Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search result redirects


  • This topic is locked This topic is locked
22 replies to this topic

#1 muleball

muleball

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 11 August 2012 - 07:56 AM

2 days ago, I received a fake virus scan pop up. It seems that Malwarebytes was able to get rid of it, but since then, when I try to use a search engine, I get redirected to a spam website. Malwarebytes does not find anything else at this time. I ran Spybot Search & Destroy, which found a few issues, but I am still getting the redirects. Windows seems to be running fine otherwise.

At the time I was using Microsoft Security Essentials, but it seems that was turned off by the program. I have since removed MSE and installed AVG free. I am able to use AVG's Secure Search without issue.

Thanks for any help you can provide.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by mcox at 9:33:57 on 2012-08-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3199.2145 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HighCriteria\FileMon\FileMon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MMTaskbar\MultiMon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Command Digital\AutoHook 2008\AutoHook 2008.exe
C:\Documents and Settings\mcox\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\AutoCAD Civil 3D 2008\acad.exe
C:\DOCUME~1\mcox\LOCALS~1\Temp\AdskCleanup.0001
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Crimson Editor\cedt.exe
C:\Program Files\Crimson Editor\cedt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.2.0.5\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.2.0.5\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [FileMonRun] c:\program files\highcriteria\filemon\FileMon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_ssl_v12] "c:\program files\avg secure search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
StartupFolder: c:\docume~1\mcox\startm~1\programs\startup\autoho~1.lnk - c:\program files\command digital\autohook 2008\AutoHook 2008.exe
StartupFolder: c:\docume~1\mcox\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\mcox\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\mcox\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\multim~1.lnk - c:\program files\mmtaskbar\MultiMon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: jocogov.org\ims
Trusted Zone: jocogov.org\maps
Trusted Zone: wycokck.org\www2
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1344543087714
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342612364642
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://join-test.webex.com/client/T27L/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 151.164.1.8 151.164.8.201
TCP: Interfaces\{79B8F304-E028-4BAB-A332-ED92BE9D5C01} : DhcpNameServer = 151.164.1.8 151.164.8.201
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.2.0\ViProtocol.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mcox\application data\mozilla\firefox\profiles\u2h8cpr4.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\12.2.0\npsitesafety.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-9 27496]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\12.2.0\ToolbarUpdater.exe [2012-8-9 927840]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-18 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 250056]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2011-10-12 18560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-18 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-26 113120]
S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\ultramonmirror.sys --> c:\windows\system32\drivers\UltraMonMirror.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-08-09 21:21:56 -------- d-----w- c:\documents and settings\mcox\application data\AVG2012
2012-08-09 21:20:58 -------- d-----w- c:\documents and settings\mcox\local settings\application data\AVG Secure Search
2012-08-09 21:20:51 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search
2012-08-09 21:20:39 -------- d-----w- c:\documents and settings\mcox\application data\AVG Secure Search
2012-08-09 21:20:35 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-09 21:20:21 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-08-09 21:20:18 -------- d-----w- c:\program files\AVG Secure Search
2012-08-09 21:18:55 -------- d-----w- c:\windows\system32\drivers\AVG
2012-08-09 21:18:55 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2012-08-09 18:46:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-08-09 18:46:05 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-08-09 18:38:02 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-09 15:11:59 -------- d-----w- c:\documents and settings\all users\application data\036E18CD000C2ACF000018527B07D287
2012-08-09 15:11:08 57344 ---ha-w- c:\windows\system32\evenonce.dll
2012-08-08 20:55:49 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-08-08 20:55:49 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-08-07 18:01:47 -------- d-----w- c:\program files\Corpscon6
2012-07-17 22:12:33 -------- d-----w- C:\a4f76cbb8e1255eb75564e2e3a
2012-07-17 21:30:24 -------- d-----w- c:\windows\system32\XPSViewer
2012-07-17 21:05:30 -------- d-----w- c:\windows\system32\URTTemp
.
==================== Find3M ====================
.
2012-08-02 18:09:42 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-02 18:09:42 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 22:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
1997-07-22 00:30:54 1045776 --sha-w- c:\windows\system32\Msjet35.dll
1997-06-23 08:00:00 123664 --sha-w- c:\windows\system32\Msjint35.dll
1997-06-23 17:06:50 24848 --sha-w- c:\windows\system32\Msjter35.dll
1997-06-23 17:06:50 252176 --sha-w- c:\windows\system32\Msrd2x35.dll
1997-06-23 17:06:50 287504 --sha-w- c:\windows\system32\Msxbse35.dll
.
============= FINISH: 9:43:43.01 ===============

Attached Files


Edited by muleball, 11 August 2012 - 07:58 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:44 PM

Posted 12 August 2012 - 01:38 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 muleball

muleball
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 13 August 2012 - 05:12 PM

Here is the security check log:

Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
AVG2012 successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 29
Java version out of Date!
Adobe Flash Player 11.3.300.270
Adobe Reader X (10.1.3)
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 17% Defragment your hard drive soon!
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:44 PM

Posted 13 August 2012 - 05:27 PM

ok let me have the combofix report when it is ready



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:44 PM

Posted 16 August 2012 - 07:42 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 muleball

muleball
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 16 August 2012 - 09:13 PM

Thanks for your help...sorry, things became very busy this week and I have not had a chance to run Combofix yet. I plan on doing that tomorrow afternoon.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:44 PM

Posted 17 August 2012 - 01:04 PM

OK no problem :thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 muleball

muleball
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 17 August 2012 - 06:36 PM

Combofix has gotten through 50 stages and is deleting files. I read that it may take a while to generate the log, so I think I will let it run and post the log tomorrow morning. Thanks!

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:44 PM

Posted 17 August 2012 - 08:37 PM

OK I will look for you then


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 muleball

muleball
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 18 August 2012 - 07:15 AM

I am no longer getting redirects from search engine results!


ComboFix 12-08-17.03 - mcox 08/17/2012 18:12:47.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3199.2531 [GMT -5:00]
Running from: c:\documents and settings\mcox\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\~GLC0000.TMP
c:\windows\~GLC0001.TMP
c:\windows\Installer\{fe12efbb-d534-9139-9129-88bf7c0f61e5}\@
c:\windows\Installer\{fe12efbb-d534-9139-9129-88bf7c0f61e5}\L\00000004.@
c:\windows\Installer\{fe12efbb-d534-9139-9129-88bf7c0f61e5}\L\1afb2d56
c:\windows\Installer\{fe12efbb-d534-9139-9129-88bf7c0f61e5}\L\201d3dde
c:\windows\Installer\{fe12efbb-d534-9139-9129-88bf7c0f61e5}\U\00000001.@
c:\windows\Installer\{fe12efbb-d534-9139-9129-88bf7c0f61e5}\U\80000000.@
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-17 to 2012-08-17 )))))))))))))))))))))))))))))))
.
.
2012-08-09 21:21 . 2012-08-09 21:21 -------- d-----w- c:\documents and settings\mcox\Application Data\AVG2012
2012-08-09 21:20 . 2012-08-09 21:20 -------- d-----w- c:\documents and settings\mcox\Local Settings\Application Data\AVG Secure Search
2012-08-09 21:20 . 2012-08-09 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2012-08-09 21:20 . 2012-08-09 21:20 -------- d-----w- c:\documents and settings\mcox\Application Data\AVG Secure Search
2012-08-09 21:20 . 2012-08-09 21:20 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-09 21:20 . 2012-08-09 21:20 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-08-09 21:20 . 2012-08-09 21:20 -------- d-----w- c:\program files\AVG Secure Search
2012-08-09 21:18 . 2012-08-17 13:51 -------- d-----w- c:\windows\system32\drivers\AVG
2012-08-09 21:18 . 2012-08-15 11:38 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-08-09 18:46 . 2012-08-09 19:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-08-09 18:46 . 2012-08-09 18:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-08-09 18:38 . 2012-08-09 19:28 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-09 15:11 . 2012-08-09 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\036E18CD000C2ACF000018527B07D287
2012-08-08 20:55 . 2012-08-08 20:55 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-08-08 20:55 . 2012-08-08 20:55 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-08-07 18:01 . 2012-08-07 18:02 -------- d-----w- c:\program files\Corpscon6
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 12:09 . 2012-03-29 13:06 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 12:09 . 2011-06-02 16:29 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 18:46 . 2011-05-06 14:28 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19 . 2004-08-04 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2011-04-13 18:19 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 22:35 . 2011-04-13 16:21 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-04 22:35 . 2009-08-07 00:23 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2004-08-04 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19 . 2009-08-07 00:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2011-04-13 16:21 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2011-04-13 16:21 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2009-08-07 00:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2011-04-13 16:21 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2011-04-13 16:21 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 20:19 . 2009-08-07 00:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 20:19 . 2009-08-07 00:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19 . 2004-08-04 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2009-08-07 00:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2011-04-13 16:21 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2011-04-13 16:21 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 20:18 . 2011-04-14 14:35 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18 . 2011-04-14 14:35 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-08-10 17:05 . 2011-08-08 17:08 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
1997-07-22 00:30 1045776 --sha-w- c:\windows\system32\Msjet35.dll
1997-06-23 08:00 123664 --sha-w- c:\windows\system32\Msjint35.dll
1997-06-23 17:06 24848 --sha-w- c:\windows\system32\Msjter35.dll
1997-06-23 17:06 252176 --sha-w- c:\windows\system32\Msrd2x35.dll
1997-06-23 17:06 287504 --sha-w- c:\windows\system32\Msxbse35.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-09 21:20 2045024 ----a-w- c:\program files\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll" [2012-08-09 2045024]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\mcox\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\mcox\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\mcox\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\mcox\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileMonRun"="c:\program files\HighCriteria\FileMon\FileMon.exe" [2004-04-07 397312]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-02 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-06 16262656]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-30 61440]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-08-23 211296]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-08-09 1162848]
"ROC_roc_ssl_v12"="c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe" [2012-08-09 1020512]
.
c:\documents and settings\mcox\Start Menu\Programs\Startup\
AutoHook 2008.lnk - c:\program files\Command Digital\AutoHook 2008\AutoHook 2008.exe [2012-1-18 258514]
Dropbox.lnk - c:\documents and settings\mcox\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2012-1-23 1014112]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2011-4-14 25214]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
MultiMon Taskbar.lnk - c:\program files\MMTaskbar\MultiMon.exe [2011-7-5 294912]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2011-4-13 106560]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\mcox\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/31/2012 4:46 AM 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/22/2012 5:25 AM 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [3/19/2012 5:17 AM 301248]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [8/9/2012 4:20 PM 27496]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [8/9/2012 4:20 PM 927840]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [7/4/2012 5:25 PM 5160568]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/18/2011 9:58 AM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/29/2012 8:06 AM 250056]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [10/12/2011 8:24 AM 18560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/18/2011 9:58 AM 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/26/2012 5:04 PM 113120]
S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys --> c:\windows\system32\DRIVERS\UltraMonMirror.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 12:09]
.
2012-08-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-18 14:58]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-18 14:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: jocogov.org\ims
Trusted Zone: jocogov.org\maps
Trusted Zone: wycokck.org\www2
TCP: DhcpNameServer = 151.164.1.8 151.164.8.201
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\mcox\Application Data\Mozilla\Firefox\Profiles\u2h8cpr4.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-17 18:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-08-17 18:29:09
ComboFix-quarantined-files.txt 2012-08-17 23:29
ComboFix2.txt 2011-06-01 21:47
.
Pre-Run: 211,247,042,560 bytes free
Post-Run: 213,140,217,856 bytes free
.
- - End Of File - - 59E3D61F8E41CE8FC00D8C19D2B89AE5

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:44 PM

Posted 18 August 2012 - 12:19 PM

Greetings muleball

That is good news!! I still want you to run these next just to make sure there is nothing in the background running



tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 muleball

muleball
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 20 August 2012 - 07:36 AM

07:11:04.0909 0884 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
07:11:05.0346 0884 ============================================================
07:11:05.0346 0884 Current date / time: 2012/08/20 07:11:05.0346
07:11:05.0346 0884 SystemInfo:
07:11:05.0346 0884
07:11:05.0346 0884 OS Version: 5.1.2600 ServicePack: 3.0
07:11:05.0346 0884 Product type: Workstation
07:11:05.0346 0884 ComputerName: COX
07:11:05.0346 0884 UserName: mcox
07:11:05.0346 0884 Windows directory: C:\WINDOWS
07:11:05.0346 0884 System windows directory: C:\WINDOWS
07:11:05.0346 0884 Processor architecture: Intel x86
07:11:05.0346 0884 Number of processors: 2
07:11:05.0346 0884 Page size: 0x1000
07:11:05.0346 0884 Boot type: Normal boot
07:11:05.0346 0884 ============================================================
07:11:06.0268 0884 Drive \Device\Harddisk0\DR0 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
07:11:06.0268 0884 ============================================================
07:11:06.0268 0884 \Device\Harddisk0\DR0:
07:11:06.0268 0884 MBR partitions:
07:11:06.0268 0884 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x22EE6E41
07:11:06.0268 0884 ============================================================
07:11:06.0315 0884 C: <-> \Device\Harddisk0\DR0\Partition1
07:11:06.0315 0884 ============================================================
07:11:06.0315 0884 Initialize success
07:11:06.0315 0884 ============================================================
07:11:10.0141 5400 ============================================================
07:11:10.0141 5400 Scan started
07:11:10.0141 5400 Mode: Manual;
07:11:10.0141 5400 ============================================================
07:11:10.0735 5400 ================ Scan services =============================
07:11:10.0813 5400 Abiosdsk - ok
07:11:10.0813 5400 abp480n5 - ok
07:11:10.0860 5400 [ 8fd99680a539792a30e97944fdaecf17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:11:10.0860 5400 ACPI - ok
07:11:10.0891 5400 [ 9859c0f6936e723e4892d7141b1327d5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
07:11:10.0891 5400 ACPIEC - ok
07:11:10.0938 5400 [ 6d182c31acf16213407f2768f1107fe3 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
07:11:10.0985 5400 Adobe LM Service - ok
07:11:11.0453 5400 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
07:11:11.0484 5400 AdobeFlashPlayerUpdateSvc - ok
07:11:11.0484 5400 adpu160m - ok
07:11:11.0547 5400 [ 8bed39e3c35d6a489438b8141717a557 ] aec C:\WINDOWS\system32\drivers\aec.sys
07:11:11.0547 5400 aec - ok
07:11:11.0578 5400 [ 1e44bc1e83d8fd2305f8d452db109cf9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
07:11:11.0609 5400 AFD - ok
07:11:11.0609 5400 Aha154x - ok
07:11:11.0625 5400 aic78u2 - ok
07:11:11.0625 5400 aic78xx - ok
07:11:11.0656 5400 [ a9a3daa780ca6c9671a19d52456705b4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
07:11:11.0656 5400 Alerter - ok
07:11:11.0687 5400 [ 8c515081584a38aa007909cd02020b3d ] ALG C:\WINDOWS\System32\alg.exe
07:11:11.0687 5400 ALG - ok
07:11:11.0687 5400 AliIde - ok
07:11:11.0703 5400 amsint - ok
07:11:11.0750 5400 [ 3debbecf665dcdde3a95d9b902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:11:11.0750 5400 Apple Mobile Device - ok
07:11:11.0781 5400 [ d8849f77c0b66226335a59d26cb4edc6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
07:11:11.0797 5400 AppMgmt - ok
07:11:11.0797 5400 asc - ok
07:11:11.0797 5400 asc3350p - ok
07:11:11.0797 5400 asc3550 - ok
07:11:11.0906 5400 [ 776acefa0ca9df0faa51a5fb2f435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
07:11:11.0922 5400 aspnet_state - ok
07:11:11.0953 5400 [ b153affac761e7f5fcfa822b9c4e97bc ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:11:11.0953 5400 AsyncMac - ok
07:11:11.0984 5400 [ 9f3a2f5aa6875c72bf062c712cfa2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
07:11:11.0984 5400 atapi - ok
07:11:12.0000 5400 Atdisk - ok
07:11:12.0031 5400 [ 454dfdc3d40b777455846e749d3b49ff ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
07:11:12.0047 5400 Ati HotKey Poller - ok
07:11:12.0094 5400 [ ef94e95e9d5366a88275fbb15e9d6e74 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
07:11:12.0125 5400 ATI Smart - ok
07:11:12.0218 5400 [ c51608bba3248be2f6d21b132910752a ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
07:11:12.0234 5400 ati2mtag - ok
07:11:12.0265 5400 [ 9916c1225104ba14794209cfa8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:11:12.0265 5400 Atmarpc - ok
07:11:12.0297 5400 [ def7a7882bec100fe0b2ce2549188f9d ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
07:11:12.0297 5400 AudioSrv - ok
07:11:12.0343 5400 [ d9f724aa26c010a217c97606b160ed68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
07:11:12.0343 5400 audstub - ok
07:11:12.0406 5400 [ ea2d28bbe98256654397cd1f6eaebdd8 ] Autodesk Licensing Service C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
07:11:12.0406 5400 Autodesk Licensing Service - ok
07:11:12.0593 5400 [ d67719bcfde5798f5c30d14efed3bcaf ] AVGIDSAgent C:\Program Files\AVG\AVG2012\avgidsagent.exe
07:11:12.0718 5400 AVGIDSAgent - ok
07:11:12.0749 5400 [ 1074f787080068c71303b61fae7e7ca4 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
07:11:12.0749 5400 AVGIDSDriver - ok
07:11:12.0765 5400 [ 61a7e0b02f82cff3db2445bbe50b3589 ] AVGIDSFilter C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
07:11:12.0765 5400 AVGIDSFilter - ok
07:11:12.0781 5400 [ d63d83659eedf60b3a3e620281a888e5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
07:11:12.0781 5400 AVGIDSHX - ok
07:11:12.0796 5400 [ baf975b72062f53d327788e99d64197e ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
07:11:12.0796 5400 AVGIDSShim - ok
07:11:12.0843 5400 [ dda6a2a18841e4c9172bb85958b8d948 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
07:11:12.0843 5400 Avgldx86 - ok
07:11:12.0843 5400 [ ccdd61545aaea265977e4b1efdc74e8c ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
07:11:12.0843 5400 Avgmfx86 - ok
07:11:12.0859 5400 [ 1fd90b28d2c3100bf4500199c8ad6358 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
07:11:12.0859 5400 Avgrkx86 - ok
07:11:12.0859 5400 [ 1263f2554ace925c237a40b4c568d815 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
07:11:12.0874 5400 Avgtdix - ok
07:11:12.0906 5400 [ 493f32ba712319ca1b720e6a17ec38d7 ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
07:11:12.0906 5400 avgtp - ok
07:11:12.0953 5400 [ ea1145debcd508fd25bd1e95c4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
07:11:12.0953 5400 avgwd - ok
07:11:12.0984 5400 [ da1f27d85e0d1525f6621372e7b685e9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
07:11:12.0984 5400 Beep - ok
07:11:13.0031 5400 [ 574738f61fca2935f5265dc4e5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
07:11:13.0062 5400 BITS - ok
07:11:13.0124 5400 [ db5bea73edaf19ac68b2c0fad0f92b1a ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
07:11:13.0140 5400 Bonjour Service - ok
07:11:13.0156 5400 [ cfd4e51402da9838b5a04ae680af54a0 ] Browser C:\WINDOWS\System32\browser.dll
07:11:13.0171 5400 Browser - ok
07:11:13.0265 5400 catchme - ok
07:11:13.0296 5400 [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
07:11:13.0296 5400 cbidf2k - ok
07:11:13.0312 5400 cd20xrnt - ok
07:11:13.0327 5400 [ c1b486a7658353d33a10cc15211a873b ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
07:11:13.0327 5400 Cdaudio - ok
07:11:13.0359 5400 [ c885b02847f5d2fd45a24e219ed93b32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
07:11:13.0374 5400 Cdfs - ok
07:11:13.0405 5400 [ 1f4260cc5b42272d71f79e570a27a4fe ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:11:13.0405 5400 Cdrom - ok
07:11:13.0421 5400 Changer - ok
07:11:13.0437 5400 [ 1cfe720eb8d93a7158a4ebc3ab178bde ] CiSvc C:\WINDOWS\system32\cisvc.exe
07:11:13.0452 5400 CiSvc - ok
07:11:13.0468 5400 [ 34cbe729f38138217f9c80212a2a0c82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
07:11:13.0484 5400 ClipSrv - ok
07:11:13.0530 5400 [ d87acaed61e417bba546ced5e7e36d9c ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:11:13.0608 5400 clr_optimization_v2.0.50727_32 - ok
07:11:13.0640 5400 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:11:13.0733 5400 clr_optimization_v4.0.30319_32 - ok
07:11:13.0733 5400 CmdIde - ok
07:11:13.0765 5400 [ 6e4c9f21f0fae8940661144f41b13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
07:11:13.0765 5400 Compbatt - ok
07:11:13.0765 5400 COMSysApp - ok
07:11:13.0765 5400 Cpqarray - ok
07:11:13.0812 5400 [ 3d4e199942e29207970e04315d02ad3b ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
07:11:13.0812 5400 CryptSvc - ok
07:11:13.0812 5400 dac2w2k - ok
07:11:13.0812 5400 dac960nt - ok
07:11:13.0858 5400 [ 6b27a5c03dfb94b4245739065431322c ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
07:11:13.0858 5400 DcomLaunch - ok
07:11:13.0890 5400 [ 5e38d7684a49cacfb752b046357e0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
07:11:13.0890 5400 Dhcp - ok
07:11:13.0905 5400 [ 044452051f3e02e7963599fc8f4f3e25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
07:11:13.0905 5400 Disk - ok
07:11:13.0905 5400 dmadmin - ok
07:11:13.0968 5400 [ d992fe1274bde0f84ad826acae022a41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
07:11:13.0983 5400 dmboot - ok
07:11:13.0999 5400 [ 7c824cf7bbde77d95c08005717a95f6f ] dmio C:\WINDOWS\system32\drivers\dmio.sys
07:11:13.0999 5400 dmio - ok
07:11:13.0999 5400 [ e9317282a63ca4d188c0df5e09c6ac5f ] dmload C:\WINDOWS\system32\drivers\dmload.sys
07:11:14.0015 5400 dmload - ok
07:11:14.0015 5400 [ 57edec2e5f59f0335e92f35184bc8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
07:11:14.0015 5400 dmserver - ok
07:11:14.0046 5400 [ 8a208dfcf89792a484e76c40e5f50b45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
07:11:14.0046 5400 DMusic - ok
07:11:14.0061 5400 [ 5f7e24fa9eab896051ffb87f840730d2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
07:11:14.0077 5400 Dnscache - ok
07:11:14.0108 5400 [ 0f0f6e687e5e15579ef4da8dd6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
07:11:14.0108 5400 Dot3svc - ok
07:11:14.0108 5400 dpti2o - ok
07:11:14.0124 5400 [ 8f5fcff8e8848afac920905fbd9d33c8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
07:11:14.0124 5400 drmkaud - ok
07:11:14.0155 5400 [ 4590c6fe0b9fee3ef6592df041c6cde7 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
07:11:14.0171 5400 e1express - ok
07:11:14.0202 5400 [ 2187855a7703adef0cef9ee4285182cc ] EapHost C:\WINDOWS\System32\eapsvc.dll
07:11:14.0218 5400 EapHost - ok
07:11:14.0218 5400 [ bc93b4a066477954555966d77fec9ecb ] ERSvc C:\WINDOWS\System32\ersvc.dll
07:11:14.0218 5400 ERSvc - ok
07:11:14.0249 5400 [ 65df52f5b8b6e9bbd183505225c37315 ] Eventlog C:\WINDOWS\system32\services.exe
07:11:14.0249 5400 Eventlog - ok
07:11:14.0264 5400 [ d4991d98f2db73c60d042f1aef79efae ] EventSystem C:\WINDOWS\system32\es.dll
07:11:14.0280 5400 EventSystem - ok
07:11:14.0311 5400 [ 38d332a6d56af32635675f132548343e ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
07:11:14.0311 5400 Fastfat - ok
07:11:14.0327 5400 [ 99bc0b50f511924348be19c7c7313bbf ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
07:11:14.0327 5400 FastUserSwitchingCompatibility - ok
07:11:14.0358 5400 [ 92cdd60b6730b9f50f6a1a0c1f8cdc81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
07:11:14.0358 5400 Fdc - ok
07:11:14.0405 5400 [ d45926117eb9fa946a6af572fbe1caa3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
07:11:14.0405 5400 Fips - ok
07:11:14.0405 5400 [ 9d27e7b80bfcdf1cdd9b555862d5e7f0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
07:11:14.0405 5400 Flpydisk - ok
07:11:14.0421 5400 [ b2cf4b0786f8212cb92ed2b50c6db6b0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
07:11:14.0421 5400 FltMgr - ok
07:11:14.0452 5400 [ 8efa9bfc940d9eb9348d9dafb839fe25 ] FlyUsb C:\WINDOWS\system32\DRIVERS\FlyUsb.sys
07:11:14.0467 5400 FlyUsb - ok
07:11:14.0514 5400 [ 8ba7c024070f2b7fdd98ed8a4ba41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
07:11:14.0514 5400 FontCache3.0.0.0 - ok
07:11:14.0530 5400 [ 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:11:14.0530 5400 Fs_Rec - ok
07:11:14.0561 5400 [ 6ac26732762483366c3969c9e4d2259d ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:11:14.0561 5400 Ftdisk - ok
07:11:14.0592 5400 [ 8182ff89c65e4d38b2de4bb0fb18564e ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
07:11:14.0592 5400 GEARAspiWDM - ok
07:11:14.0624 5400 [ 0a02c63c8b144bd8c86b103dee7c86a2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:11:14.0624 5400 Gpc - ok
07:11:14.0686 5400 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
07:11:14.0686 5400 gupdate - ok
07:11:14.0686 5400 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
07:11:14.0686 5400 gupdatem - ok
07:11:14.0702 5400 [ cc839e8d766cc31a7710c9f38cf3e375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
07:11:14.0702 5400 gusvc - ok
07:11:14.0733 5400 [ 573c7d0a32852b48f3058cfd8026f511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
07:11:14.0733 5400 HDAudBus - ok
07:11:14.0780 5400 [ 4fcca060dfe0c51a09dd5c3843888bcd ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
07:11:14.0780 5400 helpsvc - ok
07:11:14.0795 5400 [ 748031ff4fe45ccc47546294905feab8 ] HidBatt C:\WINDOWS\system32\DRIVERS\HidBatt.sys
07:11:14.0795 5400 HidBatt - ok
07:11:14.0795 5400 HidServ - ok
07:11:14.0827 5400 [ ccf82c5ec8a7326c3066de870c06daf1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:11:14.0827 5400 hidusb - ok
07:11:14.0858 5400 [ 8878bd685e490239777bfe51320b88e9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
07:11:14.0858 5400 hkmsvc - ok
07:11:14.0858 5400 hpn - ok
07:11:14.0889 5400 [ f80a415ef82cd06ffaf0d971528ead38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
07:11:14.0889 5400 HTTP - ok
07:11:14.0920 5400 [ 6100a808600f44d999cebdef8841c7a3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
07:11:14.0920 5400 HTTPFilter - ok
07:11:14.0920 5400 i2omgmt - ok
07:11:14.0936 5400 i2omp - ok
07:11:14.0967 5400 [ 4a0b06aa8943c1e332520f7440c0aa30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:11:14.0967 5400 i8042prt - ok
07:11:15.0030 5400 [ c01ac32dc5c03076cfb852cb5da5229c ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:11:15.0045 5400 idsvc - ok
07:11:15.0061 5400 [ 083a052659f5310dd8b6a6cb05edcf8e ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
07:11:15.0061 5400 Imapi - ok
07:11:15.0092 5400 [ 30deaf54a9755bb8546168cfe8a6b5e1 ] ImapiService C:\WINDOWS\system32\imapi.exe
07:11:15.0092 5400 ImapiService - ok
07:11:15.0108 5400 ini910u - ok
07:11:15.0248 5400 [ fc3a99650afe0b39fe1d214304a7d0d3 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
07:11:15.0280 5400 IntcAzAudAddService - ok
07:11:15.0280 5400 IntelIde - ok
07:11:15.0311 5400 [ 8c953733d8f36eb2133f5bb58808b66b ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:11:15.0311 5400 intelppm - ok
07:11:15.0342 5400 [ 3bb22519a194418d5fec05d800a19ad0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
07:11:15.0342 5400 Ip6Fw - ok
07:11:15.0358 5400 [ 731f22ba402ee4b62748adaf6363c182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:11:15.0358 5400 IpFilterDriver - ok
07:11:15.0389 5400 [ b87ab476dcf76e72010632b5550955f5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:11:15.0389 5400 IpInIp - ok
07:11:15.0420 5400 [ cc748ea12c6effde940ee98098bf96bb ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:11:15.0420 5400 IpNat - ok
07:11:15.0467 5400 [ 178fe38b7740f598391eb2f51ae4ccac ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
07:11:15.0467 5400 iPod Service - ok
07:11:15.0467 5400 [ 23c74d75e36e7158768dd63d92789a91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:11:15.0483 5400 IPSec - ok
07:11:15.0498 5400 [ c93c9ff7b04d772627a3646d89f7bf89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
07:11:15.0498 5400 IRENUM - ok
07:11:15.0530 5400 [ 05a299ec56e52649b1cf2fc52d20f2d7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:11:15.0530 5400 isapnp - ok
07:11:15.0608 5400 [ 381b25dc8e958d905b33130d500bbf29 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
07:11:15.0608 5400 JavaQuickStarterService - ok
07:11:15.0623 5400 [ 463c1ec80cd17420a542b7f36a36f128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:11:15.0623 5400 Kbdclass - ok
07:11:15.0639 5400 [ 692bcf44383d056aed41b045a323d378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
07:11:15.0639 5400 kmixer - ok
07:11:15.0654 5400 [ b467646c54cc746128904e1654c750c1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
07:11:15.0654 5400 KSecDD - ok
07:11:15.0686 5400 [ 3a7c3cbe5d96b8ae96ce81f0b22fb527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
07:11:15.0717 5400 lanmanserver - ok
07:11:15.0733 5400 [ a8888a5327621856c0cec4e385f69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
07:11:15.0748 5400 lanmanworkstation - ok
07:11:15.0748 5400 Lavasoft Kernexplorer - ok
07:11:15.0748 5400 lbrtfdc - ok
07:11:15.0982 5400 [ b25c71018bdba3e1e0e64917f7af50a7 ] LeapFrog Connect Device Service C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
07:11:16.0076 5400 LeapFrog Connect Device Service - ok
07:11:16.0123 5400 [ a7db739ae99a796d91580147e919cc59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
07:11:16.0123 5400 LmHosts - ok
07:11:16.0185 5400 [ f8b823414a22dbf3bec10dcaa5f93cd8 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
07:11:16.0248 5400 McciCMService - ok
07:11:16.0295 5400 [ 11f714f85530a2bd134074dc30e99fca ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
07:11:16.0295 5400 MDM - ok
07:11:16.0310 5400 [ 986b1ff5814366d71e0ac5755c88f2d3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
07:11:16.0310 5400 Messenger - ok
07:11:16.0342 5400 [ 4ae068242760a1fb6e1a44bf4e16afa6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
07:11:16.0342 5400 mnmdd - ok
07:11:16.0373 5400 [ d18f1f0c101d06a1c1adf26eed16fcdd ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
07:11:16.0373 5400 mnmsrvc - ok
07:11:16.0389 5400 [ dfcbad3cec1c5f964962ae10e0bcc8e1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
07:11:16.0389 5400 Modem - ok
07:11:16.0420 5400 [ 35c9e97194c8cfb8430125f8dbc34d04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:11:16.0420 5400 Mouclass - ok
07:11:16.0451 5400 [ b1c303e17fb9d46e87a98e4ba6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:11:16.0451 5400 mouhid - ok
07:11:16.0467 5400 [ a80b9a0bad1b73637dbcbba7df72d3fd ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
07:11:16.0467 5400 MountMgr - ok
07:11:16.0529 5400 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
07:11:16.0545 5400 MozillaMaintenance - ok
07:11:16.0545 5400 mraid35x - ok
07:11:16.0545 5400 [ 11d42bb6206f33fbb3ba0288d3ef81bd ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:11:16.0545 5400 MRxDAV - ok
07:11:16.0592 5400 [ 7d304a5eb4344ebeeab53a2fe3ffb9f0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:11:16.0623 5400 MRxSmb - ok
07:11:16.0654 5400 [ a137f1470499a205abbb9aafb3b6f2b1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
07:11:16.0654 5400 MSDTC - ok
07:11:16.0701 5400 [ c941ea2454ba8350021d774daf0f1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
07:11:16.0701 5400 Msfs - ok
07:11:16.0701 5400 MSIServer - ok
07:11:16.0732 5400 [ d1575e71568f4d9e14ca56b7b0453bf1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:11:16.0732 5400 MSKSSRV - ok
07:11:16.0763 5400 [ 325bb26842fc7ccc1fcce2c457317f3e ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:11:16.0763 5400 MSPCLOCK - ok
07:11:16.0779 5400 [ bad59648ba099da4a17680b39730cb3d ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
07:11:16.0779 5400 MSPQM - ok
07:11:16.0795 5400 [ af5f4f3f14a8ea2c26de30f7a1e17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:11:16.0810 5400 mssmbios - ok
07:11:16.0841 5400 [ d48659bb24c48345d926ecb45c1ebdf5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
07:11:16.0841 5400 MTsensor - ok
07:11:16.0857 5400 [ de6a75f5c270e756c5508d94b6cf68f5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
07:11:16.0888 5400 Mup - ok
07:11:16.0935 5400 [ 0102140028fad045756796e1c685d695 ] napagent C:\WINDOWS\System32\qagentrt.dll
07:11:16.0935 5400 napagent - ok
07:11:16.0966 5400 [ 1df7f42665c94b825322fae71721130d ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
07:11:16.0966 5400 NDIS - ok
07:11:16.0998 5400 [ 0109c4f3850dfbab279542515386ae22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:11:17.0029 5400 NdisTapi - ok
07:11:17.0076 5400 [ f927a4434c5028758a842943ef1a3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:11:17.0076 5400 Ndisuio - ok
07:11:17.0091 5400 [ edc1531a49c80614b2cfda43ca8659ab ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:11:17.0091 5400 NdisWan - ok
07:11:17.0107 5400 [ 9282bd12dfb069d3889eb3fcc1000a9b ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
07:11:17.0107 5400 NDProxy - ok
07:11:17.0123 5400 [ 5d81cf9a2f1a3a756b66cf684911cdf0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
07:11:17.0123 5400 NetBIOS - ok
07:11:17.0138 5400 [ 74b2b2f5bea5e9a3dc021d685551bd3d ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
07:11:17.0154 5400 NetBT - ok
07:11:17.0169 5400 [ b857ba82860d7ff85ae29b095645563b ] NetDDE C:\WINDOWS\system32\netdde.exe
07:11:17.0169 5400 NetDDE - ok
07:11:17.0185 5400 [ b857ba82860d7ff85ae29b095645563b ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
07:11:17.0185 5400 NetDDEdsdm - ok
07:11:17.0216 5400 [ bf2466b3e18e970d8a976fb95fc1ca85 ] Netlogon C:\WINDOWS\system32\lsass.exe
07:11:17.0216 5400 Netlogon - ok
07:11:17.0232 5400 [ 13e67b55b3abd7bf3fe7aae5a0f9a9de ] Netman C:\WINDOWS\System32\netman.dll
07:11:17.0232 5400 Netman - ok
07:11:17.0263 5400 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
07:11:17.0279 5400 NetTcpPortSharing - ok
07:11:17.0310 5400 [ 943337d786a56729263071623bbb9de5 ] Nla C:\WINDOWS\System32\mswsock.dll
07:11:17.0310 5400 Nla - ok
07:11:17.0326 5400 [ 3182d64ae053d6fb034f44b6def8034a ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
07:11:17.0326 5400 Npfs - ok
07:11:17.0357 5400 [ 78a08dd6a8d65e697c18e1db01c5cdca ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
07:11:17.0357 5400 Ntfs - ok
07:11:17.0357 5400 [ bf2466b3e18e970d8a976fb95fc1ca85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
07:11:17.0372 5400 NtLmSsp - ok
07:11:17.0419 5400 [ 156f64a3345bd23c600655fb4d10bc08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
07:11:17.0419 5400 NtmsSvc - ok
07:11:17.0451 5400 [ 73c1e1f395918bc2c6dd67af7591a3ad ] Null C:\WINDOWS\system32\drivers\Null.sys
07:11:17.0451 5400 Null - ok
07:11:17.0466 5400 [ b305f3fad35083837ef46a0bbce2fc57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:11:17.0466 5400 NwlnkFlt - ok
07:11:17.0482 5400 [ c99b3415198d1aab7227f2c88fd664b9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:11:17.0482 5400 NwlnkFwd - ok
07:11:17.0497 5400 [ 5575faf8f97ce5e713d108c2a58d7c7c ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
07:11:17.0497 5400 Parport - ok
07:11:17.0529 5400 [ beb3ba25197665d82ec7065b724171c6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
07:11:17.0529 5400 PartMgr - ok
07:11:17.0544 5400 [ 70e98b3fd8e963a6a46a2e6247e0bea1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
07:11:17.0544 5400 ParVdm - ok
07:11:17.0576 5400 [ a219903ccf74233761d92bef471a07b1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
07:11:17.0576 5400 PCI - ok
07:11:17.0576 5400 PCIDump - ok
07:11:17.0576 5400 [ ccf5f451bb1a5a2a522a76e670000ff0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
07:11:17.0576 5400 PCIIde - ok
07:11:17.0622 5400 [ 9e89ef60e9ee05e3f2eef2da7397f1c1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
07:11:17.0622 5400 Pcmcia - ok
07:11:17.0622 5400 PDCOMP - ok
07:11:17.0638 5400 PDFRAME - ok
07:11:17.0638 5400 PDRELI - ok
07:11:17.0638 5400 PDRFRAME - ok
07:11:17.0654 5400 perc2 - ok
07:11:17.0654 5400 perc2hib - ok
07:11:17.0685 5400 [ 65df52f5b8b6e9bbd183505225c37315 ] PlugPlay C:\WINDOWS\system32\services.exe
07:11:17.0685 5400 PlugPlay - ok
07:11:17.0732 5400 [ 3b6973d60bde757c53bb76842d31318e ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys
07:11:17.0732 5400 Point32 - ok
07:11:17.0732 5400 [ bf2466b3e18e970d8a976fb95fc1ca85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
07:11:17.0732 5400 PolicyAgent - ok
07:11:17.0747 5400 [ efeec01b1d3cf84f16ddd24d9d9d8f99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:11:17.0747 5400 PptpMiniport - ok
07:11:17.0747 5400 [ bf2466b3e18e970d8a976fb95fc1ca85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
07:11:17.0747 5400 ProtectedStorage - ok
07:11:17.0763 5400 [ 09298ec810b07e5d582cb3a3f9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
07:11:17.0779 5400 PSched - ok
07:11:17.0794 5400 [ 80d317bd1c3dbc5d4fe7b1678c60cadd ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:11:17.0794 5400 Ptilink - ok
07:11:17.0794 5400 ql1080 - ok
07:11:17.0794 5400 Ql10wnt - ok
07:11:17.0810 5400 ql12160 - ok
07:11:17.0810 5400 ql1240 - ok
07:11:17.0810 5400 ql1280 - ok
07:11:17.0841 5400 [ fe0d99d6f31e4fad8159f690d68ded9c ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:11:17.0841 5400 RasAcd - ok
07:11:17.0872 5400 [ ad188be7bdf94e8df4ca0a55c00a5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
07:11:17.0872 5400 RasAuto - ok
07:11:17.0888 5400 [ 11b4a627bc9614b885c4969bfa5ff8a6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:11:17.0888 5400 Rasl2tp - ok
07:11:17.0935 5400 [ 76a9a3cbeadd68cc57cda5e1d7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
07:11:17.0935 5400 RasMan - ok
07:11:17.0935 5400 [ 5bc962f2654137c9909c3d4603587dee ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:11:17.0935 5400 RasPppoe - ok
07:11:17.0950 5400 [ fdbb1d60066fcfbb7452fd8f9829b242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
07:11:17.0950 5400 Raspti - ok
07:11:17.0966 5400 [ 7ad224ad1a1437fe28d89cf22b17780a ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:11:17.0966 5400 Rdbss - ok
07:11:17.0997 5400 [ 4912d5b403614ce99c28420f75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:11:17.0997 5400 RDPCDD - ok
07:11:18.0013 5400 [ 15cabd0f7c00c47c70124907916af3f1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
07:11:18.0013 5400 rdpdr - ok
07:11:18.0044 5400 [ 43af5212bd8fb5ba6eed9754358bd8f7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
07:11:18.0060 5400 RDPWD - ok
07:11:18.0091 5400 [ 3c37bf86641bda977c3bf8a840f3b7fa ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
07:11:18.0091 5400 RDSessMgr - ok
07:11:18.0107 5400 [ f828dd7e1419b6653894a8f97a0094c5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
07:11:18.0122 5400 redbook - ok
07:11:18.0153 5400 [ 7e699ff5f59b5d9de5390e3c34c67cf5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
07:11:18.0153 5400 RemoteAccess - ok
07:11:18.0169 5400 [ 5b19b557b0c188210a56a6b699d90b8f ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
07:11:18.0169 5400 RemoteRegistry - ok
07:11:18.0200 5400 [ aaed593f84afa419bbae8572af87cf6a ] RpcLocator C:\WINDOWS\system32\locator.exe
07:11:18.0216 5400 RpcLocator - ok
07:11:18.0247 5400 [ 6b27a5c03dfb94b4245739065431322c ] RpcSs C:\WINDOWS\System32\rpcss.dll
07:11:18.0247 5400 RpcSs - ok
07:11:18.0341 5400 [ 471b3f9741d762abe75e9deea4787e47 ] RSVP C:\WINDOWS\system32\rsvp.exe
07:11:18.0341 5400 RSVP - ok
07:11:18.0356 5400 [ bf2466b3e18e970d8a976fb95fc1ca85 ] SamSs C:\WINDOWS\system32\lsass.exe
07:11:18.0356 5400 SamSs - ok
07:11:18.0388 5400 [ 86d007e7a654b9a71d1d7d856b104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
07:11:18.0419 5400 SCardSvr - ok
07:11:18.0450 5400 [ 0a9a7365a1ca4319aa7c1d6cd8e4eafa ] Schedule C:\WINDOWS\system32\schedsvc.dll
07:11:18.0450 5400 Schedule - ok
07:11:18.0481 5400 [ 90a3935d05b494a5a39d37e71f09a677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:11:18.0481 5400 Secdrv - ok
07:11:18.0481 5400 [ cbe612e2bb6a10e3563336191eda1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
07:11:18.0481 5400 seclogon - ok
07:11:18.0513 5400 [ 7fdd5d0684eca8c1f68b4d99d124dcd0 ] SENS C:\WINDOWS\system32\sens.dll
07:11:18.0513 5400 SENS - ok
07:11:18.0528 5400 [ 0f29512ccd6bead730039fb4bd2c85ce ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
07:11:18.0528 5400 serenum - ok
07:11:18.0544 5400 [ cca207a8896d4c6a0c9ce29a4ae411a7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
07:11:18.0544 5400 Serial - ok
07:11:18.0575 5400 [ 8e6b8c671615d126fdc553d1e2de5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
07:11:18.0575 5400 Sfloppy - ok
07:11:18.0622 5400 [ 83f41d0d89645d7235c051ab1d9523ac ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
07:11:18.0622 5400 SharedAccess - ok
07:11:18.0653 5400 [ 99bc0b50f511924348be19c7c7313bbf ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
07:11:18.0669 5400 ShellHWDetection - ok
07:11:18.0669 5400 Simbad - ok
07:11:18.0669 5400 Sparrow - ok
07:11:18.0700 5400 [ ab8b92451ecb048a4d1de7c3ffcb4a9f ] splitter C:\WINDOWS\system32\drivers\splitter.sys
07:11:18.0700 5400 splitter - ok
07:11:18.0731 5400 [ 60784f891563fb1b767f70117fc2428f ] Spooler C:\WINDOWS\system32\spoolsv.exe
07:11:18.0731 5400 Spooler - ok
07:11:18.0778 5400 [ 76bb022c2fb6902fd5bdd4f78fc13a5d ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
07:11:18.0778 5400 sr - ok
07:11:18.0778 5400 [ 3805df0ac4296a34ba4bf93b346cc378 ] srservice C:\WINDOWS\system32\srsvc.dll
07:11:18.0794 5400 srservice - ok
07:11:18.0825 5400 [ 47ddfc2f003f7f9f0592c6874962a2e7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
07:11:18.0825 5400 Srv - ok
07:11:18.0841 5400 [ 0a5679b3714edab99e357057ee88fca6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
07:11:18.0856 5400 SSDPSRV - ok
07:11:18.0872 5400 [ 8bad69cbac032d4bbacfce0306174c30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
07:11:18.0872 5400 stisvc - ok
07:11:18.0903 5400 [ 3941d127aef12e93addf6fe6ee027e0f ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
07:11:18.0919 5400 swenum - ok
07:11:18.0934 5400 [ 8ce882bcc6cf8a62f2b2323d95cb3d01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
07:11:18.0934 5400 swmidi - ok
07:11:18.0934 5400 SwPrv - ok
07:11:18.0950 5400 symc810 - ok
07:11:18.0950 5400 symc8xx - ok
07:11:18.0950 5400 sym_hi - ok
07:11:18.0966 5400 sym_u3 - ok
07:11:18.0966 5400 [ 8b83f3ed0f1688b4958f77cd6d2bf290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
07:11:18.0981 5400 sysaudio - ok
07:11:18.0997 5400 [ c7abbc59b43274b1109df6b24d617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
07:11:18.0997 5400 SysmonLog - ok
07:11:19.0012 5400 [ 3cb78c17bb664637787c9a1c98f79c38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
07:11:19.0028 5400 TapiSrv - ok
07:11:19.0059 5400 [ 9aefa14bd6b182d61e3119fa5f436d3d ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:11:19.0075 5400 Tcpip - ok
07:11:19.0090 5400 [ 6471a66807f5e104e4885f5b67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
07:11:19.0090 5400 TDPIPE - ok
07:11:19.0106 5400 [ c56b6d0402371cf3700eb322ef3aaf61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
07:11:19.0106 5400 TDTCP - ok
07:11:19.0106 5400 [ 88155247177638048422893737429d9e ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
07:11:19.0106 5400 TermDD - ok
07:11:19.0122 5400 [ ff3477c03be7201c294c35f684b3479f ] TermService C:\WINDOWS\System32\termsrv.dll
07:11:19.0122 5400 TermService - ok
07:11:19.0153 5400 [ 99bc0b50f511924348be19c7c7313bbf ] Themes C:\WINDOWS\System32\shsvcs.dll
07:11:19.0153 5400 Themes - ok
07:11:19.0184 5400 [ db7205804759ff62c34e3efd8a4cc76a ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
07:11:19.0184 5400 TlntSvr - ok
07:11:19.0184 5400 TosIde - ok
07:11:19.0200 5400 [ 55bca12f7f523d35ca3cb833c725f54e ] TrkWks C:\WINDOWS\system32\trkwks.dll
07:11:19.0200 5400 TrkWks - ok
07:11:19.0231 5400 [ 5787b80c2e3c5e2f56c2a233d91fa2c9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
07:11:19.0231 5400 Udfs - ok
07:11:19.0231 5400 ultra - ok
07:11:19.0247 5400 UltraMonMirror - ok
07:11:19.0278 5400 [ 402ddc88356b1bac0ee3dd1580c76a31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
07:11:19.0278 5400 Update - ok
07:11:19.0294 5400 [ 1ebafeb9a3fbdc41b8d9c7f0f687ad91 ] upnphost C:\WINDOWS\System32\upnphost.dll
07:11:19.0309 5400 upnphost - ok
07:11:19.0325 5400 [ 05365fb38fca1e98f7a566aaaf5d1815 ] UPS C:\WINDOWS\System32\ups.exe
07:11:19.0325 5400 UPS - ok
07:11:19.0356 5400 [ 83cafcb53201bbac04d822f32438e244 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
07:11:19.0372 5400 USBAAPL - ok
07:11:19.0387 5400 [ 65dcf09d0e37d4c6b11b5b0b76d470a7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:11:19.0387 5400 usbehci - ok
07:11:19.0403 5400 [ 1ab3cdde553b6e064d2e754efe20285c ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:11:19.0403 5400 usbhub - ok
07:11:19.0434 5400 [ a0b8cf9deb1184fbdd20784a58fa75d4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
07:11:19.0434 5400 usbscan - ok
07:11:19.0450 5400 [ a32426d9b14a089eaa1d922e0c5801a9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:11:19.0450 5400 USBSTOR - ok
07:11:19.0450 5400 [ 26496f9dee2d787fc3e61ad54821ffe6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:11:19.0465 5400 usbuhci - ok
07:11:19.0465 5400 [ 0d3a8fafceacd8b7625cd549757a7df1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
07:11:19.0465 5400 VgaSave - ok
07:11:19.0465 5400 ViaIde - ok
07:11:19.0497 5400 [ 4c8fcb5cc53aab716d810740fe59d025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
07:11:19.0497 5400 VolSnap - ok
07:11:19.0543 5400 [ 7a9db3a67c333bf0bd42e42b8596854b ] VSS C:\WINDOWS\System32\vssvc.exe
07:11:19.0543 5400 VSS - ok
07:11:19.0621 5400 [ ef51747440486c23bd466311048bd924 ] vToolbarUpdater12.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
07:11:19.0621 5400 vToolbarUpdater12.2.0 - ok
07:11:19.0637 5400 [ 54af4b1d5459500ef0937f6d33b1914f ] W32Time C:\WINDOWS\system32\w32time.dll
07:11:19.0637 5400 W32Time - ok
07:11:19.0653 5400 [ e20b95baedb550f32dd489265c1da1f6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:11:19.0653 5400 Wanarp - ok
07:11:19.0653 5400 WDICA - ok
07:11:19.0668 5400 [ 6768acf64b18196494413695f0c3a00f ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
07:11:19.0668 5400 wdmaud - ok
07:11:19.0684 5400 [ 77a354e28153ad2d5e120a5a8687bc06 ] WebClient C:\WINDOWS\System32\webclnt.dll
07:11:19.0684 5400 WebClient - ok
07:11:19.0778 5400 [ 2d0e4ed081963804ccc196a0929275b5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
07:11:19.0778 5400 winmgmt - ok
07:11:19.0825 5400 [ c51b4a5c05a5475708e3c81c7765b71d ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
07:11:19.0825 5400 WmdmPmSN - ok
07:11:19.0856 5400 [ e76f8807070ed04e7408a86d6d3a6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
07:11:19.0871 5400 Wmi - ok
07:11:19.0903 5400 [ e0673f1106e62a68d2257e376079f821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
07:11:19.0903 5400 WmiApSrv - ok
07:11:19.0981 5400 [ f74e3d9a7fa9556c3bbb14d4e5e63d3b ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
07:11:19.0981 5400 WMPNetworkSvc - ok
07:11:20.0074 5400 [ dcf3e3edf5109ee8bc02fe6e1f045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
07:11:20.0090 5400 WPFFontCache_v0400 - ok
07:11:20.0121 5400 [ 6abe6e225adb5a751622a9cc3bc19ce8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
07:11:20.0121 5400 WS2IFSL - ok
07:11:20.0153 5400 [ 7c278e6408d1dce642230c0585a854d5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
07:11:20.0153 5400 wscsvc - ok
07:11:20.0153 5400 WSearch - ok
07:11:20.0184 5400 [ 35321fb577cdc98ce3eb3a3eb9e4610a ] wuauserv C:\WINDOWS\system32\wuauserv.dll
07:11:20.0184 5400 wuauserv - ok
07:11:20.0215 5400 [ f15feafffbb3644ccc80c5da584e6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
07:11:20.0215 5400 WudfPf - ok
07:11:20.0231 5400 [ 28b524262bce6de1f7ef9f510ba3985b ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
07:11:20.0231 5400 WudfRd - ok
07:11:20.0246 5400 [ 05231c04253c5bc30b26cbaae680ed89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
07:11:20.0246 5400 WudfSvc - ok
07:11:20.0293 5400 [ 81dc3f549f44b1c1fff022dec9ecf30b ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
07:11:20.0293 5400 WZCSVC - ok
07:11:20.0324 5400 [ 295d21f14c335b53cb8154e5b1f892b9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
07:11:20.0324 5400 xmlprov - ok
07:11:20.0340 5400 ================ Scan global ===============================
07:11:20.0356 5400 (42f1f4c0afb08410e5f02d4b13ebb623) C:\WINDOWS\system32\basesrv.dll
07:11:20.0402 5400 (8c7dca4b158bf16894120786a7a5f366) C:\WINDOWS\system32\winsrv.dll
07:11:20.0402 5400 (8c7dca4b158bf16894120786a7a5f366) C:\WINDOWS\system32\winsrv.dll
07:11:20.0449 5400 (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
07:11:20.0449 5400 [Global] - ok
07:11:20.0449 5400 ================ Scan MBR ==================================
07:11:20.0465 5400 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
07:11:20.0605 5400 \Device\Harddisk0\DR0 - ok
07:11:20.0605 5400 ================ Scan VBR ==================================
07:11:20.0605 5400 Boot (0x1200) (73906262d1be8aa8c2bedb9c96c7e998) \Device\Harddisk0\DR0\Partition1
07:11:20.0605 5400 \Device\Harddisk0\DR0\Partition1 - ok
07:11:20.0605 5400 ============================================================
07:11:20.0605 5400 Scan finished
07:11:20.0605 5400 ============================================================
07:11:20.0621 6032 Detected object count: 0
07:11:20.0621 6032 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-20 07:13:17
-----------------------------
07:13:17.246 OS Version: Windows 5.1.2600 Service Pack 3
07:13:17.246 Number of processors: 2 586 0x602
07:13:17.246 ComputerName: COX UserName:
07:13:17.887 Initialize success
07:17:43.942 AVAST engine defs: 12082000
07:27:59.360 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
07:27:59.360 Disk 0 Vendor: ST3300622AS 3.AAH Size: 286168MB BusType: 3
07:27:59.376 Disk 0 MBR read successfully
07:27:59.376 Disk 0 MBR scan
07:27:59.423 Disk 0 Windows XP default MBR code
07:27:59.423 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 286157 MB offset 63
07:27:59.423 Disk 0 scanning sectors +586051200
07:27:59.485 Disk 0 scanning C:\WINDOWS\system32\drivers
07:28:09.438 Service scanning
07:28:23.875 Modules scanning
07:28:27.782 Disk 0 trace - called modules:
07:28:27.797
07:28:28.672 AVAST engine scan C:\WINDOWS
07:28:45.172 AVAST engine scan C:\WINDOWS\system32
07:32:31.014 AVAST engine scan C:\WINDOWS\system32\drivers
07:32:57.139 AVAST engine scan C:\Documents and Settings\mcox
07:35:53.528 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\mcox\Desktop\MBR.dat"
07:35:53.528 The log file has been saved successfully to "C:\Documents and Settings\mcox\Desktop\aswMBR.txt"

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:44 PM

Posted 20 August 2012 - 11:13 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 muleball

muleball
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 20 August 2012 - 11:48 AM

Only problem that I had was that I forgot to turn off AVG, so after I did that, ComboFix worked fine.
My machine seems to be working fine...no issue with redirects.

ComboFix 12-08-20.01 - mcox 08/20/2012 11:24:47.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3199.2402 [GMT -5:00]
Running from: c:\documents and settings\mcox\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\mcox\Desktop\CFScript.txt
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-07-20 to 2012-08-20 )))))))))))))))))))))))))))))))
.
.
2012-08-09 21:21 . 2012-08-09 21:21 -------- d-----w- c:\documents and settings\mcox\Application Data\AVG2012
2012-08-09 21:20 . 2012-08-09 21:20 -------- d-----w- c:\documents and settings\mcox\Local Settings\Application Data\AVG Secure Search
2012-08-09 21:20 . 2012-08-09 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2012-08-09 21:20 . 2012-08-09 21:20 -------- d-----w- c:\documents and settings\mcox\Application Data\AVG Secure Search
2012-08-09 21:20 . 2012-08-09 21:20 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-09 21:20 . 2012-08-09 21:20 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-08-09 21:20 . 2012-08-09 21:20 -------- d-----w- c:\program files\AVG Secure Search
2012-08-09 21:18 . 2012-08-20 11:49 -------- d-----w- c:\windows\system32\drivers\AVG
2012-08-09 21:18 . 2012-08-15 11:38 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-08-09 18:46 . 2012-08-09 19:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-08-09 18:46 . 2012-08-09 18:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-08-09 18:38 . 2012-08-09 19:28 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-09 15:11 . 2012-08-09 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\036E18CD000C2ACF000018527B07D287
2012-08-08 20:55 . 2012-08-08 20:55 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-08-08 20:55 . 2012-08-08 20:55 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-08-07 18:01 . 2012-08-07 18:02 -------- d-----w- c:\program files\Corpscon6
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 12:09 . 2012-03-29 13:06 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 12:09 . 2011-06-02 16:29 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2011-04-13 16:19 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:46 . 2011-05-06 14:28 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40 . 2004-08-04 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2012-06-05 15:50 . 2011-04-13 18:19 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 22:35 . 2011-04-13 16:21 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-04 22:35 . 2009-08-07 00:23 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2004-08-04 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19 . 2009-08-07 00:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2011-04-13 16:21 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2011-04-13 16:21 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2009-08-07 00:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2011-04-13 16:21 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2011-04-13 16:21 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 20:19 . 2009-08-07 00:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 20:19 . 2009-08-07 00:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19 . 2004-08-04 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2009-08-07 00:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2011-04-13 16:21 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2011-04-13 16:21 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 20:18 . 2011-04-14 14:35 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18 . 2011-04-14 14:35 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-08-10 17:05 . 2011-08-08 17:08 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
1997-07-22 00:30 1045776 --sha-w- c:\windows\system32\Msjet35.dll
1997-06-23 08:00 123664 --sha-w- c:\windows\system32\Msjint35.dll
1997-06-23 17:06 24848 --sha-w- c:\windows\system32\Msjter35.dll
1997-06-23 17:06 252176 --sha-w- c:\windows\system32\Msrd2x35.dll
1997-06-23 17:06 287504 --sha-w- c:\windows\system32\Msxbse35.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-17_23.25.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-20 11:44 . 2012-08-20 11:44 16384 c:\windows\Temp\Perflib_Perfdata_238.dat
+ 2004-08-04 12:00 . 2012-07-02 17:49 67072 c:\windows\system32\mshtmled.dll
- 2004-08-04 12:00 . 2012-05-11 14:42 67072 c:\windows\system32\mshtmled.dll
- 2009-03-08 09:31 . 2012-05-11 14:42 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 09:31 . 2012-07-02 17:49 55296 c:\windows\system32\msfeedsbs.dll
- 2004-08-04 12:00 . 2012-05-11 14:42 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-04 12:00 . 2012-07-02 17:49 25600 c:\windows\system32\jsproxy.dll
+ 2011-04-13 19:14 . 2012-07-02 17:49 12800 c:\windows\system32\dllcache\xpshims.dll
- 2011-04-13 19:14 . 2012-05-11 14:42 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-03-08 09:31 . 2012-05-11 14:42 67072 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-03-08 09:31 . 2012-07-02 17:49 67072 c:\windows\system32\dllcache\mshtmled.dll
- 2011-04-13 19:14 . 2012-05-11 14:42 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2011-04-13 19:14 . 2012-07-02 17:49 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-03-08 09:34 . 2012-05-11 14:42 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2009-03-08 09:34 . 2012-07-02 17:49 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2009-03-08 09:33 . 2012-07-02 17:49 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-03-08 09:33 . 2012-05-11 14:42 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2012-07-06 13:58 . 2012-07-06 13:58 78336 c:\windows\system32\dllcache\browser.dll
- 2012-05-14 22:47 . 2012-05-14 22:47 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2012-08-18 13:12 . 2012-08-18 13:12 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2012-08-18 13:07 . 2012-05-11 14:42 12800 c:\windows\ie8updates\KB2722913-IE8\xpshims.dll
+ 2012-08-18 13:07 . 2012-05-11 14:42 67072 c:\windows\ie8updates\KB2722913-IE8\mshtmled.dll
+ 2012-08-18 13:07 . 2012-05-11 14:42 55296 c:\windows\ie8updates\KB2722913-IE8\msfeedsbs.dll
+ 2012-08-18 13:07 . 2012-05-11 14:42 43520 c:\windows\ie8updates\KB2722913-IE8\licmgr10.dll
+ 2012-08-18 13:07 . 2012-05-11 14:42 25600 c:\windows\ie8updates\KB2722913-IE8\jsproxy.dll
- 2004-08-04 12:00 . 2012-05-11 14:42 105984 c:\windows\system32\url.dll
+ 2004-08-04 12:00 . 2012-07-02 17:49 105984 c:\windows\system32\url.dll
- 2004-08-04 12:00 . 2012-05-11 14:42 206848 c:\windows\system32\occache.dll
+ 2004-08-04 12:00 . 2012-07-02 17:49 206848 c:\windows\system32\occache.dll
+ 2004-08-04 12:00 . 2012-07-06 13:58 337920 c:\windows\system32\netapi32.dll
+ 2004-08-04 12:00 . 2012-07-02 17:49 611840 c:\windows\system32\mstime.dll
- 2004-08-04 12:00 . 2012-05-11 14:42 611840 c:\windows\system32\mstime.dll
+ 2009-03-08 09:32 . 2012-07-02 17:49 629760 c:\windows\system32\msfeeds.dll
- 2009-03-08 09:32 . 2012-05-11 14:42 629760 c:\windows\system32\msfeeds.dll
+ 2004-08-04 12:00 . 2012-05-14 09:22 345600 c:\windows\system32\localspl.dll
- 2004-08-04 12:00 . 2009-05-07 15:32 345600 c:\windows\system32\localspl.dll
- 2004-08-04 12:00 . 2012-05-11 14:42 184320 c:\windows\system32\iepeers.dll
+ 2004-08-04 12:00 . 2012-07-02 17:49 184320 c:\windows\system32\iepeers.dll
- 2004-08-04 12:00 . 2012-05-11 14:42 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 12:00 . 2012-07-02 17:49 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-04 12:00 . 2012-05-11 11:38 174080 c:\windows\system32\ie4uinit.exe
+ 2004-08-04 12:00 . 2012-07-02 12:05 174080 c:\windows\system32\ie4uinit.exe
- 2011-04-13 10:59 . 2012-07-17 21:35 508192 c:\windows\system32\FNTCACHE.DAT
+ 2011-04-13 10:59 . 2012-08-20 11:44 508192 c:\windows\system32\FNTCACHE.DAT
- 2009-03-08 09:34 . 2012-05-16 15:08 916992 c:\windows\system32\dllcache\wininet.dll
+ 2009-03-08 09:34 . 2012-07-02 17:49 916992 c:\windows\system32\dllcache\wininet.dll
- 2009-03-08 09:34 . 2012-05-11 14:42 105984 c:\windows\system32\dllcache\url.dll
+ 2009-03-08 09:34 . 2012-07-02 17:49 105984 c:\windows\system32\dllcache\url.dll
+ 2011-08-10 13:05 . 2012-07-04 14:05 139784 c:\windows\system32\dllcache\rdpwd.sys
- 2009-03-08 09:34 . 2012-05-11 14:42 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-03-08 09:34 . 2012-07-02 17:49 206848 c:\windows\system32\dllcache\occache.dll
+ 2011-04-13 18:49 . 2012-07-06 13:58 337920 c:\windows\system32\dllcache\netapi32.dll
- 2009-03-08 09:32 . 2012-05-11 14:42 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-03-08 09:32 . 2012-07-02 17:49 611840 c:\windows\system32\dllcache\mstime.dll
- 2011-04-13 19:14 . 2012-05-11 14:42 629760 c:\windows\system32\dllcache\msfeeds.dll
+ 2011-04-13 19:14 . 2012-07-02 17:49 629760 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-05-07 15:32 . 2012-05-14 09:22 345600 c:\windows\system32\dllcache\localspl.dll
- 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\system32\dllcache\localspl.dll
+ 2012-06-13 23:14 . 2012-07-02 17:49 521728 c:\windows\system32\dllcache\jsdbgui.dll
- 2012-06-13 23:14 . 2012-05-11 14:42 521728 c:\windows\system32\dllcache\jsdbgui.dll
- 2011-04-13 19:14 . 2012-05-11 14:42 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2011-04-13 19:14 . 2012-07-02 17:49 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-03-08 09:31 . 2012-07-02 17:49 184320 c:\windows\system32\dllcache\iepeers.dll
- 2009-03-08 09:31 . 2012-05-11 14:42 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2011-04-13 19:14 . 2012-07-02 17:49 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2011-04-13 19:14 . 2012-05-11 14:42 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2009-03-08 19:09 . 2012-05-11 14:42 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 19:09 . 2012-07-02 17:49 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 09:32 . 2012-07-02 12:05 174080 c:\windows\system32\dllcache\ie4uinit.exe
- 2009-03-08 09:32 . 2012-05-11 11:38 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2012-08-18 13:07 . 2012-05-16 15:08 916992 c:\windows\ie8updates\KB2722913-IE8\wininet.dll
+ 2012-08-18 13:07 . 2012-05-11 14:42 105984 c:\windows\ie8updates\KB2722913-IE8\url.dll
+ 2012-08-18 13:08 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2722913-IE8\spuninst\updspapi.dll
+ 2012-08-18 13:08 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2722913-IE8\spuninst\spuninst.exe
+ 2012-08-18 13:07 . 2012-05-11 14:42 206848 c:\windows\ie8updates\KB2722913-IE8\occache.dll
+ 2012-08-18 13:07 . 2012-05-11 14:42 611840 c:\windows\ie8updates\KB2722913-IE8\mstime.dll
+ 2012-08-18 13:07 . 2012-05-11 14:42 629760 c:\windows\ie8updates\KB2722913-IE8\msfeeds.dll
+ 2012-08-18 13:07 . 2012-05-11 14:42 521728 c:\windows\ie8updates\KB2722913-IE8\jsdbgui.dll
+ 2012-08-18 13:07 . 2012-05-11 14:42 247808 c:\windows\ie8updates\KB2722913-IE8\ieproxy.dll
+ 2012-08-18 13:07 . 2012-05-11 14:42 184320 c:\windows\ie8updates\KB2722913-IE8\iepeers.dll
+ 2012-08-18 13:07 . 2012-05-11 14:42 743424 c:\windows\ie8updates\KB2722913-IE8\iedvtool.dll
+ 2012-08-18 13:07 . 2012-05-11 14:42 387584 c:\windows\ie8updates\KB2722913-IE8\iedkcs32.dll
+ 2012-08-18 13:07 . 2012-05-11 11:38 174080 c:\windows\ie8updates\KB2722913-IE8\ie4uinit.exe
+ 2004-08-04 12:00 . 2012-07-02 17:49 1212416 c:\windows\system32\urlmon.dll
- 2004-08-04 12:00 . 2012-05-11 14:42 1212416 c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2012-07-02 17:49 6008320 c:\windows\system32\mshtml.dll
- 2009-03-08 09:32 . 2012-05-11 14:42 2000384 c:\windows\system32\iertutil.dll
+ 2009-03-08 09:32 . 2012-07-02 17:49 2000384 c:\windows\system32\iertutil.dll
- 2011-03-03 13:21 . 2012-06-13 13:19 1866112 c:\windows\system32\dllcache\win32k.sys
+ 2011-03-03 13:21 . 2012-07-03 13:40 1866112 c:\windows\system32\dllcache\win32k.sys
- 2009-03-08 09:34 . 2012-05-11 14:42 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2009-03-08 09:34 . 2012-07-02 17:49 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2009-03-08 09:41 . 2012-07-02 17:49 6008320 c:\windows\system32\dllcache\mshtml.dll
+ 2011-04-13 19:14 . 2012-07-02 17:49 2000384 c:\windows\system32\dllcache\iertutil.dll
- 2011-04-13 19:14 . 2012-05-11 14:42 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2012-06-26 23:03 . 2012-06-26 23:03 3875840 c:\windows\Installer\2f29f7.msp
+ 2012-08-18 13:07 . 2012-05-11 14:42 1212416 c:\windows\ie8updates\KB2722913-IE8\urlmon.dll
+ 2012-08-18 13:07 . 2012-05-11 14:42 6007808 c:\windows\ie8updates\KB2722913-IE8\mshtml.dll
+ 2012-08-18 13:07 . 2012-05-11 14:42 2000384 c:\windows\ie8updates\KB2722913-IE8\iertutil.dll
+ 2011-04-13 19:11 . 2012-08-18 13:09 59884088 c:\windows\system32\MRT.exe
- 2009-03-08 09:39 . 2012-05-12 01:12 11111424 c:\windows\system32\ieframe.dll
+ 2009-03-08 09:39 . 2012-07-03 04:19 11111424 c:\windows\system32\ieframe.dll
+ 2011-04-13 19:14 . 2012-07-03 04:19 11111424 c:\windows\system32\dllcache\ieframe.dll
- 2011-04-13 19:14 . 2012-05-12 01:12 11111424 c:\windows\system32\dllcache\ieframe.dll
+ 2012-07-18 20:53 . 2012-07-18 20:53 10937344 c:\windows\Installer\2f29ef.msp
+ 2011-08-04 01:53 . 2011-08-04 01:53 17324928 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\MSO.DLL
+ 2012-08-18 13:07 . 2012-05-12 01:12 11111424 c:\windows\ie8updates\KB2722913-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-09 21:20 2045024 ----a-w- c:\program files\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll" [2012-08-09 2045024]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\mcox\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\mcox\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\mcox\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\mcox\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileMonRun"="c:\program files\HighCriteria\FileMon\FileMon.exe" [2004-04-07 397312]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-02 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-06 16262656]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-30 61440]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-08-23 211296]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-08-09 1162848]
"ROC_roc_ssl_v12"="c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe" [2012-08-09 1020512]
.
c:\documents and settings\mcox\Start Menu\Programs\Startup\
AutoHook 2008.lnk - c:\program files\Command Digital\AutoHook 2008\AutoHook 2008.exe [2012-1-18 258514]
Dropbox.lnk - c:\documents and settings\mcox\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2012-1-23 1014112]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2011-4-14 25214]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
MultiMon Taskbar.lnk - c:\program files\MMTaskbar\MultiMon.exe [2011-7-5 294912]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2011-4-13 106560]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\mcox\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/31/2012 4:46 AM 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/22/2012 5:25 AM 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [3/19/2012 5:17 AM 301248]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [8/9/2012 4:20 PM 27496]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [8/9/2012 4:20 PM 927840]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [7/4/2012 5:25 PM 5160568]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/18/2011 9:58 AM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/29/2012 8:06 AM 250056]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [10/12/2011 8:24 AM 18560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/18/2011 9:58 AM 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/26/2012 5:04 PM 113120]
S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys --> c:\windows\system32\DRIVERS\UltraMonMirror.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 56794163
*Deregistered* - 56794163
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 12:09]
.
2012-08-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
.
2012-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-18 14:58]
.
2012-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-18 14:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: jocogov.org\ims
Trusted Zone: jocogov.org\maps
Trusted Zone: wycokck.org\www2
TCP: DhcpNameServer = 151.164.1.8 151.164.8.201
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\mcox\Application Data\Mozilla\Firefox\Profiles\u2h8cpr4.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-20 11:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(6088)
c:\windows\system32\WININET.dll
c:\windows\system32\AcSignIcon.dll
c:\documents and settings\mcox\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
.
Completion time: 2012-08-20 11:43:34
ComboFix-quarantined-files.txt 2012-08-20 16:43
ComboFix2.txt 2012-08-17 23:29
ComboFix3.txt 2011-06-01 21:47
.
Pre-Run: 212,499,742,720 bytes free
Post-Run: 212,731,305,984 bytes free
.
- - End Of File - - 5FA9FABCCE888EC7861F443A42B02389

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:44 PM

Posted 20 August 2012 - 12:00 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 29 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users