Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Still slow and can't comp[letely remove Zonealarm


  • This topic is locked This topic is locked
21 replies to this topic

#1 katiemay

katiemay

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 01 August 2012 - 10:29 PM

When following instructions to produce and provide DDS file and attach as well as GMER scan--- things went fine with DDS [see file and attach]--- however, when GMER was toward the end of its scan I received a Blue Screen with the following:

Stop: 0X0000000A (0XBA645000, 0X00000006, 0X00000001, 0X808EDA9A)
A problem has been detected and Windows has been shut down to prevent damage to your computer
Dumping physical memory to disk: 0- {I turned to another computer and didn't see the final number in the sequence}


So was unable to provide file for GMER--- but posting the DDS files as instructed

Thank you very much for any help which you can provide
katiemay

DDS txt file---
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.0
Run by katie at 22:09:59 on 2012-07-31
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1919.1261 [GMT -4:00]
.
AV: ZoneAlarm Security Suite Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
.
============== Running Processes ===============
.
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
c:\program files\a-squared free\a2service.exe
C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
C:\Documents and Settings\katie\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/firefox
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [OpenDNS Updater] "c:\program files\opendns updater\OpenDNSUpdater.exe" /autostart
uRun: [SansaDispatch] c:\documents and settings\katie\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [POINTER] point32.exe
mRun: [IntelliType] "c:\program files\microsoft hardware\keyboard\type32.exe"
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [FineReader7NewsReaderPro] "c:\program files\abbyy finereader 7.0 professional edition\ABBYYNewsReader.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\microt~1.lnk - c:\program files\microtek\scanwizard 5\ScannerFinder.exe
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-explorer: NoChangeAnimation = 0 (0x0)
uPolicies-explorer: NoDFSTab = 0 (0x0)
uPolicies-explorer: NoFileAssociate = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
uPolicies-system: NoChangeAnimation = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
mPolicies-explorer: NoSMMyPictures = 0 (0x0)
mPolicies-explorer: NoStartMenuMyMusic = 0 (0x0)
mPolicies-explorer: NoCommonGroups = 0 (0x0)
mPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
mPolicies-explorer: HideClock = 0 (0x0)
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204995126250
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204995184312
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{9E2B43CD-87D9-47FB-B00C-92A2302D57B8} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{9E2B43CD-87D9-47FB-B00C-92A2302D57B8} : DhcpNameServer = 192.168.254.254 192.168.254.254
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files\libronix dls\system\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files\libronix dls\system\ResProt.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.1.5\ViProtocol.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 relog_ap
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\katie\application data\mozilla\firefox\profiles\rh8j4f3p.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B28d4719a-96de-4b50-91e0-0268b5b37ee7%7D&mid=399b852e134b47d1a54fd154d4cc8e3f-06ce4fc639803a2e3563922518183d8e94088cb9&ds=pp016&v=12.1.0.21&lang=en&pr=sa&d=2012-07-27%2009%3A15%3A39&sap=ku&q=
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\12.1.5\npsitesafety.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\qt lite\plugins\npqtplugin.dll
FF - plugin: c:\program files\qt lite\plugins\npqtplugin2.dll
FF - plugin: c:\program files\qt lite\plugins\npqtplugin3.dll
FF - plugin: c:\program files\qt lite\plugins\npqtplugin4.dll
FF - plugin: c:\program files\qt lite\plugins\npqtplugin5.dll
FF - plugin: c:\program files\qt lite\plugins\npqtplugin6.dll
FF - plugin: c:\program files\qt lite\plugins\npqtplugin7.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_268.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2010-4-7 40560]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-7-27 27496]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-7-30 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2008-3-8 1858144]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\adobe\elements 9 organizer\PhotoshopElementsFileAgent.exe [2010-9-6 169408]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-6-7 913792]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-7-30 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-7-30 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-7-30 83392]
R2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;c:\program files\common files\avg secure search\vtoolbarupdater\12.1.5\ToolbarUpdater.exe [2012-7-27 830048]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2008-12-16 131664]
R3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2010-6-7 91728]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys --> c:\windows\system32\drivers\avgidshx.sys [?]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-2 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-13 250056]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys --> c:\windows\system32\drivers\avgidsshimx.sys [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\owner\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\owner\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 CSQ200;CSQ driver;c:\windows\system32\drivers\CSQ200.sys [2003-9-25 18816]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-10-26 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-10-26 8456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-2 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 113120]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 14904]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-5-4 91472]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\vboxnetflt.sys --> c:\windows\system32\drivers\VBoxNetFlt.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-31 03:37:43 -------- d-----w- c:\documents and settings\katie\application data\Avira
2012-07-31 03:29:34 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-07-31 03:29:30 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-07-31 03:29:26 -------- d-----w- c:\program files\Avira
2012-07-31 03:29:26 -------- d-----w- c:\documents and settings\all users\application data\Avira
2012-07-31 01:09:16 -------- d-----w- c:\program files\CheckPoint
2012-07-31 01:09:11 -------- d-----w- c:\documents and settings\all users\application data\CheckPoint
2012-07-30 13:28:12 -------- d-----w- c:\documents and settings\katie\application data\AVG2012
2012-07-30 13:19:04 -------- d--h--w- C:\$AVG
2012-07-30 13:19:04 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2012-07-30 05:01:48 -------- d-----w- c:\documents and settings\katie\local settings\application data\Sun
2012-07-30 04:43:16 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-27 13:16:12 -------- d-----w- c:\program files\hpmonitor
2012-07-27 13:15:36 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-07-27 13:15:25 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-07-27 13:11:32 -------- d-----w- c:\documents and settings\katie\application data\pdfforge
2012-07-27 13:11:16 -------- d-----w- c:\program files\PDFCreator
2012-07-26 19:09:14 -------- d-----w- c:\program files\ESET
2012-07-26 13:03:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-08 19:16:43 -------- d-----w- C:\Recording- Worship for 2012-07-22 Reiman
.
==================== Find3M ====================
.
2012-07-30 04:41:51 772592 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-30 04:41:50 687600 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-27 13:58:54 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-27 13:58:54 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-05 17:02:30 81920 ----a-w- c:\windows\system32\pdfcmon.dll
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-24 14:48:10 21376 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2004-03-30 05:04:00 49152 ----a-w- c:\program files\common files\tx11_gif.flt
1998-12-09 02:53:54 99840 ----a-w- c:\program files\common files\IRAABOUT.DLL
1998-12-09 02:53:54 70144 ----a-w- c:\program files\common files\IRAMDMTR.DLL
1998-12-09 02:53:54 48640 ----a-w- c:\program files\common files\IRALPTTR.DLL
1998-12-09 02:53:54 31744 ----a-w- c:\program files\common files\IRAWEBTR.DLL
1998-12-09 02:53:54 186368 ----a-w- c:\program files\common files\IRAREG.DLL
1998-12-09 02:53:54 17920 ----a-w- c:\program files\common files\IRASRIAL.DLL
.
============= FINISH: 22:11:48.89 ===============

Attached Files


Edited by nasdaq, 09 August 2012 - 08:31 AM.
Quote box removed


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 AM

Posted 06 August 2012 - 10:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/463501 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 katiemay

katiemay
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 09 August 2012 - 05:10 AM

My orignal reason for listing had to do with a problem of Internet music running when no program was running. Here is the original thread and a summary follows:

http://www.bleepingcomputer.com/forums/topic462445.html/page__p__2780763__hl__katiemay__fromsearch__1#entry2780763

With the help of to_insanity_and_beyond I:
Entered Safe Mode:
Downloaded and ran Rkill- and posted the log
Downloaded and ran TDSKiller and posted the text file
Downloaded and ran aswMBR and posted the log
Updated MBAM and ran it- posted the log

In a second step:
Made the suggested changes to TDSSkiller to Core or Delete and reran
Downloaded MiniToolBox- making suggested selections I ran it & posted result.txt
Downloaded and ran TFC & then rebooted
Downloaded [using Firefox] and ran ESET OnlineScan- posted log
Updated SuperAntiSpyware and ran it
Ran TFC & rebooted
Typed in the dos window: netsh winsock reset-- rebooted

Reran MiniToolBox as instructed- with changes to checkboxes below:
List content of Hosts
List IP configuration
List Winsock Entries
List Installed Programs
Posted Result.txt as instructed

I Reset the HOSTS file- using the automatic option--- went fine

I updated Super Antispyware and ran a scan-- 56 tracking cookies-- all deleted.

Rebooted

Decided to uninstall AVG- and probably a mistake, but decided to start with removing the AVG Toolbar------ Blue Screen Of Death

Uninstalled Java 6x & installed newest version as a download to desktop- rebooted

Uninsalled AVG free 2012- seemed to go well- disconnected machine from Internet & rebooted.

Tried to install Avira Free but it said that Zone Alarm AV Suite needed to be uninstalled-- it doesn't show up in Add/Remove programs and says it needs a manual uninstall. I looked through program files and there is a folder for Zone Labs and inside that one for Zone Alarm and inside that one for cpes_clean [that is all that appears to be in there].

To_Insanity_and_Beyond then directed me to download and run the following:
ZoneAlarm_Removal_Tool
AVG_Remover

Rebooted and began to install Avira Free Antivirus and when it hit the part about Scan for incompatible Software, there was a section titled "The following programs must be manually ininstalled"--- [ZoneAlarm Security Suite Antivirus]. At that point I tried running the ZoneAlarm Removal Tool again and again it seemed to be doing it's thing.

I rebooted and tried installing AVIRA FREE again and got to the same spot- with the same results. HOWEVER, this time I hit the NEXT button and installed AVIRA FREE and it is currently running its initial scan.

I am wondering if there is something leftover in the registry for ZoneAlarm Security Suite Antivirus that needs to be removed manually-- but have no idea, however I do not see any other remnants that would get reported to AVIRA.

If ZoneAlarm Security Suite Antivirus is still hanging around somewhere [thought it was gone long ago], that accounts for my frustrations with how slow this computer seems to be at times [also, the other infections, of course].

It was at this point that I was told to create this thread- and run DeFogger, and run and include log for DDS log and GMER information.

When I ran GMER- it ran for about 75 minutes and all of a sudden a Blue Screen of Death. And memory dump.

Was therefore unable to post a GMER log/txt to post at that time.
Message on screen was:

Stop: 0X0000000A (0XBA645000, 0x00000006, 0x00000001, 0x808EDA9A)
A problem has been detected and windows has been shut down to prevent damage to your computer
Dumping physical memory o disk: complete


NOW============
As noted above, when installing AVIRA FREE, it still says that ZoneAlarm Security Suite Antivirus is still present-- but I installed it anyway pushing <Next> to complete installation.

I noticed today that when trying to do some additional configuration of Avira FREE, it says that it had never run a full scan even though it did one at the time of installation.

The machine still runs slow much of the time-- taking 20 to almost 30 seconds to open Firefox or Thunderbird often [but sometimes only taking 4-5 seconds].

I guess my main concern is that if there are any remnants of ZoneAlarm Security Suite lurking to interact with Avira FREE to slow things down-- or some other cause for frequent slowness.


Logsincluded and or attached=======================
Please note, this time GMER did run---- HOWEVER, pulling this all together I just re-read everything and notice that I missed the part which said to turn off Avira FREE [my anti-virus]--- I am including that log and can re-run if you feel I need to [my apologies]


DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.0
Run by katie at 14:54:26 on 2012-08-08
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1919.1238 [GMT -4:00]
.
AV: ZoneAlarm Security Suite Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
.
============== Running Processes ===============
.
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
c:\program files\a-squared free\a2service.exe
C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
C:\Documents and Settings\Gary\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/firefox
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [OpenDNS Updater] "c:\program files\opendns updater\OpenDNSUpdater.exe" /autostart
uRun: [SansaDispatch] c:\documents and settings\gary\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [POINTER] point32.exe
mRun: [IntelliType] "c:\program files\microsoft hardware\keyboard\type32.exe"
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [FineReader7NewsReaderPro] "c:\program files\abbyy finereader 7.0 professional edition\ABBYYNewsReader.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\microt~1.lnk - c:\program files\microtek\scanwizard 5\ScannerFinder.exe
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-explorer: NoChangeAnimation = 0 (0x0)
uPolicies-explorer: NoDFSTab = 0 (0x0)
uPolicies-explorer: NoFileAssociate = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
uPolicies-system: NoChangeAnimation = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
mPolicies-explorer: NoSMMyPictures = 0 (0x0)
mPolicies-explorer: NoStartMenuMyMusic = 0 (0x0)
mPolicies-explorer: NoCommonGroups = 0 (0x0)
mPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
mPolicies-explorer: HideClock = 0 (0x0)
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204995126250
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204995184312
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{9E2B43CD-87D9-47FB-B00C-92A2302D57B8} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{9E2B43CD-87D9-47FB-B00C-92A2302D57B8} : DhcpNameServer = 192.168.254.254 192.168.254.254
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files\libronix dls\system\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files\libronix dls\system\ResProt.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.1.5\ViProtocol.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 relog_ap
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\gary\application data\mozilla\firefox\profiles\rh8j4f3p.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B28d4719a-96de-4b50-91e0-0268b5b37ee7%7D&mid=399b852e134b47d1a54fd154d4cc8e3f-06ce4fc639803a2e3563922518183d8e94088cb9&ds=pp016&v=12.1.0.21&lang=en&pr=sa&d=2012-07-27%2009%3A15%3A39&sap=ku&q=
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\12.1.5\npsitesafety.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\qt lite\plugins\npqtplugin.dll
FF - plugin: c:\program files\qt lite\plugins\npqtplugin2.dll
FF - plugin: c:\program files\qt lite\plugins\npqtplugin3.dll
FF - plugin: c:\program files\qt lite\plugins\npqtplugin4.dll
FF - plugin: c:\program files\qt lite\plugins\npqtplugin5.dll
FF - plugin: c:\program files\qt lite\plugins\npqtplugin6.dll
FF - plugin: c:\program files\qt lite\plugins\npqtplugin7.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2010-4-7 40560]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-7-27 27496]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-7-30 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2008-3-8 1858144]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\adobe\elements 9 organizer\PhotoshopElementsFileAgent.exe [2010-9-6 169408]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-6-7 913792]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-7-30 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-7-30 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-7-30 83392]
R2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;c:\program files\common files\avg secure search\vtoolbarupdater\12.1.5\ToolbarUpdater.exe [2012-7-27 830048]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2008-12-16 131664]
R3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2010-6-7 91728]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys --> c:\windows\system32\drivers\avgidshx.sys [?]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-2 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-13 250056]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys --> c:\windows\system32\drivers\avgidsshimx.sys [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\owner\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\owner\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 CSQ200;CSQ driver;c:\windows\system32\drivers\CSQ200.sys [2003-9-25 18816]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-10-26 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-10-26 8456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-2 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 113120]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 14904]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-5-4 91472]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\vboxnetflt.sys --> c:\windows\system32\drivers\VBoxNetFlt.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-31 03:37:43 -------- d-----w- c:\documents and settings\gary\application data\Avira
2012-07-31 03:29:34 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-07-31 03:29:30 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-07-31 03:29:26 -------- d-----w- c:\program files\Avira
2012-07-31 03:29:26 -------- d-----w- c:\documents and settings\all users\application data\Avira
2012-07-31 01:09:16 -------- d-----w- c:\program files\CheckPoint
2012-07-31 01:09:11 -------- d-----w- c:\documents and settings\all users\application data\CheckPoint
2012-07-30 13:28:12 -------- d-----w- c:\documents and settings\gary\application data\AVG2012
2012-07-30 13:19:04 -------- d--h--w- C:\$AVG
2012-07-30 13:19:04 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2012-07-30 05:01:48 -------- d-----w- c:\documents and settings\gary\local settings\application data\Sun
2012-07-30 04:43:16 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-27 13:16:12 -------- d-----w- c:\program files\hpmonitor
2012-07-27 13:15:36 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-07-27 13:15:25 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-07-27 13:11:32 -------- d-----w- c:\documents and settings\gary\application data\pdfforge
2012-07-27 13:11:16 -------- d-----w- c:\program files\PDFCreator
2012-07-26 19:09:14 -------- d-----w- c:\program files\ESET
2012-07-26 13:03:26 -------- d-----w- C:\TDSSKiller_Quarantine
.
==================== Find3M ====================
.
2012-08-03 04:58:28 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 04:58:27 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-30 04:41:51 772592 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-30 04:41:50 687600 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-05 17:02:30 81920 ----a-w- c:\windows\system32\pdfcmon.dll
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-24 14:48:10 21376 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
2004-03-30 05:04:00 49152 ----a-w- c:\program files\common files\tx11_gif.flt
1998-12-09 02:53:54 99840 ----a-w- c:\program files\common files\IRAABOUT.DLL
1998-12-09 02:53:54 70144 ----a-w- c:\program files\common files\IRAMDMTR.DLL
1998-12-09 02:53:54 48640 ----a-w- c:\program files\common files\IRALPTTR.DLL
1998-12-09 02:53:54 31744 ----a-w- c:\program files\common files\IRAWEBTR.DLL
1998-12-09 02:53:54 186368 ----a-w- c:\program files\common files\IRAREG.DLL
1998-12-09 02:53:54 17920 ----a-w- c:\program files\common files\IRASRIAL.DLL
.
============= FINISH: 14:54:58.20 ===============



This time GMER was able to be run and is attached along with the Attach.txt file from DDS


Thank you for looking at my material and hope my error in not turning off Avira does not waste your time

katie

Attached Files


Edited by nasdaq, 09 August 2012 - 08:35 AM.
Quote box removed.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,762 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:21 AM

Posted 09 August 2012 - 08:43 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Your GMER log shows a ZeroAccess infection.
Lets start with these two scan.
Execute the in the order listed.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#5 katiemay

katiemay
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 09 August 2012 - 06:40 PM

Thank you for taking the time to review my logs.

I followed the process as outlined [thank you for the suggestion of printing it out to help follow steps]

19:07:36.0390 1908 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:07:36.0921 1908 ============================================================
19:07:36.0921 1908 Current date / time: 2012/08/09 19:07:36.0921
19:07:36.0921 1908 SystemInfo:
19:07:36.0921 1908
19:07:36.0921 1908 OS Version: 5.1.2600 ServicePack: 3.0
19:07:36.0921 1908 Product type: Workstation
19:07:36.0921 1908 ComputerName: COLEMAN200
19:07:36.0921 1908 UserName: Gary
19:07:36.0921 1908 Windows directory: C:\WINDOWS
19:07:36.0921 1908 System windows directory: C:\WINDOWS
19:07:36.0921 1908 Processor architecture: Intel x86
19:07:36.0921 1908 Number of processors: 2
19:07:36.0921 1908 Page size: 0x1000
19:07:36.0921 1908 Boot type: Normal boot
19:07:36.0921 1908 ============================================================
19:07:40.0312 1908 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:07:40.0328 1908 ============================================================
19:07:40.0328 1908 \Device\Harddisk0\DR0:
19:07:40.0328 1908 MBR partitions:
19:07:40.0328 1908 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
19:07:40.0328 1908 ============================================================
19:07:40.0421 1908 C: <-> \Device\Harddisk0\DR0\Partition0
19:07:40.0421 1908 ============================================================
19:07:40.0421 1908 Initialize success
19:07:40.0421 1908 ============================================================
19:07:47.0609 2788 ============================================================
19:07:47.0609 2788 Scan started
19:07:47.0609 2788 Mode: Manual;
19:07:47.0609 2788 ============================================================
19:07:47.0953 2788 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
19:07:48.0031 2788 !SASCORE - ok
19:07:49.0343 2788 a2free (0adfa052c927f2a214133e4df2ef5ab0) c:\program files\a-squared free\a2service.exe
19:07:50.0468 2788 a2free - ok
19:07:50.0968 2788 Abiosdsk - ok
19:07:50.0968 2788 abp480n5 - ok
19:07:51.0125 2788 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:07:51.0125 2788 ACPI - ok
19:07:51.0171 2788 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:07:51.0171 2788 ACPIEC - ok
19:07:51.0515 2788 AcrSch2Svc (3fc5cc29583196a64185f50448c2f45a) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
19:07:51.0781 2788 AcrSch2Svc - ok
19:07:52.0015 2788 AdobeActiveFileMonitor9.0 (c004f38974f4d321b4c20a240e1175c0) C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
19:07:52.0125 2788 AdobeActiveFileMonitor9.0 - ok
19:07:52.0390 2788 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:07:52.0406 2788 AdobeFlashPlayerUpdateSvc - ok
19:07:52.0406 2788 adpu160m - ok
19:07:53.0093 2788 AdvancedSystemCareService5 (96d6cdd0b32846e8cfbe592f4f32e608) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
19:07:53.0656 2788 AdvancedSystemCareService5 - ok
19:07:53.0812 2788 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:07:53.0906 2788 aec - ok
19:07:54.0031 2788 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:07:54.0031 2788 AFD - ok
19:07:54.0031 2788 Aha154x - ok
19:07:54.0031 2788 aic78u2 - ok
19:07:54.0046 2788 aic78xx - ok
19:07:54.0093 2788 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
19:07:54.0109 2788 Alerter - ok
19:07:54.0156 2788 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
19:07:54.0187 2788 ALG - ok
19:07:54.0187 2788 AliIde - ok
19:07:54.0281 2788 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
19:07:54.0312 2788 AmdK8 - ok
19:07:54.0375 2788 AmdLLD (e7314d43cd2be981d8bc4826b50eaf05) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
19:07:54.0406 2788 AmdLLD - ok
19:07:54.0406 2788 amsint - ok
19:07:54.0781 2788 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:07:54.0781 2788 AntiVirSchedulerService - ok
19:07:54.0890 2788 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:07:54.0890 2788 AntiVirService - ok
19:07:54.0906 2788 AppMgmt - ok
19:07:54.0984 2788 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:07:55.0015 2788 Arp1394 - ok
19:07:55.0031 2788 asc - ok
19:07:55.0031 2788 asc3350p - ok
19:07:55.0046 2788 asc3550 - ok
19:07:55.0062 2788 ASPI32 - ok
19:07:55.0281 2788 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:07:55.0406 2788 aspnet_state - ok
19:07:55.0437 2788 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:07:55.0453 2788 AsyncMac - ok
19:07:55.0546 2788 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:07:55.0546 2788 atapi - ok
19:07:55.0546 2788 Atdisk - ok
19:07:55.0875 2788 Ati HotKey Poller (980b9d7e4f10bcb244cc29e79444ccdb) C:\WINDOWS\system32\Ati2evxx.exe
19:07:56.0140 2788 Ati HotKey Poller - ok
19:07:57.0421 2788 ati2mtag (2af4468ef3c960b9036a279b99d5840d) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:07:58.0593 2788 ati2mtag - ok
19:07:59.0171 2788 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:07:59.0203 2788 Atmarpc - ok
19:07:59.0265 2788 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
19:07:59.0296 2788 AudioSrv - ok
19:07:59.0359 2788 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:07:59.0375 2788 audstub - ok
19:07:59.0375 2788 AVGIDSHX - ok
19:07:59.0375 2788 AVGIDSShim - ok
19:07:59.0500 2788 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
19:07:59.0500 2788 avgntflt - ok
19:07:59.0578 2788 avgtp (684de9d6e62bfb177aabed3c62fdeab3) C:\WINDOWS\system32\drivers\avgtpx86.sys
19:07:59.0593 2788 avgtp - ok
19:07:59.0703 2788 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
19:07:59.0796 2788 avipbb - ok
19:07:59.0843 2788 avkmgr (53e56450da16a1a7f0d002f511113f67) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
19:07:59.0875 2788 avkmgr - ok
19:07:59.0937 2788 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
19:07:59.0937 2788 BANTExt - ok
19:08:00.0000 2788 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:08:00.0015 2788 Beep - ok
19:08:00.0281 2788 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
19:08:00.0531 2788 BITS - ok
19:08:00.0625 2788 Brother XP spl Service (34f2f5b6a6d28b8fb872dfd57c5323ac) C:\WINDOWS\system32\brsvc01a.exe
19:08:00.0671 2788 Brother XP spl Service - ok
19:08:00.0781 2788 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
19:08:00.0828 2788 Browser - ok
19:08:00.0875 2788 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys
19:08:00.0890 2788 BrPar - ok
19:08:00.0921 2788 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:08:00.0937 2788 cbidf2k - ok
19:08:00.0984 2788 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:08:01.0000 2788 CCDECODE - ok
19:08:01.0000 2788 cd20xrnt - ok
19:08:01.0062 2788 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:08:01.0078 2788 Cdaudio - ok
19:08:01.0125 2788 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:08:01.0125 2788 Cdfs - ok
19:08:01.0203 2788 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:08:01.0250 2788 Cdrom - ok
19:08:01.0250 2788 Changer - ok
19:08:01.0296 2788 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
19:08:01.0312 2788 CiSvc - ok
19:08:01.0359 2788 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
19:08:01.0390 2788 ClipSrv - ok
19:08:01.0609 2788 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:08:01.0750 2788 clr_optimization_v2.0.50727_32 - ok
19:08:01.0906 2788 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:08:02.0000 2788 clr_optimization_v4.0.30319_32 - ok
19:08:02.0015 2788 CmdIde - ok
19:08:02.0015 2788 COMSysApp - ok
19:08:02.0031 2788 Cpqarray - ok
19:08:02.0218 2788 cpuz130 - ok
19:08:02.0296 2788 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
19:08:02.0343 2788 CryptSvc - ok
19:08:02.0406 2788 CSQ200 (1dfa19bf74a80a0a008f4921e6ee6519) C:\WINDOWS\system32\Drivers\CSQ200.sys
19:08:02.0421 2788 CSQ200 - ok
19:08:02.0421 2788 dac2w2k - ok
19:08:02.0437 2788 dac960nt - ok
19:08:02.0734 2788 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
19:08:02.0750 2788 DcomLaunch - ok
19:08:02.0843 2788 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
19:08:02.0921 2788 Dhcp - ok
19:08:02.0953 2788 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:08:02.0953 2788 Disk - ok
19:08:02.0953 2788 dmadmin - ok
19:08:03.0484 2788 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:08:04.0000 2788 dmboot - ok
19:08:04.0093 2788 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:08:04.0187 2788 dmio - ok
19:08:04.0234 2788 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:08:04.0234 2788 dmload - ok
19:08:04.0296 2788 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
19:08:04.0312 2788 dmserver - ok
19:08:04.0359 2788 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:08:04.0406 2788 DMusic - ok
19:08:04.0453 2788 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
19:08:04.0453 2788 Dnscache - ok
19:08:04.0578 2788 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
19:08:04.0656 2788 Dot3svc - ok
19:08:04.0671 2788 dpti2o - ok
19:08:04.0734 2788 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:08:04.0734 2788 drmkaud - ok
19:08:04.0796 2788 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
19:08:04.0828 2788 EapHost - ok
19:08:04.0875 2788 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys
19:08:04.0890 2788 epmntdrv - ok
19:08:04.0953 2788 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
19:08:04.0968 2788 ERSvc - ok
19:08:05.0031 2788 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys
19:08:05.0031 2788 EuGdiDrv - ok
19:08:05.0140 2788 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:08:05.0156 2788 Eventlog - ok
19:08:05.0328 2788 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
19:08:05.0359 2788 EventSystem - ok
19:08:05.0468 2788 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:08:05.0562 2788 Fastfat - ok
19:08:05.0718 2788 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:08:05.0734 2788 FastUserSwitchingCompatibility - ok
19:08:05.0781 2788 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:08:05.0796 2788 Fdc - ok
19:08:05.0859 2788 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
19:08:05.0890 2788 FilterService - ok
19:08:05.0937 2788 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:08:05.0968 2788 Fips - ok
19:08:06.0015 2788 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:08:06.0031 2788 Flpydisk - ok
19:08:06.0156 2788 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:08:06.0156 2788 FltMgr - ok
19:08:06.0375 2788 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:08:06.0406 2788 FontCache3.0.0.0 - ok
19:08:06.0453 2788 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:08:06.0468 2788 Fs_Rec - ok
19:08:06.0578 2788 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:08:06.0578 2788 Ftdisk - ok
19:08:06.0593 2788 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
19:08:06.0593 2788 giveio - ok
19:08:06.0609 2788 GMSIPCI - ok
19:08:06.0671 2788 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:08:06.0718 2788 Gpc - ok
19:08:06.0968 2788 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:08:06.0984 2788 gupdate - ok
19:08:06.0984 2788 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:08:06.0984 2788 gupdatem - ok
19:08:07.0093 2788 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:08:07.0187 2788 gusvc - ok
19:08:07.0328 2788 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:08:07.0421 2788 HDAudBus - ok
19:08:07.0562 2788 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:08:07.0593 2788 helpsvc - ok
19:08:07.0593 2788 HidServ - ok
19:08:07.0625 2788 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:08:07.0640 2788 hidusb - ok
19:08:07.0765 2788 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
19:08:07.0812 2788 hkmsvc - ok
19:08:07.0875 2788 hotcore3 (5d7b322ade369be5f617dcbcd2ca5b9a) C:\WINDOWS\system32\DRIVERS\hotcore3.sys
19:08:07.0890 2788 hotcore3 - ok
19:08:07.0890 2788 hpn - ok
19:08:08.0125 2788 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:08:08.0140 2788 HTTP - ok
19:08:08.0203 2788 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
19:08:08.0218 2788 HTTPFilter - ok
19:08:08.0218 2788 i2omgmt - ok
19:08:08.0234 2788 i2omp - ok
19:08:08.0281 2788 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:08:08.0328 2788 i8042prt - ok
19:08:08.0984 2788 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:08:09.0531 2788 idsvc - ok
19:08:09.0593 2788 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:08:09.0625 2788 Imapi - ok
19:08:09.0765 2788 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
19:08:09.0859 2788 ImapiService - ok
19:08:09.0875 2788 ini910u - ok
19:08:12.0625 2788 IntcAzAudAddService (cdfd5a68a2e1caa89c5c0e0b3cb98731) C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:08:15.0000 2788 IntcAzAudAddService - ok
19:08:15.0484 2788 IntelIde - ok
19:08:15.0546 2788 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:08:15.0578 2788 Ip6Fw - ok
19:08:15.0625 2788 IPFilter (9ea02e03ed52d25551a6e46cf3b94b01) C:\WINDOWS\system32\DRIVERS\IPFilter.sys
19:08:15.0640 2788 IPFilter - ok
19:08:15.0718 2788 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:08:15.0734 2788 IpFilterDriver - ok
19:08:15.0796 2788 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:08:15.0812 2788 IpInIp - ok
19:08:15.0937 2788 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:08:16.0031 2788 IpNat - ok
19:08:16.0125 2788 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:08:16.0171 2788 IPSec - ok
19:08:16.0218 2788 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:08:16.0218 2788 IRENUM - ok
19:08:16.0281 2788 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:08:16.0281 2788 isapnp - ok
19:08:16.0546 2788 JavaQuickStarterService (bc0feada7a5a69787c70b03ebc51b582) C:\Program Files\Java\jre7\bin\jqs.exe
19:08:16.0562 2788 JavaQuickStarterService - ok
19:08:16.0609 2788 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:08:16.0625 2788 Kbdclass - ok
19:08:16.0781 2788 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:08:16.0890 2788 kmixer - ok
19:08:17.0000 2788 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:08:17.0000 2788 KSecDD - ok
19:08:17.0125 2788 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
19:08:17.0125 2788 lanmanserver - ok
19:08:17.0250 2788 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
19:08:17.0250 2788 lanmanworkstation - ok
19:08:17.0265 2788 Lbd - ok
19:08:17.0265 2788 lbrtfdc - ok
19:08:17.0406 2788 LightScribeService (31d8b705dcd5f2366186e731f87c7a71) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
19:08:17.0453 2788 LightScribeService - ok
19:08:17.0515 2788 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
19:08:17.0531 2788 LmHosts - ok
19:08:17.0640 2788 lvpopflt (9fb982de1c8dd769f8ed681dd878b12f) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
19:08:17.0718 2788 lvpopflt - ok
19:08:17.0796 2788 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
19:08:17.0812 2788 LVPr2Mon - ok
19:08:18.0000 2788 LVPrcSrv (0ddfdcaa92c7f553328db06ba599bea9) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
19:08:18.0109 2788 LVPrcSrv - ok
19:08:18.0281 2788 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys
19:08:18.0437 2788 LVRS - ok
19:08:18.0500 2788 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys
19:08:18.0515 2788 LVUSBSta - ok
19:08:22.0765 2788 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
19:08:26.0953 2788 LVUVC - ok
19:08:27.0437 2788 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
19:08:27.0468 2788 Messenger - ok
19:08:27.0562 2788 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:08:27.0562 2788 mnmdd - ok
19:08:27.0625 2788 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
19:08:27.0656 2788 mnmsrvc - ok
19:08:27.0703 2788 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:08:27.0734 2788 Modem - ok
19:08:27.0781 2788 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:08:27.0796 2788 Mouclass - ok
19:08:27.0859 2788 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:08:27.0859 2788 mouhid - ok
19:08:27.0937 2788 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:08:27.0937 2788 MountMgr - ok
19:08:28.0078 2788 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:08:28.0156 2788 MozillaMaintenance - ok
19:08:28.0156 2788 mraid35x - ok
19:08:28.0296 2788 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:08:28.0421 2788 MRxDAV - ok
19:08:28.0718 2788 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:08:28.0796 2788 MRxSmb - ok
19:08:28.0812 2788 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
19:08:28.0828 2788 MSDTC - ok
19:08:28.0875 2788 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:08:28.0875 2788 Msfs - ok
19:08:28.0875 2788 MSIServer - ok
19:08:28.0921 2788 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:08:28.0921 2788 MSKSSRV - ok
19:08:28.0937 2788 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:08:28.0937 2788 MSPCLOCK - ok
19:08:28.0953 2788 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:08:28.0968 2788 MSPQM - ok
19:08:29.0015 2788 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:08:29.0031 2788 mssmbios - ok
19:08:29.0078 2788 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:08:29.0093 2788 MSTEE - ok
19:08:29.0203 2788 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:08:29.0203 2788 Mup - ok
19:08:29.0281 2788 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:08:29.0328 2788 NABTSFEC - ok
19:08:29.0546 2788 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
19:08:29.0734 2788 napagent - ok
19:08:30.0390 2788 NBService (3bae2bfcb6d69e19c8373f635dd544dc) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
19:08:30.0875 2788 NBService - ok
19:08:31.0015 2788 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:08:31.0015 2788 NDIS - ok
19:08:31.0062 2788 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:08:31.0062 2788 NdisIP - ok
19:08:31.0125 2788 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:08:31.0125 2788 NdisTapi - ok
19:08:31.0140 2788 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:08:31.0156 2788 Ndisuio - ok
19:08:31.0218 2788 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:08:31.0281 2788 NdisWan - ok
19:08:31.0359 2788 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:08:31.0359 2788 NDProxy - ok
19:08:31.0421 2788 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:08:31.0421 2788 NetBIOS - ok
19:08:31.0531 2788 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:08:31.0640 2788 NetBT - ok
19:08:31.0750 2788 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:08:31.0828 2788 NetDDE - ok
19:08:31.0828 2788 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:08:31.0828 2788 NetDDEdsdm - ok
19:08:31.0859 2788 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:08:31.0875 2788 Netlogon - ok
19:08:32.0031 2788 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
19:08:32.0156 2788 Netman - ok
19:08:32.0359 2788 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:08:32.0453 2788 NetTcpPortSharing - ok
19:08:32.0515 2788 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:08:32.0562 2788 NIC1394 - ok
19:08:32.0765 2788 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
19:08:32.0781 2788 Nla - ok
19:08:33.0140 2788 NMIndexingService (193fa51dddd0bffded1c340f0434999a) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
19:08:33.0328 2788 NMIndexingService - ok
19:08:33.0390 2788 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:08:33.0390 2788 Npfs - ok
19:08:33.0796 2788 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:08:34.0031 2788 Ntfs - ok
19:08:34.0078 2788 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:08:34.0078 2788 NtLmSsp - ok
19:08:34.0406 2788 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
19:08:34.0671 2788 NtmsSvc - ok
19:08:34.0750 2788 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:08:34.0750 2788 Null - ok
19:08:34.0812 2788 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:08:34.0812 2788 NwlnkFlt - ok
19:08:34.0890 2788 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:08:34.0921 2788 NwlnkFwd - ok
19:08:34.0968 2788 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:08:34.0968 2788 ohci1394 - ok
19:08:35.0015 2788 PalmUSBD (803cf09c795290825607505d37819135) C:\WINDOWS\system32\drivers\PalmUSBD.sys
19:08:35.0046 2788 PalmUSBD - ok
19:08:35.0125 2788 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:08:35.0171 2788 Parport - ok
19:08:35.0187 2788 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:08:35.0203 2788 PartMgr - ok
19:08:35.0250 2788 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:08:35.0250 2788 ParVdm - ok
19:08:35.0312 2788 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:08:35.0312 2788 PCI - ok
19:08:35.0312 2788 PCIDump - ok
19:08:35.0328 2788 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:08:35.0328 2788 PCIIde - ok
19:08:35.0437 2788 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:08:35.0515 2788 Pcmcia - ok
19:08:35.0515 2788 PDCOMP - ok
19:08:35.0515 2788 PDFRAME - ok
19:08:35.0531 2788 PDRELI - ok
19:08:35.0531 2788 PDRFRAME - ok
19:08:35.0546 2788 perc2 - ok
19:08:35.0546 2788 perc2hib - ok
19:08:35.0906 2788 PID_0928 (d2d2fa02b722336960eeae0ae7107891) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
19:08:36.0203 2788 PID_0928 - ok
19:08:36.0296 2788 PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\WINDOWS\system32\IoctlSvc.exe
19:08:36.0359 2788 PLFlash DeviceIoControl Service - ok
19:08:36.0468 2788 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:08:36.0468 2788 PlugPlay - ok
19:08:36.0500 2788 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:08:36.0500 2788 PolicyAgent - ok
19:08:36.0562 2788 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:08:36.0609 2788 PptpMiniport - ok
19:08:36.0640 2788 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
19:08:36.0671 2788 Processor - ok
19:08:36.0671 2788 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:08:36.0671 2788 ProtectedStorage - ok
19:08:36.0718 2788 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:08:36.0765 2788 PSched - ok
19:08:36.0812 2788 PSI (1df21f001f3a94eba4a2950c70cc358f) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
19:08:36.0828 2788 PSI - ok
19:08:36.0859 2788 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:08:36.0875 2788 Ptilink - ok
19:08:36.0937 2788 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:08:36.0937 2788 PxHelp20 - ok
19:08:36.0937 2788 ql1080 - ok
19:08:36.0937 2788 Ql10wnt - ok
19:08:36.0953 2788 ql12160 - ok
19:08:36.0953 2788 ql1240 - ok
19:08:36.0968 2788 ql1280 - ok
19:08:37.0031 2788 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:08:37.0031 2788 RasAcd - ok
19:08:37.0140 2788 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
19:08:37.0203 2788 RasAuto - ok
19:08:37.0265 2788 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:08:37.0296 2788 Rasl2tp - ok
19:08:37.0453 2788 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
19:08:37.0562 2788 RasMan - ok
19:08:37.0593 2788 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:08:37.0625 2788 RasPppoe - ok
19:08:37.0656 2788 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:08:37.0671 2788 Raspti - ok
19:08:37.0812 2788 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:08:37.0812 2788 Rdbss - ok
19:08:37.0828 2788 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:08:37.0843 2788 RDPCDD - ok
19:08:38.0000 2788 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
19:08:38.0000 2788 RDPWD - ok
19:08:38.0109 2788 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
19:08:38.0203 2788 RDSessMgr - ok
19:08:38.0281 2788 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:08:38.0328 2788 redbook - ok
19:08:38.0390 2788 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
19:08:38.0437 2788 RemoteAccess - ok
19:08:38.0500 2788 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
19:08:38.0531 2788 RimVSerPort - ok
19:08:38.0562 2788 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
19:08:38.0562 2788 ROOTMODEM - ok
19:08:38.0640 2788 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
19:08:38.0703 2788 RpcLocator - ok
19:08:39.0000 2788 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
19:08:39.0000 2788 RpcSs - ok
19:08:39.0093 2788 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
19:08:39.0171 2788 RSVP - ok
19:08:41.0484 2788 RTHDMIAzAudService (220591905257fcaea87a9590a357c014) C:\WINDOWS\system32\drivers\RtHDMI.sys
19:08:43.0859 2788 RTHDMIAzAudService - ok
19:08:44.0500 2788 RTLE8023xp (bb0ae2171f08129f4f3ff9df20ffbf89) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
19:08:44.0546 2788 RTLE8023xp - ok
19:08:44.0593 2788 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:08:44.0593 2788 SamSs - ok
19:08:44.0734 2788 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:08:44.0750 2788 SASDIFSV - ok
19:08:44.0796 2788 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:08:44.0859 2788 SASKUTIL - ok
19:08:44.0953 2788 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
19:08:45.0015 2788 SCardSvr - ok
19:08:45.0171 2788 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
19:08:45.0296 2788 Schedule - ok
19:08:45.0359 2788 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:08:45.0375 2788 Secdrv - ok
19:08:45.0437 2788 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
19:08:45.0453 2788 seclogon - ok
19:08:45.0531 2788 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
19:08:45.0562 2788 SENS - ok
19:08:45.0593 2788 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:08:45.0609 2788 serenum - ok
19:08:45.0640 2788 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:08:45.0656 2788 Sfloppy - ok
19:08:45.0906 2788 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
19:08:46.0109 2788 SharedAccess - ok
19:08:46.0234 2788 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:08:46.0234 2788 ShellHWDetection - ok
19:08:46.0234 2788 Simbad - ok
19:08:46.0296 2788 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:08:46.0296 2788 SLIP - ok
19:08:46.0437 2788 snapman (bcc773872041aa59bc9a6cf770fb32e2) C:\WINDOWS\system32\DRIVERS\snapman.sys
19:08:46.0437 2788 snapman - ok
19:08:46.0437 2788 Sparrow - ok
19:08:46.0453 2788 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:08:46.0468 2788 splitter - ok
19:08:46.0546 2788 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
19:08:46.0546 2788 Spooler - ok
19:08:46.0609 2788 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:08:46.0656 2788 sr - ok
19:08:46.0796 2788 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
19:08:46.0906 2788 srservice - ok
19:08:47.0156 2788 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:08:47.0250 2788 Srv - ok
19:08:47.0328 2788 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
19:08:47.0390 2788 sscdbus - ok
19:08:47.0437 2788 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
19:08:47.0453 2788 sscdmdfl - ok
19:08:47.0531 2788 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
19:08:47.0593 2788 sscdmdm - ok
19:08:47.0687 2788 sscdserd (9fa66e361a99f8920c7609bae6814a0e) C:\WINDOWS\system32\DRIVERS\sscdserd.sys
19:08:47.0734 2788 sscdserd - ok
19:08:47.0828 2788 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
19:08:47.0875 2788 SSDPSRV - ok
19:08:47.0953 2788 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
19:08:47.0984 2788 ssmdrv - ok
19:08:48.0234 2788 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
19:08:48.0312 2788 stisvc - ok
19:08:48.0375 2788 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:08:48.0390 2788 streamip - ok
19:08:48.0421 2788 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:08:48.0421 2788 swenum - ok
19:08:48.0515 2788 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:08:48.0546 2788 swmidi - ok
19:08:48.0546 2788 SwPrv - ok
19:08:48.0562 2788 symc810 - ok
19:08:48.0562 2788 symc8xx - ok
19:08:48.0578 2788 sym_hi - ok
19:08:48.0578 2788 sym_u3 - ok
19:08:48.0625 2788 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:08:48.0671 2788 sysaudio - ok
19:08:48.0781 2788 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
19:08:48.0843 2788 SysmonLog - ok
19:08:49.0031 2788 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
19:08:49.0187 2788 TapiSrv - ok
19:08:49.0484 2788 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:08:49.0531 2788 Tcpip - ok
19:08:49.0578 2788 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:08:49.0593 2788 TDPIPE - ok
19:08:49.0859 2788 tdrpman (eb53ec341458256deae2ad58822c4a17) C:\WINDOWS\system32\DRIVERS\tdrpman.sys
19:08:49.0953 2788 tdrpman - ok
19:08:49.0984 2788 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:08:50.0015 2788 TDTCP - ok
19:08:50.0078 2788 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:08:50.0109 2788 TermDD - ok
19:08:50.0312 2788 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
19:08:50.0500 2788 TermService - ok
19:08:50.0625 2788 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:08:50.0625 2788 Themes - ok
19:08:50.0671 2788 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
19:08:50.0671 2788 tifsfilter - ok
19:08:50.0968 2788 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
19:08:51.0093 2788 timounter - ok
19:08:51.0109 2788 TosIde - ok
19:08:51.0250 2788 TotRec7 (53d06e5a0fdd4d9447840fd23c3ff4a6) C:\WINDOWS\system32\drivers\TotRec7.sys
19:08:51.0250 2788 TotRec7 - ok
19:08:51.0359 2788 TotRec8 (9647e89bb2909560753ac371c95d3f0e) C:\WINDOWS\system32\drivers\TotRec8.sys
19:08:51.0421 2788 TotRec8 - ok
19:08:51.0500 2788 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
19:08:51.0562 2788 TrkWks - ok
19:08:51.0953 2788 TryAndDecideService (02c16294d7903fc0c7f2de953126b28a) C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
19:08:52.0265 2788 TryAndDecideService - ok
19:08:52.0359 2788 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:08:52.0390 2788 Udfs - ok
19:08:52.0406 2788 ultra - ok
19:08:52.0656 2788 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:08:52.0890 2788 Update - ok
19:08:53.0031 2788 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
19:08:53.0156 2788 upnphost - ok
19:08:53.0187 2788 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
19:08:53.0203 2788 UPS - ok
19:08:53.0281 2788 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
19:08:53.0328 2788 usbaudio - ok
19:08:53.0390 2788 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:08:53.0406 2788 usbccgp - ok
19:08:53.0468 2788 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:08:53.0484 2788 usbehci - ok
19:08:53.0562 2788 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:08:53.0609 2788 usbhub - ok
19:08:53.0625 2788 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:08:53.0640 2788 usbohci - ok
19:08:53.0703 2788 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:08:53.0718 2788 usbprint - ok
19:08:53.0750 2788 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:08:53.0765 2788 usbscan - ok
19:08:53.0796 2788 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:08:53.0828 2788 USBSTOR - ok
19:08:53.0921 2788 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
19:08:54.0000 2788 usbvideo - ok
19:08:54.0078 2788 VBoxNetAdp (4ef76d8d7505f20dbf54886c01a7a730) C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
19:08:54.0140 2788 VBoxNetAdp - ok
19:08:54.0156 2788 VBoxNetFlt - ok
19:08:54.0171 2788 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:08:54.0187 2788 VgaSave - ok
19:08:54.0187 2788 ViaIde - ok
19:08:54.0265 2788 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:08:54.0265 2788 VolSnap - ok
19:08:54.0515 2788 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
19:08:54.0703 2788 VSS - ok
19:08:55.0296 2788 vToolbarUpdater12.1.5 (3da649c6ec481d8f36b54f33fc01dd1e) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
19:08:55.0812 2788 vToolbarUpdater12.1.5 - ok
19:08:55.0953 2788 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
19:08:56.0062 2788 W32Time - ok
19:08:56.0140 2788 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:08:56.0171 2788 Wanarp - ok
19:08:56.0171 2788 WDICA - ok
19:08:56.0250 2788 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:08:56.0296 2788 wdmaud - ok
19:08:56.0390 2788 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
19:08:56.0437 2788 WebClient - ok
19:08:56.0656 2788 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:08:56.0750 2788 winmgmt - ok
19:08:57.0453 2788 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
19:08:58.0109 2788 WinRM - ok
19:08:58.0187 2788 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
19:08:58.0203 2788 WmdmPmSN - ok
19:08:58.0328 2788 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:08:58.0406 2788 WmiApSrv - ok
19:08:59.0156 2788 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
19:08:59.0734 2788 WMPNetworkSvc - ok
19:08:59.0859 2788 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
19:08:59.0890 2788 WpdUsb - ok
19:09:00.0531 2788 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:09:01.0062 2788 WPFFontCache_v0400 - ok
19:09:01.0125 2788 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:09:01.0156 2788 WSTCODEC - ok
19:09:01.0203 2788 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
19:09:01.0203 2788 wuauserv - ok
19:09:01.0328 2788 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:09:01.0328 2788 WudfPf - ok
19:09:01.0406 2788 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:09:01.0453 2788 WudfRd - ok
19:09:01.0515 2788 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
19:09:01.0562 2788 WudfSvc - ok
19:09:01.0937 2788 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
19:09:02.0234 2788 WZCSVC - ok
19:09:02.0343 2788 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
19:09:02.0421 2788 xmlprov - ok
19:09:02.0468 2788 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:09:03.0000 2788 \Device\Harddisk0\DR0 - ok
19:09:03.0000 2788 Boot (0x1200) (4f482c705f53e6860eea482bdd83f686) \Device\Harddisk0\DR0\Partition0
19:09:03.0000 2788 \Device\Harddisk0\DR0\Partition0 - ok
19:09:03.0000 2788 ============================================================
19:09:03.0000 2788 Scan finished
19:09:03.0000 2788 ============================================================
19:09:03.0015 0348 Detected object count: 0
19:09:03.0015 0348 Actual detected object count: 0



aswMBR.exe log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-09 19:23:44
-----------------------------
19:23:44.796 OS Version: Windows 5.1.2600 Service Pack 3
19:23:44.796 Number of processors: 2 586 0x6B02
19:23:44.796 ComputerName: COLEMAN200 UserName: katie
19:23:51.625 Initialize success
19:24:00.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:24:00.625 Disk 0 Vendor: WDC_WD3200AAJS-00B4A0 01.03A01 Size: 305245MB BusType: 3
19:24:00.625 Disk 0 MBR read successfully
19:24:00.640 Disk 0 MBR scan
19:24:00.640 Disk 0 Windows XP default MBR code
19:24:00.640 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305242 MB offset 63
19:24:00.656 Disk 0 scanning sectors +625137345
19:24:00.781 Disk 0 scanning C:\WINDOWS\system32\drivers
19:24:29.390 Service scanning
19:24:45.296 Service GMSIPCI E:\INSTALL\GMSIPCI.SYS **LOCKED** 21
19:25:19.359 Modules scanning
19:25:41.562 Disk 0 trace - called modules:
19:25:41.578 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
19:25:41.578 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a640ab8]
19:25:42.078 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000072[0x8a5e2f18]
19:25:42.078 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a5e1940]
19:25:42.078 Scan finished successfully
19:26:27.421 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\katie\Desktop\MBR.dat"
19:26:27.437 The log file has been saved successfully to "C:\Documents and Settings\katie\Desktop\aswMBR.txt"



Again, thank you for your help
katie

Attached Files

  • Attached File  MBR.zip   499bytes   0 downloads


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,762 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:21 AM

Posted 10 August 2012 - 07:31 AM

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  • Do not install any other programs until this if fixed.[/b]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know if the problem persists.

#7 katiemay

katiemay
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 10 August 2012 - 09:32 AM

Thank you again for taking your time to help me-- I am sure that reading these logs is tedious, but much appreciated.

Combofix log

ComboFix 12-08-09.01 - katie 08/10/2012 9:27.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1919.1430 [GMT -4:00]
Running from: c:\documents and settings\katie\Desktop\ComboFix.exe
AV: ZoneAlarm Security Suite Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\katie\Start Menu\Programs\AV Protection 2011
c:\documents and settings\Owner\g2ax_customer_downloadhelper_win32_x86.exe
c:\documents and settings\Owner\WINDOWS
C:\install.exe
c:\program files\LP
c:\program files\LP\7CC9\4.tmp
c:\program files\LP\7CC9\76A.tmp
c:\program files\LP\7CC9\76C.tmp
c:\program files\LP\7CC9\A.tmp
c:\windows\$NtUninstallKB16825$
c:\windows\$NtUninstallKB16825$\1349194194\@
c:\windows\$NtUninstallKB16825$\1349194194\bckfg.tmp
c:\windows\$NtUninstallKB16825$\1349194194\cfg.ini
c:\windows\$NtUninstallKB16825$\1349194194\Desktop.ini
c:\windows\$NtUninstallKB16825$\1349194194\keywords
c:\windows\$NtUninstallKB16825$\1349194194\kwrd.dll
c:\windows\$NtUninstallKB16825$\1349194194\L\mnjosiod
c:\windows\$NtUninstallKB16825$\1349194194\lsflt7.ver
c:\windows\$NtUninstallKB16825$\1349194194\U\00000001.@
c:\windows\$NtUninstallKB16825$\1349194194\U\00000002.@
c:\windows\$NtUninstallKB16825$\1349194194\U\00000004.@
c:\windows\$NtUninstallKB16825$\1349194194\U\80000000.@
c:\windows\$NtUninstallKB16825$\1349194194\U\80000004.@
c:\windows\$NtUninstallKB16825$\1349194194\U\80000032.@
c:\windows\$NtUninstallKB16825$\3901553666
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
c:\windows\system32\drivers\Serial.sys was missing
Restored copy from - c:\windows\system32\dllcache\Serial.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))
.
.
2012-08-10 13:45 . 2008-04-14 05:45 64512 ----a-w- c:\windows\system32\drivers\Serial.sys
2012-07-31 03:37 . 2012-07-31 03:37 -------- d-----w- c:\documents and settings\katie\Application Data\Avira
2012-07-31 03:29 . 2012-04-17 01:18 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-07-31 03:29 . 2012-04-27 14:20 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-07-31 03:29 . 2012-04-25 04:32 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-07-31 03:29 . 2012-07-31 03:29 -------- d-----w- c:\program files\Avira
2012-07-31 03:29 . 2012-07-31 03:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2012-07-31 01:09 . 2012-07-31 03:18 -------- d-----w- c:\program files\CheckPoint
2012-07-31 01:09 . 2012-07-31 03:18 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint
2012-07-30 13:28 . 2012-07-30 13:28 -------- d-----w- c:\documents and settings\katie\Application Data\AVG2012
2012-07-30 13:19 . 2012-07-31 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-07-30 13:19 . 2012-07-30 13:19 -------- d-----w- C:\$AVG
2012-07-30 05:01 . 2012-07-30 05:01 -------- d-----w- c:\documents and settings\katie\Local Settings\Application Data\Sun
2012-07-30 04:43 . 2012-07-30 04:41 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-27 13:16 . 2012-07-28 03:14 -------- d-----w- c:\program files\hpmonitor
2012-07-27 13:15 . 2012-07-27 13:15 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-07-27 13:15 . 2012-07-27 13:15 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-07-27 13:11 . 2012-07-27 13:11 -------- d-----w- c:\documents and settings\katie\Application Data\pdfforge
2012-07-27 13:11 . 2012-07-27 13:12 -------- d-----w- c:\program files\PDFCreator
2012-07-26 19:09 . 2012-07-26 19:09 -------- d-----w- c:\program files\ESET
2012-07-26 13:03 . 2012-07-26 13:03 -------- d-----w- C:\TDSSKiller_Quarantine
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 04:58 . 2012-04-13 22:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 04:58 . 2011-05-24 12:04 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-30 04:41 . 2012-05-12 18:59 772592 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-30 04:41 . 2010-04-25 19:08 687600 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-05 17:02 . 2012-03-19 20:48 81920 ----a-w- c:\windows\system32\pdfcmon.dll
2012-07-03 17:46 . 2010-02-23 03:39 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19 . 2006-02-28 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-08-30 00:06 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2006-02-28 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2006-02-28 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2009-08-07 00:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2009-08-07 00:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2008-02-11 16:49 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2008-02-11 16:49 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2008-02-11 16:49 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2009-08-07 00:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2008-03-08 16:52 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2008-02-11 16:49 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2008-02-11 16:49 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2006-02-28 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2009-08-07 00:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2008-02-11 16:49 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2008-02-11 16:49 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2008-03-08 16:53 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2008-03-08 16:53 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 19:18 . 2007-07-31 00:18 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-24 14:48 . 2012-06-08 12:44 21376 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-05-16 15:08 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2004-03-30 05:04 . 2004-03-30 05:04 49152 ----a-w- c:\program files\Common Files\tx11_gif.flt
1998-12-09 02:53 . 1998-12-09 02:53 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 . 1998-12-09 02:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
1998-12-09 02:53 . 1998-12-09 02:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
2012-07-27 17:45 . 2012-06-07 03:20 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\katie\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\katie\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\katie\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\katie\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OpenDNS Updater"="c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
"SansaDispatch"="c:\documents and settings\katie\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2012-03-19 79872]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
"IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-31 2595616]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-31 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-31 140568]
"FineReader7NewsReaderPro"="c:\program files\ABBYY FineReader 7.0 Professional Edition\ABBYYNewsReader.exe" [2004-03-11 290816]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-4-19 1199104]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microtek Scanner Finder.lnk - c:\program files\Microtek\ScanWizard 5\ScannerFinder.exe [2008-3-17 344064]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoChangeAnimation"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-09-26 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave"=DrvTrNTm.dll
"mixer"=DrvTrNTm.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Secunia PSI.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Secunia PSI.lnk
backup=c:\windows\pss\Secunia PSI.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-04-19 17:26 484904 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TryAndDecideService"=2 (0x2)
"AcrSch2Svc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\katie\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [4/7/2010 10:51 AM 40560]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [7/27/2012 9:15 AM 27496]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [7/30/2012 11:29 PM 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 2:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 1:48 PM 116608]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [3/8/2008 12:02 PM 1858144]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [9/6/2010 3:19 AM 169408]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [6/7/2012 8:59 PM 913792]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/30/2012 11:29 PM 86224]
R2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [7/27/2012 9:15 AM 830048]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [12/16/2008 8:55 AM 131664]
R3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [6/7/2010 4:26 PM 91728]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys --> c:\windows\system32\DRIVERS\avgidshx.sys [?]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/2/2010 3:55 PM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/13/2012 6:52 PM 250056]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys --> c:\windows\system32\DRIVERS\avgidsshimx.sys [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\Owner\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Owner\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 CSQ200;CSQ driver;c:\windows\system32\drivers\CSQ200.sys [9/25/2003 2:16 PM 18816]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [10/26/2010 8:05 AM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [10/26/2010 8:05 AM 8456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/2/2010 3:55 PM 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/3/2012 5:54 AM 113120]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [7/7/2010 10:05 AM 14904]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [5/4/2009 11:52 PM 91472]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 17:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 04:58]
.
2012-08-10 c:\windows\Tasks\AdobeAAMUpdater-1.0-COLEMAN200-Owner.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-29 06:25]
.
2012-08-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-02 19:54]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-02 19:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/firefox
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{9E2B43CD-87D9-47FB-B00C-92A2302D57B8}: NameServer = 208.67.222.222,208.67.220.220
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\katie\Application Data\Mozilla\Firefox\Profiles\rh8j4f3p.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B28d4719a-96de-4b50-91e0-0268b5b37ee7%7D&mid=399b852e134b47d1a54fd154d4cc8e3f-06ce4fc639803a2e3563922518183d8e94088cb9&ds=pp016&v=12.1.0.21&lang=en&pr=sa&d=2012-07-27%2009%3A15%3A39&sap=ku&q=
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-POINTER - point32.exe
MSConfigStartUp-WinCalendarTime - c:\downloads\Clock calenday\WinCalendarTime.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-10 09:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\documents and settings\katie\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?e?l?o?a?d?(?t?r?u?e?)?;???>?'?]?.?l?o?c?a?t?i?o?n?.?r?e?l?o?a?d?(?t?r?u?e?)?;???H?|?@^|?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(936)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\WLDAP32.dll
.
- - - - - - - > 'lsass.exe'(992)
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(5616)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\documents and settings\katie\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\brss01a.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Microsoft Hardware\Mouse\point32.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2012-08-10 10:09:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-10 14:09
.
Pre-Run: 143,122,518,016 bytes free
Post-Run: 143,099,490,304 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 6EFB4580D5B353E4A59F112B3E3FEF72



Security Check Log
Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Free Antivirus
ESET Online Scanner v3
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Secunia PSI
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
Java™ 7 Update 5
Adobe Flash Player 11.3.300.270
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
Mozilla Thunderbird (14.0.)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 3%
````````````````````End of Log``````````````````````

One thing I noticed:
Avira seems to be working- however, when I opened Avira, it still says I have not done the initial scan-- even though I did it when the program was installed the other day [changed from AVG to Avira]--- and I did it Wednesday after reading that the initial scan was not listed???

Anyway, thought that was strange-- might be related to Avira saying that ZoneAlarm Security Suite was still installed and my going ahead with installing Avira anyway?

katie

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,762 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:21 AM

Posted 10 August 2012 - 10:42 AM

This is the only remnant item that ZoneAlarm left behind.
AV: ZoneAlarm Security Suite Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
The following ComboFix will remove it.

===

Open notepad and copy/paste the text in the quote box below into it:

SecCenter::
{5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}


Save this as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

Let me know if Avira can finish the initial scan.

#9 katiemay

katiemay
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 10 August 2012 - 06:42 PM

Thought we were just about done-- but what happened was not what I expected.

I created the CFScript.txt as directed and dragged it from my desktop according to the diagram into ComboFix. It seemed to be going fine. Let it run and when it rebooted the computer and started another scan I went to dinner.

The log file was on the screen when I returned--- [see at end of this post].

The following Security Alert popped up--- [apparently when ComboFix rebooted, it turned on Avira FREE and the Realtime Protection mode].

A virus or unwanted program
"TR/Trash.Gen"
was found in file
C:\Windows\temp\logishrd\LVPrinj01.dll
Access to this file was denied
Please select a further action:
<Remove> <Details>


Not wanting to change anything without checking with you I closed the message and attempted to save "log.txt" to desktop and the alert kept popping up- but the file was saved.

Eventually it started running and "cleared the system" [as it said]. took a minute or so.


I then downloaded Adobe Reader from the link you gave me and installed it. Alert would periodically pop up, but I would dismiss it-- eventually realizing the reboot may have turned the Realtime Protection back on, so turned it off while Adobe Reader installed.

I then went to <Add-Remove Programs> in Control Panel & tried to uninstall old version of Adobe Reader. None were listed----- only the following:
Spelling Dictionary for Adobe Reader 8--- I left it alone until I hear from you as I didn't know if it was still being used by the newly installed version.

I then tried running a scan with Avira FREE--- the same Message kept coming up, but since I was doing an Avira scan, I figured I probably should <Remove> the threat. It was then that things really got confusing--- a little bar came up saying it was "scanning the system"--- and it appeared to be doing just that and would go to 100%---- and a new alert would pop up and it seemed like I was running in circles. Alert--- Scanning---- Alert---- Scanning----- but never really progressing.

I eventually stopped that scan and decided to send you my log and an account of what I was experiencing.

ComboFix 12-08-09.01 - katie 08/10/2012 16:54:25.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1919.1259 [GMT -4:00]
Running from: c:\documents and settings\katie\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\katie\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))
.
.
2012-08-10 13:45 . 2008-04-14 05:45 64512 -c--a-w- c:\windows\system32\dllcache\serial.sys
2012-08-10 13:45 . 2008-04-14 05:45 64512 ----a-w- c:\windows\system32\drivers\Serial.sys
2012-07-31 03:37 . 2012-07-31 03:37 -------- d-----w- c:\documents and settings\katie\Application Data\Avira
2012-07-31 03:29 . 2012-04-17 01:18 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-07-31 03:29 . 2012-04-27 14:20 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-07-31 03:29 . 2012-04-25 04:32 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-07-31 03:29 . 2012-07-31 03:29 -------- d-----w- c:\program files\Avira
2012-07-31 03:29 . 2012-07-31 03:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2012-07-31 01:09 . 2012-07-31 03:18 -------- d-----w- c:\program files\CheckPoint
2012-07-31 01:09 . 2012-07-31 03:18 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint
2012-07-30 13:28 . 2012-07-30 13:28 -------- d-----w- c:\documents and settings\katie\Application Data\AVG2012
2012-07-30 13:19 . 2012-07-31 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-07-30 13:19 . 2012-07-30 13:19 -------- d-----w- C:\$AVG
2012-07-30 05:01 . 2012-07-30 05:01 -------- d-----w- c:\documents and settings\katie\Local Settings\Application Data\Sun
2012-07-30 04:43 . 2012-07-30 04:41 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-27 13:16 . 2012-07-28 03:14 -------- d-----w- c:\program files\hpmonitor
2012-07-27 13:15 . 2012-07-27 13:15 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-07-27 13:15 . 2012-07-27 13:15 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-07-27 13:11 . 2012-07-27 13:11 -------- d-----w- c:\documents and settings\katie\Application Data\pdfforge
2012-07-27 13:11 . 2012-07-27 13:12 -------- d-----w- c:\program files\PDFCreator
2012-07-26 19:09 . 2012-07-26 19:09 -------- d-----w- c:\program files\ESET
2012-07-26 13:03 . 2012-07-26 13:03 -------- d-----w- C:\TDSSKiller_Quarantine
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 04:58 . 2012-04-13 22:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 04:58 . 2011-05-24 12:04 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-30 04:41 . 2012-05-12 18:59 772592 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-30 04:41 . 2010-04-25 19:08 687600 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-05 17:02 . 2012-03-19 20:48 81920 ----a-w- c:\windows\system32\pdfcmon.dll
2012-07-03 17:46 . 2010-02-23 03:39 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19 . 2006-02-28 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-08-30 00:06 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2006-02-28 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2006-02-28 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2009-08-07 00:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2009-08-07 00:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2008-02-11 16:49 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2008-02-11 16:49 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2008-02-11 16:49 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2009-08-07 00:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2008-03-08 16:52 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2008-02-11 16:49 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2008-02-11 16:49 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2006-02-28 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2009-08-07 00:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2008-02-11 16:49 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2008-02-11 16:49 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2008-03-08 16:53 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2008-03-08 16:53 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 19:18 . 2007-07-31 00:18 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-24 14:48 . 2012-06-08 12:44 21376 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-05-16 15:08 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2004-03-30 05:04 . 2004-03-30 05:04 49152 ----a-w- c:\program files\Common Files\tx11_gif.flt
1998-12-09 02:53 . 1998-12-09 02:53 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 . 1998-12-09 02:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
1998-12-09 02:53 . 1998-12-09 02:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
2012-07-27 17:45 . 2012-06-07 03:20 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-10_13.52.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-10 21:08 . 2012-08-10 21:08 16384 c:\windows\Temp\Perflib_Perfdata_2b4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\katie\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\katie\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\katie\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\katie\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OpenDNS Updater"="c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
"SansaDispatch"="c:\documents and settings\katie\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2012-03-19 79872]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
"IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-31 2595616]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-31 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-31 140568]
"FineReader7NewsReaderPro"="c:\program files\ABBYY FineReader 7.0 Professional Edition\ABBYYNewsReader.exe" [2004-03-11 290816]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-4-19 1199104]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microtek Scanner Finder.lnk - c:\program files\Microtek\ScanWizard 5\ScannerFinder.exe [2008-3-17 344064]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoChangeAnimation"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-09-26 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave"=DrvTrNTm.dll
"mixer"=DrvTrNTm.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Secunia PSI.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Secunia PSI.lnk
backup=c:\windows\pss\Secunia PSI.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-04-19 17:26 484904 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TryAndDecideService"=2 (0x2)
"AcrSch2Svc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\katie\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [4/7/2010 10:51 AM 40560]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [7/27/2012 9:15 AM 27496]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [7/30/2012 11:29 PM 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 2:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 1:48 PM 116608]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [3/8/2008 12:02 PM 1858144]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [9/6/2010 3:19 AM 169408]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [6/7/2012 8:59 PM 913792]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/30/2012 11:29 PM 86224]
R2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [7/27/2012 9:15 AM 830048]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [12/16/2008 8:55 AM 131664]
R3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [6/7/2010 4:26 PM 91728]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys --> c:\windows\system32\DRIVERS\avgidshx.sys [?]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/2/2010 3:55 PM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/13/2012 6:52 PM 250056]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys --> c:\windows\system32\DRIVERS\avgidsshimx.sys [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\Owner\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Owner\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 CSQ200;CSQ driver;c:\windows\system32\drivers\CSQ200.sys [9/25/2003 2:16 PM 18816]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [10/26/2010 8:05 AM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [10/26/2010 8:05 AM 8456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/2/2010 3:55 PM 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/3/2012 5:54 AM 113120]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [7/7/2010 10:05 AM 14904]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [5/4/2009 11:52 PM 91472]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 17:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 04:58]
.
2012-08-10 c:\windows\Tasks\AdobeAAMUpdater-1.0-COLEMAN200-Owner.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-29 06:25]
.
2012-08-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-02 19:54]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-02 19:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/firefox
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: Interfaces\{9E2B43CD-87D9-47FB-B00C-92A2302D57B8}: NameServer = 208.67.222.222,208.67.220.220
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\katie\Application Data\Mozilla\Firefox\Profiles\rh8j4f3p.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B28d4719a-96de-4b50-91e0-0268b5b37ee7%7D&mid=399b852e134b47d1a54fd154d4cc8e3f-06ce4fc639803a2e3563922518183d8e94088cb9&ds=pp016&v=12.1.0.21&lang=en&pr=sa&d=2012-07-27%2009%3A15%3A39&sap=ku&q=
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-10 17:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\documents and settings\katie\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?e?l?o?a?d?(?t?r?u?e?)?;???>?'?]?.?l?o?c?a?t?i?o?n?.?r?e?l?o?a?d?(?t?r?u?e?)?;???H?|?@^|?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(928)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(984)
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(2056)
c:\windows\system32\WININET.dll
c:\documents and settings\katie\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\brss01a.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2012-08-10 17:27:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-10 21:27
ComboFix2.txt 2012-08-10 14:10
.
Pre-Run: 143,098,839,040 bytes free
Post-Run: 143,076,995,072 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 6EC1ED196C980BB727D9F7C3ECAE7C68


Don't know if I should attempt to uninstall Avira FREE and reinstall it or what?

Thank you for being there.
katie

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,762 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:21 AM

Posted 11 August 2012 - 08:00 AM

c:\windows\TEMP\logishrd\LVPrcInj01.dll Part of Logitech webcams.
A file in a Temp folder will be deleted by any cleaning tool.

If you are not using the Logitech webcams it's not required.

http://forums.logitech.com/t5/Webcams/Temp-Folder-installation-LVPrcInj01-dll/td-p/314149/page/5

If you have difficulties with a Logitech product you should take it out with them.
===

Don't know if I should attempt to uninstall Avira FREE and reinstall it or what?
If it's still giving your problem yes you should.
Make sure you have the Program Installer before remove it.

Close all Windows and browser, disconnect from the inter net.

Remove the application and re-install it.

Scan the computer. Then reconnect to the Internet.

Please let me know of any other issues with this computer.

#11 katiemay

katiemay
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 11 August 2012 - 11:00 PM

Uninstalled Avira FREE according to your instructions and installed a new download. Updated it and ran a scan. [see log below]. Beside the several warnings listed- it seemed to go fine this time and the program now indicates that a scan has, indeed, been done.

It may be that this is an early duo-core processor, but I also ran a scan on an old P-4 computer-- and the P-4 finished its scan in less than 2 hours and this one took 6.5 hours. There are a lot of files on this machine, but sometimes I wonder if this machine is really doing all it should [or if there is a bottle-neck somewhere]. I know that is a vague question- so hope you don't mind my asking.
Thank you for all of your help-- and it sure feels food to have these problems taken care of.
katie

Avira Free Antivirus
Report file date: Saturday, August 11, 2012 16:01

Scanning for 4093269 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Microsoft Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : COLEMAN200

Version information:
BUILD.DAT : 12.0.0.1167 40870 Bytes 7/18/2012 20:07:00
AVSCAN.EXE : 12.3.0.33 468472 Bytes 7/18/2012 22:04:51
AVSCAN.DLL : 12.3.0.15 54736 Bytes 7/18/2012 22:05:06
LUKE.DLL : 12.3.0.15 68304 Bytes 7/18/2012 22:04:59
AVSCPLR.DLL : 12.3.0.27 97064 Bytes 7/18/2012 22:04:51
AVREG.DLL : 12.3.0.33 232232 Bytes 7/18/2012 22:04:51
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 00:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 05:23:21
VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 05:32:24
VBASE003.VDF : 7.11.21.238 4472832 Bytes 2/1/2012 15:58:50
VBASE004.VDF : 7.11.26.44 4329472 Bytes 3/28/2012 04:38:13
VBASE005.VDF : 7.11.34.116 4034048 Bytes 6/29/2012 22:05:05
VBASE006.VDF : 7.11.34.117 2048 Bytes 6/29/2012 22:05:05
VBASE007.VDF : 7.11.34.118 2048 Bytes 6/29/2012 22:05:05
VBASE008.VDF : 7.11.34.119 2048 Bytes 6/29/2012 22:05:05
VBASE009.VDF : 7.11.34.120 2048 Bytes 6/29/2012 22:05:05
VBASE010.VDF : 7.11.34.121 2048 Bytes 6/29/2012 22:05:05
VBASE011.VDF : 7.11.34.122 2048 Bytes 6/29/2012 22:05:05
VBASE012.VDF : 7.11.34.123 2048 Bytes 6/29/2012 22:05:05
VBASE013.VDF : 7.11.34.124 2048 Bytes 6/29/2012 22:05:05
VBASE014.VDF : 7.11.38.18 2554880 Bytes 7/30/2012 19:54:40
VBASE015.VDF : 7.11.38.70 556032 Bytes 7/31/2012 19:54:44
VBASE016.VDF : 7.11.38.143 171008 Bytes 8/2/2012 19:54:46
VBASE017.VDF : 7.11.38.221 178176 Bytes 8/6/2012 19:54:48
VBASE018.VDF : 7.11.39.37 168448 Bytes 8/8/2012 19:54:49
VBASE019.VDF : 7.11.39.89 131072 Bytes 8/9/2012 19:54:50
VBASE020.VDF : 7.11.39.145 142336 Bytes 8/11/2012 19:54:52
VBASE021.VDF : 7.11.39.146 2048 Bytes 8/11/2012 19:54:52
VBASE022.VDF : 7.11.39.147 2048 Bytes 8/11/2012 19:54:52
VBASE023.VDF : 7.11.39.148 2048 Bytes 8/11/2012 19:54:53
VBASE024.VDF : 7.11.39.149 2048 Bytes 8/11/2012 19:54:53
VBASE025.VDF : 7.11.39.150 2048 Bytes 8/11/2012 19:54:54
VBASE026.VDF : 7.11.39.151 2048 Bytes 8/11/2012 19:54:54
VBASE027.VDF : 7.11.39.152 2048 Bytes 8/11/2012 19:54:54
VBASE028.VDF : 7.11.39.153 2048 Bytes 8/11/2012 19:54:55
VBASE029.VDF : 7.11.39.154 2048 Bytes 8/11/2012 19:54:55
VBASE030.VDF : 7.11.39.155 2048 Bytes 8/11/2012 19:54:55
VBASE031.VDF : 7.11.39.156 2048 Bytes 8/11/2012 19:54:56
Engine version : 8.2.10.132
AEVDF.DLL : 8.1.2.10 102772 Bytes 8/11/2012 19:55:25
AESCRIPT.DLL : 8.1.4.42 459129 Bytes 8/11/2012 19:55:24
AESCN.DLL : 8.1.8.2 131444 Bytes 2/16/2012 22:11:36
AESBX.DLL : 8.2.5.12 606578 Bytes 7/18/2012 22:04:48
AERDL.DLL : 8.1.9.15 639348 Bytes 1/21/2012 05:22:40
AEPACK.DLL : 8.3.0.24 811381 Bytes 8/11/2012 19:55:22
AEOFFICE.DLL : 8.1.2.42 201083 Bytes 8/11/2012 19:55:19
AEHEUR.DLL : 8.1.4.86 5165429 Bytes 8/11/2012 19:55:18
AEHELP.DLL : 8.1.23.2 258422 Bytes 7/18/2012 22:04:45
AEGEN.DLL : 8.1.5.34 434548 Bytes 8/11/2012 19:55:02
AEEXP.DLL : 8.1.0.74 86387 Bytes 8/11/2012 19:55:25
AEEMU.DLL : 8.1.3.2 393587 Bytes 8/11/2012 19:55:00
AECORE.DLL : 8.1.27.4 201078 Bytes 8/11/2012 19:54:59
AEBB.DLL : 8.1.1.0 53618 Bytes 1/21/2012 05:22:35
AVWINLL.DLL : 12.3.0.15 27344 Bytes 7/18/2012 22:04:53
AVPREF.DLL : 12.3.0.15 51920 Bytes 7/18/2012 22:04:51
AVREP.DLL : 12.3.0.15 179208 Bytes 7/18/2012 22:04:51
AVARKT.DLL : 12.3.0.15 211408 Bytes 7/18/2012 22:04:49
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 7/18/2012 22:04:50
SQLITE3.DLL : 3.7.0.1 398288 Bytes 7/18/2012 22:05:02
AVSMTP.DLL : 12.3.0.32 63480 Bytes 7/18/2012 22:04:52
NETNT.DLL : 12.3.0.15 17104 Bytes 7/18/2012 22:04:59
RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 7/18/2012 22:05:09
RCTEXT.DLL : 12.3.0.31 97784 Bytes 7/18/2012 22:05:09

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended

Start of the scan: Saturday, August 11, 2012 16:01

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0003\MODES\1600,1200
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0004\MODES\1600,1200
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0005\MODES\1600,1200
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0006\MODES\1600,1200
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0003\MODES\1600,1200
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0004\MODES\1600,1200
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0005\MODES\1600,1200
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0006\MODES\1600,1200
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'msdtc.exe' - '42' Module(s) have been scanned
Scan process 'dllhost.exe' - '60' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '73' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'avguard.exe' - '56' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'avcenter.exe' - '69' Module(s) have been scanned
Scan process 'avgnt.exe' - '68' Module(s) have been scanned
Scan process 'sched.exe' - '41' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'ScannerFinder.exe' - '23' Module(s) have been scanned
Scan process 'ASCTray.exe' - '42' Module(s) have been scanned
Scan process 'SansaDispatch.exe' - '18' Module(s) have been scanned
Scan process 'OpenDNSUpdater.exe' - '84' Module(s) have been scanned
Scan process 'jusched.exe' - '21' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '37' Module(s) have been scanned
Scan process 'schedhlp.exe' - '19' Module(s) have been scanned
Scan process 'TimounterMonitor.exe' - '28' Module(s) have been scanned
Scan process 'TrueImageMonitor.exe' - '32' Module(s) have been scanned
Scan process 'type32.exe' - '35' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '23' Module(s) have been scanned
Scan process 'ToolbarUpdater.exe' - '25' Module(s) have been scanned
Scan process 'IoctlSvc.exe' - '15' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '16' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '19' Module(s) have been scanned
Scan process 'jqs.exe' - '33' Module(s) have been scanned
Scan process 'PhotoshopElementsFileAgent.exe' - '25' Module(s) have been scanned
Scan process 'Explorer.EXE' - '118' Module(s) have been scanned
Scan process 'a2service.exe' - '28' Module(s) have been scanned
Scan process 'SASCORE.EXE' - '17' Module(s) have been scanned
Scan process 'spoolsv.exe' - '58' Module(s) have been scanned
Scan process 'brss01a.exe' - '18' Module(s) have been scanned
Scan process 'brsvc01a.exe' - '10' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '160' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '29' Module(s) have been scanned
Scan process 'ASCService.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '51' Module(s) have been scanned
Scan process 'lsass.exe' - '59' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '77' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '6137' files ).


Starting the file scan:

Begin scan in 'C:\' <XP original>
C:\Documents and Settings\All Users\Application Data\azzCardfile\azzCardfileLicenseEncrypted.lic
[WARNING] The file is password protected
C:\Documents and Settings\katie\Desktop\avira_free_antivirus_en.exe
[WARNING] The file is password protected
C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-27-2011 - 21-56-25.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-03-2010 - 11-38-40.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Owner\Application Data\Tracker Software\LiveUpdate\Updates\PDFXVwer_2046.exe
[WARNING] Invalid end of file
C:\Downloads\Bleeping Computer downloads\avira_free_antivirus_en.exe
[WARNING] The file is password protected
C:\Downloads\CD ripper- CDEX- 1_51 for XP\cdex_151.exe
[WARNING] Invalid compressed data
C:\Downloads\CD ripper- CDEX- 1_51 for XP\cdex_170b2_enu.exe
[WARNING] Unsupported archive version
C:\Downloads\MP3 tag editor\mtt-v1.2.exe
[WARNING] Unsupported archive version
C:\Downloads\Wave File Splitter-Sampler\ws2setup.zip
[WARNING] Unsupported archive version
C:\Downloads\Whereisit\where353.zip
[WARNING] Unsupported archive version
C:\Downloads\Windows 98SE custom boot disk\BOOT98SC.EXE
[WARNING] The file is password protected
C:\Program Files\CDex_170b2\uninstall.exe
[WARNING] Unsupported archive version
C:\Program Files\MP3Gain\uninst-mp3gain.exe
[WARNING] Invalid end of file
C:\Program Files\OApps\vfd-cb_uninstall.exe
[WARNING] Invalid end of file
C:\System Volume Information\_restore{E20C3AFA-AACE-4E3E-A853-DD64A2E2C9BD}\RP1\A0000337.exe
[WARNING] The file is password protected


End of the scan: Saturday, August 11, 2012 22:36
Used time: 6:35:13 Hour(s)

The scan has been done completely.

17474 Scanned directories
847605 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
847605 Files not concerned
32053 Archives were scanned
16 Warnings
10 Notes
821485 Objects were scanned with rootkit scan
10 Hidden objects were found



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,762 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:21 AM

Posted 12 August 2012 - 08:31 AM

Please run the ComboFix tool again and post a fresh log.
You may be asked to update the version, please do.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


#13 katiemay

katiemay
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 12 August 2012 - 03:02 PM

Thank you for your response--- I ran the scans as directed, updating ComboFix.

One thing I thought I should mention is that each time I run ComboFix it gets to that spot where it is looking for MS Windows Recovery Console and tells me it is not installed and asks if I wish to install it. Each time I say <Yes> and it downloads the console and tells me it has been installed successfully- but next time I run ComboFix it does the same thing.

Here are the scans:

ComboFix 12-08-10.02 - katie 08/12/2012 15:31:08.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1919.1219 [GMT -4:00]
Running from: c:\documents and settings\katie\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-12 to 2012-08-12 )))))))))))))))))))))))))))))))
.
.
2012-08-11 19:50 . 2012-08-11 19:50 -------- d-----w- c:\documents and settings\katie\Application Data\Avira
2012-08-11 19:42 . 2012-07-18 22:05 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-08-11 19:42 . 2012-07-18 22:05 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-08-11 19:42 . 2012-07-18 22:05 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-08-11 19:42 . 2012-08-11 19:42 -------- d-----w- c:\program files\Avira
2012-08-11 19:42 . 2012-08-11 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2012-08-11 00:10 . 2012-08-11 00:10 -------- d-----w- c:\documents and settings\katie\Local Settings\Application Data\Temp
2012-08-10 13:45 . 2008-04-14 05:45 64512 -c--a-w- c:\windows\system32\dllcache\serial.sys
2012-08-10 13:45 . 2008-04-14 05:45 64512 ----a-w- c:\windows\system32\drivers\Serial.sys
2012-07-31 01:09 . 2012-07-31 03:18 -------- d-----w- c:\program files\CheckPoint
2012-07-31 01:09 . 2012-07-31 03:18 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint
2012-07-30 13:28 . 2012-07-30 13:28 -------- d-----w- c:\documents and settings\katie\Application Data\AVG2012
2012-07-30 13:19 . 2012-07-31 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-07-30 13:19 . 2012-07-30 13:19 -------- d-----w- C:\$AVG
2012-07-30 05:01 . 2012-07-30 05:01 -------- d-----w- c:\documents and settings\katie\Local Settings\Application Data\Sun
2012-07-30 04:43 . 2012-07-30 04:41 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-27 13:16 . 2012-07-28 03:14 -------- d-----w- c:\program files\hpmonitor
2012-07-27 13:15 . 2012-07-27 13:15 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-07-27 13:15 . 2012-07-27 13:15 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-07-27 13:11 . 2012-07-27 13:11 -------- d-----w- c:\documents and settings\katie\Application Data\pdfforge
2012-07-27 13:11 . 2012-07-27 13:12 -------- d-----w- c:\program files\PDFCreator
2012-07-26 19:09 . 2012-07-26 19:09 -------- d-----w- c:\program files\ESET
2012-07-26 13:03 . 2012-07-26 13:03 -------- d-----w- C:\TDSSKiller_Quarantine
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 04:58 . 2012-04-13 22:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 04:58 . 2011-05-24 12:04 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-30 04:41 . 2012-05-12 18:59 772592 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-30 04:41 . 2010-04-25 19:08 687600 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-05 17:02 . 2012-03-19 20:48 81920 ----a-w- c:\windows\system32\pdfcmon.dll
2012-07-03 17:46 . 2010-02-23 03:39 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19 . 2006-02-28 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-08-30 00:06 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2006-02-28 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2006-02-28 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2009-08-07 00:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2009-08-07 00:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2008-02-11 16:49 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2008-02-11 16:49 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2008-02-11 16:49 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2009-08-07 00:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2008-03-08 16:52 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2008-02-11 16:49 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2008-02-11 16:49 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2006-02-28 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2009-08-07 00:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2008-02-11 16:49 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2008-02-11 16:49 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2008-03-08 16:53 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2008-03-08 16:53 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 19:18 . 2007-07-31 00:18 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-24 14:48 . 2012-06-08 12:44 21376 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-05-16 15:08 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2004-03-30 05:04 . 2004-03-30 05:04 49152 ----a-w- c:\program files\Common Files\tx11_gif.flt
1998-12-09 02:53 . 1998-12-09 02:53 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 . 1998-12-09 02:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
1998-12-09 02:53 . 1998-12-09 02:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
2012-07-27 17:45 . 2012-06-07 03:20 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-10_13.52.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-11 18:05 . 2012-08-11 18:05 16384 c:\windows\Temp\Perflib_Perfdata_238.dat
- 2012-07-31 03:29 . 2010-06-17 19:14 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2012-08-11 19:42 . 2010-06-17 19:14 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2011-06-06 16:55 . 2011-06-06 16:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 103848 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlrShim.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 937920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\adobearm.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2012-08-10 22:49 . 2012-08-10 22:49 2295808 c:\windows\Installer\58cfb4.msi
+ 2011-06-06 16:55 . 2011-06-06 16:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 1189004 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JSByteCodeWin.bin
+ 2011-06-06 16:55 . 2011-06-06 16:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2012-04-04 11:17 . 2012-04-04 11:17 16613376 c:\windows\Installer\58cfb5.msp
+ 2011-06-06 16:55 . 2011-06-06 16:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\katie\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\katie\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\katie\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\katie\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OpenDNS Updater"="c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
"SansaDispatch"="c:\documents and settings\katie\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2012-03-19 79872]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
"IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-31 2595616]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-31 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-31 140568]
"FineReader7NewsReaderPro"="c:\program files\ABBYY FineReader 7.0 Professional Edition\ABBYYNewsReader.exe" [2004-03-11 290816]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-4-19 1199104]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microtek Scanner Finder.lnk - c:\program files\Microtek\ScanWizard 5\ScannerFinder.exe [2008-3-17 344064]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoChangeAnimation"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-09-26 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave"=DrvTrNTm.dll
"mixer"=DrvTrNTm.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Secunia PSI.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Secunia PSI.lnk
backup=c:\windows\pss\Secunia PSI.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-04-19 17:26 484904 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TryAndDecideService"=2 (0x2)
"AcrSch2Svc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\katie\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [4/7/2010 10:51 AM 40560]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [7/27/2012 9:15 AM 27496]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [8/11/2012 3:42 PM 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 2:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 1:48 PM 116608]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [3/8/2008 12:02 PM 1858144]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [9/6/2010 3:19 AM 169408]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [6/7/2012 8:59 PM 913792]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/11/2012 3:42 PM 86224]
R2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [7/27/2012 9:15 AM 830048]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [12/16/2008 8:55 AM 131664]
R3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [6/7/2010 4:26 PM 91728]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys --> c:\windows\system32\DRIVERS\avgidshx.sys [?]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/2/2010 3:55 PM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/13/2012 6:52 PM 250056]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys --> c:\windows\system32\DRIVERS\avgidsshimx.sys [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\Owner\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Owner\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 CSQ200;CSQ driver;c:\windows\system32\drivers\CSQ200.sys [9/25/2003 2:16 PM 18816]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [10/26/2010 8:05 AM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [10/26/2010 8:05 AM 8456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/2/2010 3:55 PM 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/3/2012 5:54 AM 113120]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [7/7/2010 10:05 AM 14904]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [5/4/2009 11:52 PM 91472]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ANTIVIRSCHEDULERSERVICE
*NewlyCreated* - ANTIVIRSERVICE
*NewlyCreated* - AVIPBB
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 17:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 04:58]
.
2012-08-12 c:\windows\Tasks\AdobeAAMUpdater-1.0-COLEMAN200-Owner.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-29 06:25]
.
2012-08-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-02 19:54]
.
2012-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-02 19:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/firefox
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: Interfaces\{9E2B43CD-87D9-47FB-B00C-92A2302D57B8}: NameServer = 208.67.222.222,208.67.220.220
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\katie\Application Data\Mozilla\Firefox\Profiles\rh8j4f3p.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B28d4719a-96de-4b50-91e0-0268b5b37ee7%7D&mid=399b852e134b47d1a54fd154d4cc8e3f-06ce4fc639803a2e3563922518183d8e94088cb9&ds=pp016&v=12.1.0.21&lang=en&pr=sa&d=2012-07-27%2009%3A15%3A39&sap=ku&q=
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-12 15:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\documents and settings\katie\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?e?l?o?a?d?(?t?r?u?e?)?;???>?'?]?.?l?o?c?a?t?i?o?n?.?r?e?l?o?a?d?(?t?r?u?e?)?;???H?|?@^|?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(924)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(984)
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(3620)
c:\windows\system32\WININET.dll
c:\documents and settings\katie\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-08-12 15:47:00
ComboFix-quarantined-files.txt 2012-08-12 19:46
ComboFix2.txt 2012-08-10 21:27
ComboFix3.txt 2012-08-10 14:10
.
Pre-Run: 144,490,934,272 bytes free
Post-Run: 144,470,650,880 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 0B6835C11CCDD7ADD1EC8872D2E1D5CE



# AdwCleaner v1.800 - Logfile created 08/12/2012 at 15:51:33
# Updated 01/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : katie - COLEMAN200
# Running from : C:\Documents and Settings\katie\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\Owner\Application Data\pdfforge
Folder Found : C:\Documents and Settings\Owner\Application Data\Search Settings
Folder Found : C:\Documents and Settings\katie\Application Data\pdfforge
Folder Found : C:\Documents and Settings\All Users\Application Data\blekko toolbars
Folder Found : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Found : C:\Program Files\Common Files\AVG Secure Search
File Found : C:\Program Files\Mozilla Firefox\extensions\searchsettings@spigot.com
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [Registry] *****

Key Found : HKCU\Software\IGearSettings
Key Found : HKLM\SOFTWARE\AskBarDis
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\Wise Solutions

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qp1lsqhq.default\prefs.js

Found : user_pref("browser.search.defaultenginename", "Blekko");
Found : user_pref("browser.search.selectedEngine", "Blekko");
Found : user_pref("browser.search.order.1", "Blekko");
Found : user_pref("keyword.URL", "hxxp://blekko.com/ws/?source=a545ea26&tbp=rbox&toolbarid=blekkotb_soc&u=FA[...]

Profile name : default
File : C:\Documents and Settings\katie\Application Data\Mozilla\Firefox\Profiles\rh8j4f3p.default\prefs.js

Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid=%7B28d4719a-96de-4b50-91e0-0268b5b37ee7[...]

Profile name : default
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1xjns3z5.default\prefs.js

[OK] File is clean.

-\\ Opera v11.62.1347.0

File : C:\Documents and Settings\Owner\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

File : C:\Documents and Settings\katie\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4703 octets] - [12/08/2012 15:51:33]

########## EOF - C:\AdwCleaner[R1].txt - [4831 octets] ##########



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,762 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:21 AM

Posted 13 August 2012 - 07:27 AM

This is an indication that the Recovery Console is installed.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer


When you boot your computer you should see an option to start the Recovery console or Windows.

You have only 2 seconds to make the selection.
===

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Please post the log and let me know what problem persists.

#15 katiemay

katiemay
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 13 August 2012 - 07:51 AM

Thank you for your help
katie


# AdwCleaner v1.800 - Logfile created 08/13/2012 at 08:34:00
# Updated 01/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : katie - COLEMAN200
# Running from : C:\Documents and Settings\katie\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Owner\Application Data\pdfforge
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Search Settings
Folder Deleted : C:\Documents and Settings\katie\Application Data\pdfforge
Folder Deleted : C:\Documents and Settings\All Users\Application Data\blekko toolbars
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
Deleted on reboot : C:\Program FilesC:\Program Files\Software
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [Registry] *****

Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKLM\SOFTWARE\AskBarDis
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wise Solutions

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qp1lsqhq.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "Blekko");
Deleted : user_pref("browser.search.selectedEngine", "Blekko");
Deleted : user_pref("browser.search.order.1", "Blekko");
Deleted : user_pref("keyword.URL", "hxxp://blekko.com/ws/?source=a545ea26&tbp=rbox&toolbarid=blekkotb_soc&u=FA[...]

Profile name : default
File : C:\Documents and Settings\katie\Application Data\Mozilla\Firefox\Profiles\rh8j4f3p.default\prefs.js

C:\Documents and Settings\katie\Application Data\Mozilla\Firefox\Profiles\rh8j4f3p.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid=%7B28d4719a-96de-4b50-91e0-0268b5b37ee7[...]

Profile name : default
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1xjns3z5.default\prefs.js

[OK] File is clean.

-\\ Opera v11.62.1347.0

File : C:\Documents and Settings\Owner\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

File : C:\Documents and Settings\katie\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4832 octets] - [12/08/2012 15:51:33]
AdwCleaner[S1].txt - [4944 octets] - [13/08/2012 08:34:00]

########## EOF - C:\AdwCleaner[S1].txt - [5072 octets] ##########






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users