccard;BACKPACK PC Card;c:\windows\system32\drivers\bppccard.sys [4/29/2009 7:25 PM 5493]
S3 bppnpdrv;BACKPACK Driver;c:\windows\system32\drivers\bppnpdrv.sys [4/29/2009 7:25 PM 19670]
S3 bpusbdrv;BACKPACK USB 1 Cable;c:\windows\system32\drivers\bpusbdrv.sys [4/29/2009 7:25 PM 109676]
S3 bpusbflt;BACKPACK USB Filter;c:\windows\system32\drivers\bpusbflt.sys [4/29/2009 7:25 PM 9085]
S3 SCMUSB;SCR301 USB Smart Card Reader;c:\windows\system32\drivers\stcusb.sys [2/1/2002 2:09 AM 18912]
S3 UsbComm;USB Communication Driver;c:\windows\system32\drivers\UsbCm_pj.sys [7/4/2012 2:16 PM 8832]
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2012-08-08 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 22:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.starwars.com/
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{BC87A760-27D2-4E70-A529-D557276B29FA}: NameServer = 68.105.28.12,68.105.29.12
FF - ProfilePath - c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\pl4oxq27.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.starwars.com/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm4584AUS&ptnrS=ZUxdm4584AUS&ptb=9hN9uexMCIJ_PKeMKZmnSA&ind=2010091819&n=77cf912b&psa=&st=kwd&searchfor=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-08 08:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(768)
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\system32\accrypto.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\asphatrc.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\windows\system32\aicext.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\acunlockrc.dll
.
- - - - - - - > 'explorer.exe'(2164)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-08-08 09:03:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-08 14:03
ComboFix2.txt 2012-08-07 15:21
ComboFix3.txt 2012-08-07 14:00
.
Pre-Run: 177,402,605,568 bytes free
Post-Run: 177,406,963,712 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 76E61A70C75B2185CE412F91B5AC0E9C


ComboFix Account 2

ComboFix 12-08-07.05 - Bethany 08/08/2012 9:12.4.3 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2680 [GMT -5:00]
Running from: c:\documents and settings\Bethany\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Bethany\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ALSYSIO
.
.
((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 )))))))))))))))))))))))))))))))
.
.
2012-08-08 14:28 . 2012-07-16 07:41 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{43391A70-3041-4EF7-9861-969B31B99734}\mpengine.dll
2012-08-07 15:29 . 2012-07-16 07:41 6891424 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-07 14:55 . 2012-08-07 14:55 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\PCHealth
2012-08-05 04:19 . 2012-08-05 04:20 -------- d-----w- c:\windows\system32\NtmsData
2012-08-01 16:28 . 2012-08-01 16:29 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-31 10:05 . 2012-07-31 22:30 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-07-30 00:11 . 2012-07-30 00:12 -------- d-----w- c:\documents and settings\Administrator.JASON-2BA77E1C4.002
2012-07-29 17:19 . 2012-07-29 17:19 -------- d-----w- c:\program files\ESET
2012-07-29 05:40 . 2012-07-29 05:40 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-07-28 14:52 . 2012-07-28 14:52 -------- d-----w- c:\documents and settings\Jason\Application Data\Malwarebytes
2012-07-28 14:51 . 2012-07-28 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-07-28 14:51 . 2012-07-28 14:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-28 14:51 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-28 14:32 . 2012-07-28 14:32 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\Google
2012-07-28 14:02 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-07-28 12:54 . 2012-06-02 20:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-31 13:22 . 2012-07-31 13:22 3419036 ----a-w- C:\av-i386-daily.zip
2012-06-13 13:19 . 2004-08-04 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 00:12 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 22:35 . 2009-04-26 01:58 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-04 22:35 . 2008-10-16 19:07 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2004-08-04 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19 . 2009-04-26 05:57 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2009-04-26 05:57 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2009-04-26 01:58 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2009-04-26 01:58 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2009-04-26 05:57 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 20:19 . 2009-04-26 01:58 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2009-04-26 01:58 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 20:19 . 2004-08-04 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2009-04-26 05:57 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2009-04-26 01:58 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2009-04-26 01:58 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 20:18 . 2009-04-29 23:23 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18 . 2009-04-29 23:23 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 17:25 . 2010-11-22 01:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-31 13:22 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-03-25 03:37 . 2011-11-12 21:20 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-08-07_15.20.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-08 14:17 . 2012-08-08 14:17 16384 c:\windows\Temp\Perflib_Perfdata_7ec.dat
+ 2012-04-26 00:32 . 2012-04-26 00:32 7069184 c:\windows\Installer\2f89e.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2008-05-21 1423360]
"QFan Help"="c:\program files\ASUS\AI Suite\QFan3\QFanHelp.exe" [2008-05-06 594432]
"Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-12-01 881152]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"CY_BG"="c:\windows\bp_bg.exe" [2003-04-18 118784]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2008-05-29 298024]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 98304]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQ&inst=NwA3AC0AMwAzADIANgA4ADEANAAyADkALQBLAFYAMwArADcALQBCAEEAKwAxAC0AWABMACsAMQAtAFQANAAtAFMAVAAxACsAMgAtAA&prod=90&ver=9.0.864" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2008-5-29 128552]
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2009-4-28 25214]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2008-05-29 22:57 109568 ----a-w- c:\windows\system32\ackpbsc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2008-05-29 22:57 293888 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
R1 bpfinder;BACKPACK Finder;c:\windows\system32\drivers\bpfinder.sys [4/29/2009 7:25 PM 62311]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/29/2008 5:57 PM 198184]
R2 DeinoPM;DeinoMPI process manager service;c:\program files\DeinoMPI\bin\DeinoPM.exe [1/17/2007 5:53 AM 20480]
R2 DVRMSFileWatcherService;DVRMSFileWatcherService;c:\program files\DVRMSToolbox\DVRMSFileWatcherService.exe [3/19/2008 8:09 PM 20480]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [3/25/2012 8:59 PM 100368]
R3 AvcUWilo;Adaptec AVC-2210/2310 USB Device;c:\windows\system32\drivers\avcuwilo.sys [4/29/2009 7:38 PM 51166]
R3 bpflt;BACKPACK Filter;c:\windows\system32\drivers\bpflt.sys [4/29/2009 7:25 PM 4538]
S2 9;9;\??\c:\docume~1\Jason\LOCALS~1\Temp\9.sys --> c:\docume~1\Jason\LOCALS~1\Temp\9.sys [?]
S2 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe [4/22/2009 12:01 PM 124256]
S3 AVC2310F;AVC-2310/AVC-2210 USB Loader;c:\windows\system32\drivers\avcuwfl.sys [4/29/2009 7:38 PM 18644]
S3 BP_FX_AT;BACKPACK USB;c:\windows\system32\drivers\BP_fx_at.sys [4/29/2009 7:25 PM 32640]
S3 bppccard;BACKPACK PC Card;c:\windows\system32\drivers\bppccard.sys [4/29/2009 7:25 PM 5493]
S3 bppnpdrv;BACKPACK Driver;c:\windows\system32\drivers\bppnpdrv.sys [4/29/2009 7:25 PM 19670]
S3 bpusbdrv;BACKPACK USB 1 Cable;c:\windows\system32\drivers\bpusbdrv.sys [4/29/2009 7:25 PM 109676]
S3 bpusbflt;BACKPACK USB Filter;c:\windows\system32\drivers\bpusbflt.sys [4/29/2009 7:25 PM 9085]
S3 SCMUSB;SCR301 USB Smart Card Reader;c:\windows\system32\drivers\stcusb.sys [2/1/2002 2:09 AM 18912]
S3 UsbComm;USB Communication Driver;c:\windows\system32\drivers\UsbCm_pj.sys [7/4/2012 2:16 PM 8832]
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2012-08-08 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 22:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZUxdm4584AUS&ptb=9hN9uexMCIJ_PKeMKZmnSA
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{BC87A760-27D2-4E70-A529-D557276B29FA}: NameServer = 68.105.28.12,68.105.29.12
FF - ProfilePath - c:\documents and settings\Bethany\Application Data\Mozilla\Firefox\Profiles\xjzbwltw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm4584AUS&ptb=9hN9uexMCIJ_PKeMKZmnSA&ind=2010091819&ptnrS=ZUxdm4584AUS&si=&n=77cf912b&psa=&st=kwd&searchfor=
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-08 13:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(768)
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\system32\accrypto.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\asphatrc.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\windows\system32\aicext.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\acunlockrc.dll
.
- - - - - - - > 'explorer.exe'(2696)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Adobe\Adobe Acrobat 7.0\ActiveX\PDFShell.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-08-08 13:11:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-08 18:11
ComboFix2.txt 2012-08-08 14:03
ComboFix3.txt 2012-08-07 15:21
ComboFix4.txt 2012-08-07 14:00
.
Pre-Run: 177,412,120,576 bytes free
Post-Run: 177,403,891,712 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - B675B734B3E2F34E01B5F7C3567A4926

ADW

# AdwCleaner v1.800 - Logfile created 08/08/2012 at 13:14:28
# Updated 01/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Jason - JASON-2BA77E1C4
# Running from : C:\Documents and Settings\Jason\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\Bethany\Application Data\Mozilla\Firefox\Profiles\xjzbwltw.default\SweetIMToolbarData
Folder Found : C:\Documents and Settings\Bethany\Application Data\Mozilla\Firefox\Profiles\xjzbwltw.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
Folder Found : C:\Program Files\SweetIM
File Found : C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\pl4oxq27.default\searchplugins\mywebsearch.xml
File Found : C:\Documents and Settings\Bethany\Application Data\Mozilla\Firefox\Profiles\xjzbwltw.default\searchplugins\mywebsearch.xml
File Found : C:\Documents and Settings\Bethany\Application Data\Mozilla\Firefox\Profiles\xjzbwltw.default\searchplugins\SweetIm.xml

***** [Registry] *****

Key Found : HKCU\Software\SweetIm
Key Found : HKLM\SOFTWARE\SweetIM

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v11.0 (en-US)

Profile name : default
File : C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\pl4oxq27.default\prefs.js

Found : user_pref("extensions.enabledAddons", "m3ffxtbr@mywebsearch.com:1.1,{972ce4c6-7e08-4474-a285-3208198[...]
Found : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensea[...]
Found : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Found : user_pref("extensions.mywebsearch.prevKwdURL", "chrome://browser-region/locale/region.properties");
Found : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm4584AUS&ptn[...]

Profile name : default
File : C:\Documents and Settings\Bethany\Application Data\Mozilla\Firefox\Profiles\xjzbwltw.default\prefs.js

Found : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensea[...]
Found : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Found : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg[...]
Found : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm4584AUS&ptb[...]
Found : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Found : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Found : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Found : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Found : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Found : user_pref("sweetim.toolbar.mode.debug", "false");
Found : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.[...]
Found : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Found : user_pref("sweetim.toolbar.search.history.capacity", "10");
Found : user_pref("sweetim.toolbar.searchguard.enable", "true");
Found : user_pref("sweetim.toolbar.simapp_id", "{696AF201-FB65-11E0-A9C6-00248C20D0E5}");
Found : user_pref("sweetim.toolbar.version", "1.2.0.2");

*************************

AdwCleaner[R1].txt - [3939 octets] - [08/08/2012 13:14:28]

########## EOF - C:\AdwCleaner[R1].txt - [4067 octets] ##########

Security Check

Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 24
Java version out of Date!
Adobe Flash Player 11.1.102.55
Mozilla Firefox 11.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 16% Defragment your hard drive soon!
````````````````````End of Log``````````````````````

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,943 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:33 AM

Posted 09 August 2012 - 07:24 AM

ComboFix log is clean.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


===

Microsoft Security Essentials
Antivirus out of date!

Update MSE.

===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 24


===

Total Fragmentation on Drive C:: 16% Defragment your hard drive soon!

This may take some time. Do it when you know that you will not need the computer for a few hours.

Please let me know what problem persists.

#12 ImmortalJman

ImmortalJman
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 11 August 2012 - 02:44 PM

Uninstalled the old Java and updated to the new one. Also ran ADW and here's the log. No other problems have shown up.

# AdwCleaner v1.800 - Logfile created 08/09/2012 at 12:48:45
# Updated 01/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Jason - JASON-2BA77E1C4
# Running from : C:\Documents and Settings\Jason\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Bethany\Application Data\Mozilla\Firefox\Profiles\xjzbwltw.default\SweetIMToolbarData
Folder Deleted : C:\Documents and Settings\Bethany\Application Data\Mozilla\Firefox\Profiles\xjzbwltw.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
Folder Deleted : C:\Program Files\SweetIM
File Deleted : C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\pl4oxq27.default\searchplugins\mywebsearch.xml
File Deleted : C:\Documents and Settings\Bethany\Application Data\Mozilla\Firefox\Profiles\xjzbwltw.default\searchplugins\mywebsearch.xml
File Deleted : C:\Documents and Settings\Bethany\Application Data\Mozilla\Firefox\Profiles\xjzbwltw.default\searchplugins\SweetIm.xml

***** [Registry] *****

Key Deleted : HKCU\Software\SweetIm
Key Deleted : HKLM\SOFTWARE\SweetIM

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v11.0 (en-US)

Profile name : default
File : C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\pl4oxq27.default\prefs.js

Deleted : user_pref("extensions.enabledAddons", "m3ffxtbr@mywebsearch.com:1.1,{972ce4c6-7e08-4474-a285-3208198[...]
Deleted : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensea[...]
Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "chrome://browser-region/locale/region.properties");
Deleted : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm4584AUS&ptn[...]

Profile name : default
File : C:\Documents and Settings\Bethany\Application Data\Mozilla\Firefox\Profiles\xjzbwltw.default\prefs.js

Deleted : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensea[...]
Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg[...]
Deleted : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm4584AUS&ptb[...]
Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.[...]
Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "true");
Deleted : user_pref("sweetim.toolbar.simapp_id", "{696AF201-FB65-11E0-A9C6-00248C20D0E5}");
Deleted : user_pref("sweetim.toolbar.version", "1.2.0.2");

*************************

AdwCleaner[R1].txt - [4068 octets] - [08/08/2012 13:14:28]
AdwCleaner[R2].txt - [4128 octets] - [09/08/2012 12:48:27]
AdwCleaner[S1].txt - [4123 octets] - [09/08/2012 12:48:45]

########## EOF - C:\AdwCleaner[S1].txt - [4251 octets] ##########

#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,943 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:33 AM

Posted 12 August 2012 - 07:17 AM

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Please double click on adwcleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.
===

Delete the other tools we used.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users