Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Generic29.GJG


  • This topic is locked This topic is locked
9 replies to this topic

#1 Biggg79

Biggg79

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 27 August 2012 - 11:09 PM

I am having the exact same problems as another poster from this topic...
http://www.bleepingcomputer.com/forums/topic/466264.html

Here is my DDS.txt log...

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Michael Bond at 16:54:29 on 2012-08-27
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2023 [GMT -5:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - No File
BHO: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9565115d-c7d6-46d3-bd63-b67b481a4368} - No File
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [<NO NAME>]
uRun: [ATI Remote Control] c:\program files\ati multimedia\remctrl\ATIRW.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Six Engine] "c:\program files\asus\epu-4 engine\FourEngine.exe" -r
mRun: [Turbine Download Manager Tray Icon] "c:\program files\turbine\turbine download manager\TurbineDownloadManagerIcon.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime alternative\QTTask.exe" -atboottime
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252453849828
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{778E90E9-9C62-42E1-B112-371B51E8FB0A} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{778E90E9-9C62-42E1-B112-371B51E8FB0A} : DhcpNameServer = 192.168.1.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.2.0\ViProtocol.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\michael bond\application data\mozilla\firefox\profiles\914fkxyf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bdd059861-0d75-43b9-80b1-c795d1597345%7D&mid=afc088064d28e722f0ebc34b261255a0-0572e3b3a3f902a8f3661c641bd6ef41b5a655b7&ds=AVG&v=9.0.0.18.1&lang=us&pr=fr&d=2011-12-11%2008%3A41%3A24&sap=ku&q=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\michael bond\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.2.0\npsitesafety.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin2.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin3.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin4.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin5.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin6.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin7.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-9 64512]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-8 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-8 29712]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-8 243152]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-15 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.2.0\ToolbarUpdater.exe [2012-7-10 935008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca31ce1c985610;Google Update Service (gupdate1ca31ce1c985610);c:\program files\google\update\GoogleUpdate.exe [2009-9-9 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 2152152]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-13 250056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-9-8 1684736]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-12-22 167264]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-9-9 133104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-8-18 15232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-23 113120]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2012-08-27 20:38:51 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-22 14:11:56 -------- d--h--w- c:\windows\PIF
2012-08-22 04:02:28 -------- d-----w- c:\documents and settings\michael bond\application data\Malwarebytes
2012-08-22 04:02:12 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-22 04:02:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-22 04:02:12 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-08-01 03:45:56 -------- d-----w- c:\documents and settings\all users\application data\X10 Settings
2012-08-01 03:39:40 9091 ----a-w- c:\windows\system32\drivers\atirwrf.sys
2012-08-01 03:39:40 257872 ----a-w- c:\windows\system32\drivers\atirwvd.sys
2012-08-01 03:39:36 -------- d-----w- c:\program files\common files\ATI
2012-07-30 21:52:13 103904 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-07-30 21:52:13 103904 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-08-27 06:55:21 26112 ----a-w- c:\windows\system32\userinit.exe
2012-08-16 20:56:18 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-16 20:56:18 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:19:37 599552 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 16:55:06.62 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:59 PM

Posted 31 August 2012 - 07:50 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  • Do not install any other programs until this if fixed.[/b]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
===

Please post the logs and let me know if the problem persists.

p.s. The problem link you submitted is no longer available.

#3 Biggg79

Biggg79
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 01 September 2012 - 08:13 PM

Since the problem link is gone these are the symptoms I'm having...
Google searches return a blank page...Yahoo search is fine...
AVG returns two infections...
Both are Trojan Horse Generic29.GJG svchost.exe infections and one shows in memory...
The svchost.exe file in the task manager continually grows in memory usage to upwards of 1 GB...
AVG says it cures the first one and the one in memory says it is inaccessible and is not cleaned...
Lastly I have a bunch of rogue processes that are masked as legitimate ones...If I use the task manager to try and end them then as soon as I can close one or two of them another 2 or 3 pop up...If I keep trying to close the processes eventually my start bar and window borders will start showing lower display settings with more square corners and greyed colors...

Anyway here are the logfiles...

Combofix Log

ComboFix 12-08-31.08 - Michael Bond 09/01/2012 19:47:15.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2005 [GMT -5:00]
Running from: c:\documents and settings\Michael Bond\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-02 to 2012-09-02 )))))))))))))))))))))))))))))))
.
.
2012-08-31 03:36 . 2012-08-31 03:36 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-27 20:38 . 2012-08-27 20:38 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-22 14:11 . 2012-08-22 14:11 -------- d--h--w- c:\windows\PIF
2012-08-22 04:02 . 2012-08-22 04:02 -------- d-----w- c:\documents and settings\Michael Bond\Application Data\Malwarebytes
2012-08-22 04:02 . 2012-08-22 04:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-22 04:02 . 2012-08-22 04:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-08-22 04:02 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-27 06:55 . 2002-08-29 12:00 26112 ----a-w- c:\windows\system32\userinit.exe
2012-08-16 20:56 . 2012-04-13 12:39 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-16 20:56 . 2011-07-11 00:17 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58 . 2002-08-29 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2009-09-08 17:58 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2002-08-29 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2006-06-23 16:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2002-08-29 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2002-08-29 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2012-06-05 15:50 . 2009-09-09 00:58 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2006-09-13 05:09 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2002-08-29 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-08-31 03:36 . 2012-05-23 20:10 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-10 10:31 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Steam"="c:\program files\Steam\Steam.exe" [2012-08-08 1353080]
"ATI Remote Control"="c:\program files\ATI Multimedia\RemCtrl\ATIRW.exe" [2006-04-06 1622016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
"Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2009-02-24 5637632]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-10 1107552]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-24 928096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2012-04-19 421888]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 13:44 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Turbine\\Dungeons and Dragons Online - Eberron Unlimited\\dndclient.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\eMule\\eMule.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Microsoft Corporation\\Tinker\\Tinker.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Diablo III\\Diablo III.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.1199\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.1225\\Agent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57161:TCP"= 57161:TCP:Pando Media Booster
"57161:UDP"= 57161:UDP:Pando Media Booster
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/9/2009 11:18 PM 64512]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/10/2009 2:28 AM 691696]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/8/2009 7:48 PM 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/8/2009 7:48 PM 243152]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/15/2010 8:44 AM 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 8:44 AM 308136]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [7/10/2012 5:31 AM 935008]
S2 gupdate1ca31ce1c985610;Google Update Service (gupdate1ca31ce1c985610);c:\program files\Google\Update\GoogleUpdate.exe [9/9/2009 11:21 PM 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/18/2011 3:25 PM 2152152]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/13/2012 7:39 AM 250056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9/8/2009 7:40 PM 1684736]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [12/22/2010 7:28 PM 167264]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/9/2009 11:21 PM 133104]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/23/2012 3:10 PM 114144]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/22/2009 10:08 PM 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/30/2009 3:09 AM 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 3:23 AM 366936]
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 21:40]
.
2012-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 20:56]
.
2012-08-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-10 04:21]
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-10 04:21]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{778E90E9-9C62-42E1-B112-371B51E8FB0A}: NameServer = 208.67.222.222,208.67.220.220
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Michael Bond\Application Data\Mozilla\Firefox\Profiles\914fkxyf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bdd059861-0d75-43b9-80b1-c795d1597345%7D&mid=afc088064d28e722f0ebc34b261255a0-0572e3b3a3f902a8f3661c641bd6ef41b5a655b7&ds=AVG&v=9.0.0.18.1&lang=us&pr=fr&d=2011-12-11%2008%3A41%3A24&sap=ku&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-01 19:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:wjY*]
"DisplayName"="??@\16?\11\09"
"DeviceDesc"="??@\16?\11\09"
"ProviderName"="???\11?\17?\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.8"
"DeviceInstanceIds"=multi:"d:\\drivers\\chipset\\xp\\smbus\\smbusati.inf\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3780)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-09-01 19:50:05
ComboFix-quarantined-files.txt 2012-09-02 00:50
ComboFix2.txt 2012-09-02 00:16
.
Pre-Run: 69,473,546,240 bytes free
Post-Run: 69,466,587,136 bytes free
.
- - End Of File - - D92F8A8C94FFB19340669CCB94A69026

Security Check Log

Results of screen317's Security Check version 0.99.49
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Free 9.0
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.3.300.271
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (15.0)
Google Chrome 21.0.1180.79
Google Chrome 21.0.1180.83
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 26% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

ADWCleaner Log

# AdwCleaner v2.000 - Logfile created 09/01/2012 at 19:54:01
# Updated 30/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Michael Bond - DESKTOP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Michael Bond\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : vToolbarUpdater11.2.0

***** [Files / Folders] *****

File Found : C:\Documents and Settings\Michael Bond\Application Data\Mozilla\Firefox\Profiles\914fkxyf.default\searchplugins\Conduit.xml
File Found : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\WINDOWS\system32\conduitEngine.tmp
Folder Found : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\Michael Bond\Local Settings\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\Michael Bond\Local Settings\Application Data\Conduit
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\Program Files\DAEMON Tools Toolbar

***** [Registry] *****

Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2418376
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Ask Toolbar_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKU\S-1-5-21-1214440339-963894560-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-1214440339-963894560-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKU\S-1-5-21-1214440339-963894560-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={DDD88978-453E-44CB-806F-DCD8DE072A2E}&mid=afc088064d28e722f0ebc34b261255a0-0572e3b3a3f902a8f3661c641bd6ef41b5a655b7&lang=us&ds=AVG&pr=fr&d=2011-12-11 08:41:24&v=11.1.0.12&sap=nt

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Documents and Settings\Michael Bond\Application Data\Mozilla\Firefox\Profiles\914fkxyf.default\prefs.js

Found : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AV[...]
Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("browser.search.defaultthis.engineName", "PageRage Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&Sea[...]
Found : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7Bdd059861-0d75-43b9-80b1-c795d1597345%[...]
Found : user_pref("startup.homepage_override_url", "hxxp://www.ask.com/?o=20011&l=dis");

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Michael Bond\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6816 octets] - [01/09/2012 19:54:01]

########## EOF - C:\AdwCleaner[R1].txt - [6876 octets] ##########

Thank you for your help...
Biggg79

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:59 PM

Posted 02 September 2012 - 10:15 AM

Remove the AdWare, PUP (Potentially Unwanted Program) found.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
===

If you have a CD Emulator Software (Daemon Tools, Alcohol etc) installed, the drivers this software uses can interfere with the Anti-Rootkit tools we use. These interferences can take a few forms, like GMER crashing or causing BSODs, or Rootkit scans produces large amounts of FPs and general dross. This 'dross' often makes it hard to differentiate between genuine malicious Rootkits, and the legitimate drivers used by CM Emulators.

Disable the CD emulators....

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed. Or when this computer is clean.

HOW TO: Enable the CD Emulators... < restore only when we are finished.

To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Note: You may be asked if you want to download Avast Free Antivirus I suggest you deny this download unless you do not have any Antivirus protection on the computer.
===

#5 Biggg79

Biggg79
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 02 September 2012 - 10:43 PM

Here are the log files you asked for...

adwcleaner log

# AdwCleaner v2.000 - Logfile created 09/02/2012 at 18:32:56
# Updated 30/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Michael Bond - DESKTOP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Michael Bond\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : vToolbarUpdater11.2.0

***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Michael Bond\Application Data\Mozilla\Firefox\Profiles\914fkxyf.default\searchplugins\Conduit.xml
File Deleted : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\WINDOWS\system32\conduitEngine.tmp
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Michael Bond\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Michael Bond\Local Settings\Application Data\Conduit
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\DAEMON Tools Toolbar

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2418376
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Ask Toolbar_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={DDD88978-453E-44CB-806F-DCD8DE072A2E}&mid=afc088064d28e722f0ebc34b261255a0-0572e3b3a3f902a8f3661c641bd6ef41b5a655b7&lang=us&ds=AVG&pr=fr&d=2011-12-11 08:41:24&v=11.1.0.12&sap=nt --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Documents and Settings\Michael Bond\Application Data\Mozilla\Firefox\Profiles\914fkxyf.default\prefs.js

Deleted : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AV[...]
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.defaultthis.engineName", "PageRage Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&Sea[...]
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7Bdd059861-0d75-43b9-80b1-c795d1597345%[...]
Deleted : user_pref("startup.homepage_override_url", "hxxp://www.ask.com/?o=20011&l=dis");

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Michael Bond\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6945 octets] - [01/09/2012 19:54:01]
AdwCleaner[S1].txt - [7360 octets] - [02/09/2012 18:32:56]

########## EOF - C:\AdwCleaner[S1].txt - [7420 octets] ##########


TDSSKiller log

18:39:01.0984 3504 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
18:39:02.0265 3504 ============================================================
18:39:02.0265 3504 Current date / time: 2012/09/02 18:39:02.0265
18:39:02.0265 3504 SystemInfo:
18:39:02.0265 3504
18:39:02.0265 3504 OS Version: 5.1.2600 ServicePack: 3.0
18:39:02.0265 3504 Product type: Workstation
18:39:02.0265 3504 ComputerName: DESKTOP
18:39:02.0265 3504 UserName: Michael Bond
18:39:02.0265 3504 Windows directory: C:\WINDOWS
18:39:02.0265 3504 System windows directory: C:\WINDOWS
18:39:02.0265 3504 Processor architecture: Intel x86
18:39:02.0265 3504 Number of processors: 2
18:39:02.0265 3504 Page size: 0x1000
18:39:02.0265 3504 Boot type: Normal boot
18:39:02.0265 3504 ============================================================
18:39:03.0281 3504 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:39:03.0281 3504 ============================================================
18:39:03.0281 3504 \Device\Harddisk0\DR0:
18:39:03.0281 3504 MBR partitions:
18:39:03.0281 3504 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
18:39:03.0281 3504 ============================================================
18:39:03.0312 3504 C: <-> \Device\Harddisk0\DR0\Partition1
18:39:03.0312 3504 ============================================================
18:39:03.0312 3504 Initialize success
18:39:03.0312 3504 ============================================================
18:39:06.0890 3568 ============================================================
18:39:06.0890 3568 Scan started
18:39:06.0890 3568 Mode: Manual;
18:39:06.0890 3568 ============================================================
18:39:07.0656 3568 ================ Scan system memory ========================
18:39:07.0671 3568 System memory - ok
18:39:07.0671 3568 ================ Scan services =============================
18:39:07.0718 3568 Abiosdsk - ok
18:39:07.0718 3568 abp480n5 - ok
18:39:07.0781 3568 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:39:07.0781 3568 ACPI - ok
18:39:07.0812 3568 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
18:39:07.0812 3568 ACPIEC - ok
18:39:07.0890 3568 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:39:07.0906 3568 AdobeFlashPlayerUpdateSvc - ok
18:39:07.0906 3568 adpu160m - ok
18:39:07.0921 3568 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
18:39:07.0921 3568 aec - ok
18:39:07.0953 3568 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
18:39:07.0968 3568 AFD - ok
18:39:07.0968 3568 Aha154x - ok
18:39:07.0968 3568 aic78u2 - ok
18:39:07.0968 3568 aic78xx - ok
18:39:08.0015 3568 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
18:39:08.0015 3568 Alerter - ok
18:39:08.0031 3568 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
18:39:08.0031 3568 ALG - ok
18:39:08.0031 3568 AliIde - ok
18:39:08.0093 3568 [ F6AF59D6EEE5E1C304F7F73706AD11D8 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
18:39:08.0109 3568 Ambfilt - ok
18:39:08.0156 3568 [ 033448D435E65C4BD72E70521FD05C76 ] AmdPPM C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
18:39:08.0156 3568 AmdPPM - ok
18:39:08.0156 3568 amsint - ok
18:39:08.0296 3568 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:39:08.0296 3568 Apple Mobile Device - ok
18:39:08.0296 3568 AppMgmt - ok
18:39:08.0296 3568 asc - ok
18:39:08.0312 3568 asc3350p - ok
18:39:08.0312 3568 asc3550 - ok
18:39:08.0312 3568 [ 2B4E66FAC6503494A2C6F32BB6AB3826 ] AsIO C:\WINDOWS\system32\drivers\AsIO.sys
18:39:08.0312 3568 AsIO - ok
18:39:08.0437 3568 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:39:08.0453 3568 aspnet_state - ok
18:39:08.0468 3568 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:39:08.0468 3568 AsyncMac - ok
18:39:08.0531 3568 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
18:39:08.0531 3568 atapi - ok
18:39:08.0531 3568 Atdisk - ok
18:39:08.0578 3568 [ BBC6A3DEC3F51336E8DFC9BF955B4C36 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
18:39:08.0578 3568 Ati HotKey Poller - ok
18:39:08.0625 3568 [ 368BE3DB3A6B9621DF51216D323CDA23 ] ATI Remote Wonder II C:\WINDOWS\system32\drivers\ATIRWVD.SYS
18:39:08.0625 3568 ATI Remote Wonder II - ok
18:39:08.0640 3568 [ DF105C92C9E2A9F3D4E55ACE3DA13A9F ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
18:39:08.0656 3568 ATI Smart - ok
18:39:08.0734 3568 [ 97129408C8760F3421C1551BA3F3899D ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:39:08.0765 3568 ati2mtag - ok
18:39:08.0796 3568 [ DC6957811FF95F2DD3004361B20D8D3F ] AtiHdmiService C:\WINDOWS\system32\drivers\AtiHdmi.sys
18:39:08.0796 3568 AtiHdmiService - ok
18:39:08.0812 3568 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:39:08.0812 3568 Atmarpc - ok
18:39:08.0859 3568 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
18:39:08.0859 3568 AudioSrv - ok
18:39:08.0906 3568 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
18:39:08.0906 3568 audstub - ok
18:39:09.0031 3568 [ D45B7995761253A92AB071D576114F28 ] AVG Security Toolbar Service C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
18:39:09.0031 3568 AVG Security Toolbar Service - ok
18:39:09.0093 3568 [ AA054CD537357F03D5BA6ABA7562B35F ] avg9emc C:\Program Files\AVG\AVG9\avgemc.exe
18:39:09.0109 3568 avg9emc - ok
18:39:09.0156 3568 [ C4D15594DB5BE042D3346EA58DF87D89 ] avg9wd C:\Program Files\AVG\AVG9\avgwdsvc.exe
18:39:09.0156 3568 avg9wd - ok
18:39:09.0203 3568 [ B8C187439D27ABA430DD69FDCF1FA657 ] AvgLdx86 C:\WINDOWS\System32\Drivers\avgldx86.sys
18:39:09.0203 3568 AvgLdx86 - ok
18:39:09.0250 3568 [ 80FF2B1B7EEDA966394F0BAA895BBF4B ] AvgMfx86 C:\WINDOWS\System32\Drivers\avgmfx86.sys
18:39:09.0250 3568 AvgMfx86 - ok
18:39:09.0312 3568 [ 9A7A93388F503A34E7339AE7F9997449 ] AvgTdiX C:\WINDOWS\System32\Drivers\avgtdix.sys
18:39:09.0312 3568 AvgTdiX - ok
18:39:09.0359 3568 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:39:09.0359 3568 Beep - ok
18:39:09.0406 3568 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
18:39:09.0468 3568 BITS - ok
18:39:09.0500 3568 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:39:09.0500 3568 Bonjour Service - ok
18:39:09.0546 3568 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
18:39:09.0546 3568 Browser - ok
18:39:09.0671 3568 catchme - ok
18:39:09.0718 3568 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
18:39:09.0718 3568 cbidf2k - ok
18:39:09.0718 3568 cd20xrnt - ok
18:39:09.0718 3568 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
18:39:09.0718 3568 Cdaudio - ok
18:39:09.0734 3568 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
18:39:09.0734 3568 Cdfs - ok
18:39:09.0765 3568 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:39:09.0765 3568 Cdrom - ok
18:39:09.0765 3568 Changer - ok
18:39:09.0796 3568 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
18:39:09.0796 3568 CiSvc - ok
18:39:09.0796 3568 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
18:39:09.0796 3568 ClipSrv - ok
18:39:09.0875 3568 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:39:09.0875 3568 clr_optimization_v2.0.50727_32 - ok
18:39:09.0906 3568 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:39:09.0984 3568 clr_optimization_v4.0.30319_32 - ok
18:39:09.0984 3568 CmdIde - ok
18:39:10.0000 3568 COMSysApp - ok
18:39:10.0000 3568 Cpqarray - ok
18:39:10.0015 3568 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
18:39:10.0031 3568 CryptSvc - ok
18:39:10.0031 3568 dac2w2k - ok
18:39:10.0031 3568 dac960nt - ok
18:39:10.0093 3568 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:39:10.0093 3568 DcomLaunch - ok
18:39:10.0125 3568 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
18:39:10.0140 3568 Dhcp - ok
18:39:10.0171 3568 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
18:39:10.0171 3568 Disk - ok
18:39:10.0171 3568 dmadmin - ok
18:39:10.0234 3568 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
18:39:10.0250 3568 dmboot - ok
18:39:10.0265 3568 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
18:39:10.0265 3568 dmio - ok
18:39:10.0296 3568 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
18:39:10.0296 3568 dmload - ok
18:39:10.0312 3568 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
18:39:10.0312 3568 dmserver - ok
18:39:10.0359 3568 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
18:39:10.0359 3568 DMusic - ok
18:39:10.0390 3568 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:39:10.0390 3568 Dnscache - ok
18:39:10.0406 3568 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
18:39:10.0421 3568 Dot3svc - ok
18:39:10.0421 3568 dpti2o - ok
18:39:10.0437 3568 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
18:39:10.0437 3568 drmkaud - ok
18:39:10.0437 3568 EagleNT - ok
18:39:10.0484 3568 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
18:39:10.0484 3568 EapHost - ok
18:39:10.0500 3568 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
18:39:10.0500 3568 ERSvc - ok
18:39:10.0531 3568 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
18:39:10.0546 3568 Eventlog - ok
18:39:10.0578 3568 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
18:39:10.0578 3568 EventSystem - ok
18:39:10.0640 3568 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
18:39:10.0640 3568 Fastfat - ok
18:39:10.0687 3568 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:39:10.0687 3568 FastUserSwitchingCompatibility - ok
18:39:10.0687 3568 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
18:39:10.0687 3568 Fdc - ok
18:39:10.0703 3568 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
18:39:10.0703 3568 Fips - ok
18:39:10.0703 3568 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
18:39:10.0703 3568 Flpydisk - ok
18:39:10.0765 3568 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
18:39:10.0765 3568 FltMgr - ok
18:39:10.0875 3568 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:39:10.0875 3568 FontCache3.0.0.0 - ok
18:39:10.0875 3568 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:39:10.0875 3568 Fs_Rec - ok
18:39:10.0890 3568 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:39:10.0890 3568 Ftdisk - ok
18:39:10.0921 3568 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:39:10.0921 3568 GEARAspiWDM - ok
18:39:10.0968 3568 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:39:10.0968 3568 Gpc - ok
18:39:11.0046 3568 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca31ce1c985610 C:\Program Files\Google\Update\GoogleUpdate.exe
18:39:11.0046 3568 gupdate1ca31ce1c985610 - ok
18:39:11.0046 3568 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:39:11.0046 3568 gupdatem - ok
18:39:11.0078 3568 [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:39:11.0078 3568 HDAudBus - ok
18:39:11.0156 3568 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:39:11.0156 3568 helpsvc - ok
18:39:11.0156 3568 HidServ - ok
18:39:11.0187 3568 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:39:11.0187 3568 HidUsb - ok
18:39:11.0203 3568 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
18:39:11.0218 3568 hkmsvc - ok
18:39:11.0218 3568 hpn - ok
18:39:11.0265 3568 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
18:39:11.0265 3568 HTTP - ok
18:39:11.0312 3568 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
18:39:11.0312 3568 HTTPFilter - ok
18:39:11.0312 3568 i2omgmt - ok
18:39:11.0312 3568 i2omp - ok
18:39:11.0312 3568 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:39:11.0328 3568 i8042prt - ok
18:39:11.0421 3568 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:39:11.0421 3568 IDriverT - ok
18:39:11.0468 3568 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:39:11.0468 3568 idsvc - ok
18:39:11.0484 3568 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
18:39:11.0484 3568 Imapi - ok
18:39:11.0500 3568 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
18:39:11.0515 3568 ImapiService - ok
18:39:11.0515 3568 ini910u - ok
18:39:11.0625 3568 [ F9BB9063A6557098DBAF7396E026C922 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:39:11.0640 3568 IntcAzAudAddService - ok
18:39:11.0640 3568 IntelIde - ok
18:39:11.0671 3568 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
18:39:11.0671 3568 Ip6Fw - ok
18:39:11.0703 3568 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:39:11.0703 3568 IpFilterDriver - ok
18:39:11.0718 3568 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:39:11.0718 3568 IpInIp - ok
18:39:11.0718 3568 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:39:11.0734 3568 IpNat - ok
18:39:11.0781 3568 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:39:11.0781 3568 iPod Service - ok
18:39:11.0796 3568 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:39:11.0796 3568 IPSec - ok
18:39:11.0843 3568 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
18:39:11.0843 3568 IRENUM - ok
18:39:11.0859 3568 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:39:11.0859 3568 isapnp - ok
18:39:12.0000 3568 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
18:39:12.0000 3568 JavaQuickStarterService - ok
18:39:12.0000 3568 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:39:12.0000 3568 Kbdclass - ok
18:39:12.0015 3568 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
18:39:12.0015 3568 kmixer - ok
18:39:12.0031 3568 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
18:39:12.0031 3568 KSecDD - ok
18:39:12.0062 3568 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
18:39:12.0062 3568 lanmanserver - ok
18:39:12.0140 3568 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:39:12.0140 3568 lanmanworkstation - ok
18:39:12.0218 3568 [ 4D99FCA201B72E0F2CA996E357BAA170 ] Lavasoft Ad-Aware Service C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
18:39:12.0218 3568 Lavasoft Ad-Aware Service - ok
18:39:12.0265 3568 [ 336ABE8721CBC3110F1C6426DA633417 ] Lbd C:\WINDOWS\system32\DRIVERS\Lbd.sys
18:39:12.0281 3568 Lbd - ok
18:39:12.0281 3568 lbrtfdc - ok
18:39:12.0312 3568 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
18:39:12.0312 3568 LmHosts - ok
18:39:12.0328 3568 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
18:39:12.0328 3568 Messenger - ok
18:39:12.0375 3568 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
18:39:12.0375 3568 mnmdd - ok
18:39:12.0421 3568 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
18:39:12.0421 3568 mnmsrvc - ok
18:39:12.0437 3568 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
18:39:12.0437 3568 Modem - ok
18:39:12.0500 3568 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
18:39:12.0500 3568 Monfilt - ok
18:39:12.0546 3568 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:39:12.0546 3568 Mouclass - ok
18:39:12.0578 3568 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:39:12.0578 3568 mouhid - ok
18:39:12.0593 3568 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
18:39:12.0593 3568 MountMgr - ok
18:39:12.0687 3568 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:39:12.0687 3568 MozillaMaintenance - ok
18:39:12.0687 3568 mraid35x - ok
18:39:12.0703 3568 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:39:12.0703 3568 MRxDAV - ok
18:39:12.0750 3568 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:39:12.0750 3568 MRxSmb - ok
18:39:12.0812 3568 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
18:39:12.0812 3568 MSDTC - ok
18:39:12.0812 3568 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:39:12.0812 3568 Msfs - ok
18:39:12.0812 3568 MSIServer - ok
18:39:12.0828 3568 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:39:12.0828 3568 MSKSSRV - ok
18:39:12.0828 3568 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:39:12.0828 3568 MSPCLOCK - ok
18:39:12.0843 3568 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:39:12.0843 3568 MSPQM - ok
18:39:12.0875 3568 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:39:12.0875 3568 mssmbios - ok
18:39:12.0968 3568 MSSQL$SQLEXPRESS - ok
18:39:13.0062 3568 [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
18:39:13.0062 3568 MSSQLServerADHelper100 - ok
18:39:13.0093 3568 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
18:39:13.0093 3568 MTsensor - ok
18:39:13.0125 3568 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
18:39:13.0125 3568 Mup - ok
18:39:13.0187 3568 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
18:39:13.0187 3568 napagent - ok
18:39:13.0187 3568 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
18:39:13.0187 3568 NDIS - ok
18:39:13.0250 3568 [ B797EE2EF919C95561DEE78B72B33E5B ] ndiscm C:\WINDOWS\system32\DRIVERS\NetMotCM.sys
18:39:13.0250 3568 ndiscm - ok
18:39:13.0296 3568 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:39:13.0296 3568 NdisTapi - ok
18:39:13.0312 3568 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:39:13.0312 3568 Ndisuio - ok
18:39:13.0312 3568 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:39:13.0312 3568 NdisWan - ok
18:39:13.0359 3568 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:39:13.0359 3568 NDProxy - ok
18:39:13.0359 3568 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:39:13.0359 3568 NetBIOS - ok
18:39:13.0359 3568 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:39:13.0359 3568 NetBT - ok
18:39:13.0375 3568 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
18:39:13.0375 3568 NetDDE - ok
18:39:13.0375 3568 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
18:39:13.0390 3568 NetDDEdsdm - ok
18:39:13.0421 3568 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
18:39:13.0421 3568 Netlogon - ok
18:39:13.0437 3568 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
18:39:13.0437 3568 Netman - ok
18:39:13.0531 3568 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:39:13.0546 3568 NetTcpPortSharing - ok
18:39:13.0578 3568 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
18:39:13.0578 3568 Nla - ok
18:39:13.0593 3568 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:39:13.0593 3568 Npfs - ok
18:39:13.0609 3568 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:39:13.0609 3568 Ntfs - ok
18:39:13.0609 3568 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
18:39:13.0609 3568 NtLmSsp - ok
18:39:13.0656 3568 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
18:39:13.0656 3568 NtmsSvc - ok
18:39:13.0671 3568 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
18:39:13.0671 3568 Null - ok
18:39:13.0703 3568 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:39:13.0703 3568 NwlnkFlt - ok
18:39:13.0703 3568 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:39:13.0703 3568 NwlnkFwd - ok
18:39:13.0718 3568 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
18:39:13.0718 3568 Parport - ok
18:39:13.0718 3568 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
18:39:13.0718 3568 PartMgr - ok
18:39:13.0765 3568 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
18:39:13.0765 3568 ParVdm - ok
18:39:13.0765 3568 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
18:39:13.0765 3568 PCI - ok
18:39:13.0765 3568 PCIDump - ok
18:39:13.0765 3568 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
18:39:13.0765 3568 PCIIde - ok
18:39:13.0796 3568 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
18:39:13.0812 3568 Pcmcia - ok
18:39:13.0812 3568 PDCOMP - ok
18:39:13.0812 3568 PDFRAME - ok
18:39:13.0812 3568 PDRELI - ok
18:39:13.0812 3568 PDRFRAME - ok
18:39:13.0828 3568 perc2 - ok
18:39:13.0828 3568 perc2hib - ok
18:39:13.0843 3568 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
18:39:13.0859 3568 PlugPlay - ok
18:39:13.0859 3568 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
18:39:13.0859 3568 PolicyAgent - ok
18:39:13.0875 3568 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:39:13.0875 3568 PptpMiniport - ok
18:39:13.0890 3568 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
18:39:13.0890 3568 Processor - ok
18:39:13.0906 3568 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:39:13.0906 3568 ProtectedStorage - ok
18:39:13.0921 3568 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
18:39:13.0921 3568 PSched - ok
18:39:13.0921 3568 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:39:13.0921 3568 Ptilink - ok
18:39:13.0953 3568 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:39:13.0953 3568 PxHelp20 - ok
18:39:13.0953 3568 ql1080 - ok
18:39:13.0968 3568 Ql10wnt - ok
18:39:13.0968 3568 ql12160 - ok
18:39:13.0968 3568 ql1240 - ok
18:39:13.0968 3568 ql1280 - ok
18:39:13.0968 3568 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:39:13.0984 3568 RasAcd - ok
18:39:14.0000 3568 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:39:14.0000 3568 RasAuto - ok
18:39:14.0015 3568 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:39:14.0015 3568 Rasl2tp - ok
18:39:14.0031 3568 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:39:14.0031 3568 RasMan - ok
18:39:14.0046 3568 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:39:14.0046 3568 RasPppoe - ok
18:39:14.0046 3568 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
18:39:14.0046 3568 Raspti - ok
18:39:14.0062 3568 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:39:14.0062 3568 Rdbss - ok
18:39:14.0062 3568 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:39:14.0062 3568 RDPCDD - ok
18:39:14.0125 3568 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
18:39:14.0125 3568 RDPWD - ok
18:39:14.0156 3568 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
18:39:14.0156 3568 RDSessMgr - ok
18:39:14.0187 3568 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
18:39:14.0187 3568 redbook - ok
18:39:14.0234 3568 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:39:14.0234 3568 RemoteAccess - ok
18:39:14.0234 3568 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
18:39:14.0234 3568 RpcLocator - ok
18:39:14.0250 3568 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
18:39:14.0250 3568 RpcSs - ok
18:39:14.0296 3568 [ FD692C6FFADE58F7C4C3C3C9A0EC35BD ] RsFx0103 C:\WINDOWS\system32\DRIVERS\RsFx0103.sys
18:39:14.0296 3568 RsFx0103 - ok
18:39:14.0328 3568 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
18:39:14.0343 3568 RSVP - ok
18:39:14.0375 3568 [ CB9310A5A910648D359C99A857E22A54 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
18:39:14.0375 3568 RTLE8023xp - ok
18:39:14.0375 3568 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
18:39:14.0375 3568 SamSs - ok
18:39:14.0375 3568 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
18:39:14.0375 3568 SCardSvr - ok
18:39:14.0421 3568 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:39:14.0421 3568 Schedule - ok
18:39:14.0484 3568 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:39:14.0484 3568 Secdrv - ok
18:39:14.0500 3568 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
18:39:14.0500 3568 seclogon - ok
18:39:14.0500 3568 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
18:39:14.0500 3568 SENS - ok
18:39:14.0515 3568 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
18:39:14.0515 3568 serenum - ok
18:39:14.0515 3568 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
18:39:14.0515 3568 Serial - ok
18:39:14.0546 3568 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
18:39:14.0546 3568 Sfloppy - ok
18:39:14.0609 3568 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
18:39:14.0609 3568 SharedAccess - ok
18:39:14.0625 3568 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:39:14.0625 3568 ShellHWDetection - ok
18:39:14.0640 3568 Simbad - ok
18:39:14.0640 3568 Sparrow - ok
18:39:14.0656 3568 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
18:39:14.0656 3568 splitter - ok
18:39:14.0687 3568 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
18:39:14.0687 3568 Spooler - ok
18:39:14.0765 3568 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\WINDOWS\System32\Drivers\sptd.sys
18:39:14.0765 3568 sptd - ok
18:39:14.0812 3568 [ A687B5B326AFCFCF182C4931D1FF9771 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
18:39:14.0812 3568 SQLAgent$SQLEXPRESS - ok
18:39:14.0890 3568 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:39:14.0890 3568 SQLBrowser - ok
18:39:14.0890 3568 [ 637A0F23F9012358E92E6F99835494D1 ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:39:14.0890 3568 SQLWriter - ok
18:39:14.0890 3568 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
18:39:14.0890 3568 sr - ok
18:39:14.0921 3568 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
18:39:14.0921 3568 srservice - ok
18:39:14.0937 3568 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:39:14.0953 3568 Srv - ok
18:39:14.0968 3568 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
18:39:14.0968 3568 SSDPSRV - ok
18:39:15.0015 3568 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
18:39:15.0031 3568 stisvc - ok
18:39:15.0031 3568 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
18:39:15.0031 3568 swenum - ok
18:39:15.0046 3568 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
18:39:15.0046 3568 swmidi - ok
18:39:15.0046 3568 SwPrv - ok
18:39:15.0046 3568 symc810 - ok
18:39:15.0046 3568 symc8xx - ok
18:39:15.0062 3568 sym_hi - ok
18:39:15.0062 3568 sym_u3 - ok
18:39:15.0062 3568 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
18:39:15.0062 3568 sysaudio - ok
18:39:15.0093 3568 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
18:39:15.0093 3568 SysmonLog - ok
18:39:15.0140 3568 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:39:15.0140 3568 TapiSrv - ok
18:39:15.0156 3568 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:39:15.0171 3568 Tcpip - ok
18:39:15.0218 3568 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
18:39:15.0218 3568 TDPIPE - ok
18:39:15.0234 3568 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
18:39:15.0234 3568 TDTCP - ok
18:39:15.0234 3568 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
18:39:15.0234 3568 TermDD - ok
18:39:15.0234 3568 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
18:39:15.0250 3568 TermService - ok
18:39:15.0281 3568 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
18:39:15.0281 3568 Themes - ok
18:39:15.0296 3568 TosIde - ok
18:39:15.0296 3568 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
18:39:15.0296 3568 TrkWks - ok
18:39:15.0312 3568 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
18:39:15.0312 3568 Udfs - ok
18:39:15.0328 3568 ultra - ok
18:39:15.0328 3568 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
18:39:15.0343 3568 Update - ok
18:39:15.0359 3568 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
18:39:15.0359 3568 upnphost - ok
18:39:15.0359 3568 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
18:39:15.0359 3568 UPS - ok
18:39:15.0390 3568 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
18:39:15.0390 3568 USBAAPL - ok
18:39:15.0453 3568 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:39:15.0453 3568 usbccgp - ok
18:39:15.0468 3568 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:39:15.0468 3568 usbehci - ok
18:39:15.0484 3568 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:39:15.0484 3568 usbhub - ok
18:39:15.0515 3568 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:39:15.0515 3568 usbohci - ok
18:39:15.0531 3568 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:39:15.0531 3568 usbprint - ok
18:39:15.0578 3568 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:39:15.0578 3568 usbscan - ok
18:39:15.0609 3568 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:39:15.0609 3568 USBSTOR - ok
18:39:15.0625 3568 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
18:39:15.0625 3568 VgaSave - ok
18:39:15.0625 3568 ViaIde - ok
18:39:15.0640 3568 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
18:39:15.0640 3568 VolSnap - ok
18:39:15.0671 3568 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
18:39:15.0671 3568 VSS - ok
18:39:15.0703 3568 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
18:39:15.0703 3568 W32Time - ok
18:39:15.0703 3568 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:39:15.0703 3568 Wanarp - ok
18:39:15.0718 3568 WDICA - ok
18:39:15.0718 3568 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
18:39:15.0734 3568 wdmaud - ok
18:39:15.0734 3568 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
18:39:15.0750 3568 WebClient - ok
18:39:15.0796 3568 [ 8741604ECC3C006B7D2F769BF55DEA9A ] WinDriver6 C:\WINDOWS\system32\drivers\windrvr6.sys
18:39:15.0796 3568 WinDriver6 - ok
18:39:15.0906 3568 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:39:15.0906 3568 winmgmt - ok
18:39:16.0000 3568 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:39:16.0000 3568 wlidsvc - ok
18:39:16.0046 3568 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
18:39:16.0046 3568 WmdmPmSN - ok
18:39:16.0078 3568 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
18:39:16.0078 3568 WmiAcpi - ok
18:39:16.0093 3568 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
18:39:16.0093 3568 WmiApSrv - ok
18:39:16.0203 3568 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
18:39:16.0203 3568 WMPNetworkSvc - ok
18:39:16.0234 3568 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
18:39:16.0234 3568 WpdUsb - ok
18:39:16.0312 3568 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:39:16.0390 3568 WPFFontCache_v0400 - ok
18:39:16.0453 3568 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:39:16.0453 3568 WS2IFSL - ok
18:39:16.0578 3568 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
18:39:16.0656 3568 wscsvc - ok
18:39:16.0656 3568 WSearch - ok
18:39:16.0718 3568 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
18:39:16.0734 3568 wuauserv - ok
18:39:16.0796 3568 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:39:16.0875 3568 WudfPf - ok
18:39:16.0890 3568 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:39:16.0906 3568 WudfRd - ok
18:39:16.0937 3568 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
18:39:17.0000 3568 WudfSvc - ok
18:39:17.0062 3568 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
18:39:17.0093 3568 WZCSVC - ok
18:39:17.0125 3568 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
18:39:17.0140 3568 xmlprov - ok
18:39:17.0171 3568 [ 41CF36A3CC7786575247ED456918E112 ] XUIF C:\WINDOWS\system32\Drivers\x10ufx2.sys
18:39:17.0171 3568 XUIF - ok
18:39:17.0187 3568 ================ Scan global ===============================
18:39:17.0218 3568 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
18:39:17.0281 3568 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
18:39:17.0296 3568 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
18:39:17.0312 3568 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
18:39:17.0312 3568 [Global] - ok
18:39:17.0312 3568 ================ Scan MBR ==================================
18:39:17.0328 3568 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
18:39:17.0453 3568 \Device\Harddisk0\DR0 - ok
18:39:17.0453 3568 ================ Scan VBR ==================================
18:39:17.0453 3568 [ 2C4AFBBD18A8ADF01D90AC10CB7FCD65 ] \Device\Harddisk0\DR0\Partition1
18:39:17.0453 3568 \Device\Harddisk0\DR0\Partition1 - ok
18:39:17.0453 3568 ============================================================
18:39:17.0453 3568 Scan finished
18:39:17.0453 3568 ============================================================
18:39:17.0453 3564 Detected object count: 0
18:39:17.0453 3564 Actual detected object count: 0
18:39:28.0312 3500 Deinitialize success


aswMBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-27 16:08:23
-----------------------------
16:08:23.375 OS Version: Windows 5.1.2600 Service Pack 3
16:08:23.375 Number of processors: 2 586 0x602
16:08:23.375 ComputerName: DESKTOP UserName:
16:08:23.984 Initialize success
16:08:30.859 AVAST engine defs: 12082700
16:08:53.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:08:53.140 Disk 0 Vendor: SAMSUNG_HD502HJ 1AJ100E4 Size: 476940MB BusType: 3
16:08:53.171 Disk 0 MBR read successfully
16:08:53.171 Disk 0 MBR scan
16:08:53.171 Disk 0 Windows XP default MBR code
16:08:53.171 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
16:08:53.187 Disk 0 scanning sectors +976752000
16:08:53.250 Disk 0 scanning C:\WINDOWS\system32\drivers
16:09:03.984 Service scanning
16:09:15.593 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
16:09:18.968 Modules scanning
16:09:25.781 Disk 0 trace - called modules:
16:09:25.812 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spgg.sys >>UNKNOWN [0x8acfa938]<<
16:09:25.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac81ab8]
16:09:25.812 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000068[0x8ad3f7e8]
16:09:25.828 5 ACPI.sys[b9e46620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ad39940]
16:09:26.515 AVAST engine scan C:\WINDOWS
16:09:51.703 AVAST engine scan C:\WINDOWS\system32
16:14:17.828 AVAST engine scan C:\WINDOWS\system32\drivers
16:14:50.468 AVAST engine scan C:\Documents and Settings\Michael Bond
16:24:37.359 AVAST engine scan C:\Documents and Settings\All Users
16:26:48.171 Scan finished successfully
16:27:03.703 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Michael Bond\Desktop\MBR.dat"
16:27:03.703 The log file has been saved successfully to "C:\Documents and Settings\Michael Bond\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-02 18:39:51
-----------------------------
18:39:51.687 OS Version: Windows 5.1.2600 Service Pack 3
18:39:51.687 Number of processors: 2 586 0x602
18:39:51.687 ComputerName: DESKTOP UserName:
18:39:52.218 Initialize success
18:42:28.296 AVAST engine defs: 12090201
18:42:33.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:42:33.718 Disk 0 Vendor: SAMSUNG_HD502HJ 1AJ100E4 Size: 476940MB BusType: 3
18:42:33.718 Disk 0 MBR read successfully
18:42:33.734 Disk 0 MBR scan
18:42:33.765 Disk 0 Windows XP default MBR code
18:42:33.765 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
18:42:33.765 Disk 0 scanning sectors +976752000
18:42:33.843 Disk 0 scanning C:\WINDOWS\system32\drivers
18:42:41.875 Service scanning
18:42:56.671 Modules scanning
18:42:59.593 Disk 0 trace - called modules:
18:42:59.625 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
18:42:59.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aca6ab8]
18:42:59.625 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000067[0x8acef2c0]
18:42:59.625 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8aca9d98]
18:43:00.156 AVAST engine scan C:\WINDOWS
18:43:14.781 AVAST engine scan C:\WINDOWS\system32
18:46:15.656 AVAST engine scan C:\WINDOWS\system32\drivers
18:46:35.500 AVAST engine scan C:\Documents and Settings\Michael Bond
18:53:39.437 AVAST engine scan C:\Documents and Settings\All Users
18:55:46.250 Scan finished successfully
18:57:36.078 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Michael Bond\Desktop\MBR.dat"
18:57:36.109 The log file has been saved successfully to "C:\Documents and Settings\Michael Bond\Desktop\aswMBR.txt"

Also I've attached the MBR.dat zip file...


Thank you for your help...
Biggg79

Attached Files

  • Attached File  MBR.zip   499bytes   0 downloads


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:59 PM

Posted 03 September 2012 - 08:15 AM

spgg.sys >>UNKNOWN [0x8acfa938]<<

This is not showing in your second aswMBR log.
What did you do to remove it?
===

What are the remaining issues?

#7 Biggg79

Biggg79
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 04 September 2012 - 05:31 AM

I'm not sure...I'm pretty sure I followed your instructions properly...Google is now returning search results again though...However when I scanned my computer with AVG again to make sure it returned these results...

"C:\TDSSKiller_Quarantine\27.08.2012_15.32.50\mbr0000\tdlfs0000\tsk0011.dta";"Trojan horse Cryptic.BUA";"Moved to Virus Vault"
"C:\TDSSKiller_Quarantine\27.08.2012_15.32.50\mbr0000\tdlfs0000\tsk0010.dta";"Trojan horse BackDoor.Generic15.AMYJ";"Moved to Virus Vault"
"C:\TDSSKiller_Quarantine\27.08.2012_15.32.50\mbr0000\tdlfs0000\tsk0006.dta";"Trojan horse Hider.QMW";"Moved to Virus Vault"
"C:\TDSSKiller_Quarantine\27.08.2012_15.32.50\mbr0000\tdlfs0000\tsk0005.dta";"Trojan horse Cryptic.EFP";"Moved to Virus Vault"
"C:\TDSSKiller_Quarantine\27.08.2012_15.32.50\mbr0000\tdlfs0000\tsk0004.dta";"Trojan horse TDSS.S";"Moved to Virus Vault"
"C:\TDSSKiller_Quarantine\27.08.2012_15.32.50\mbr0000\tdlfs0000\tsk0003.dta";"Trojan horse TDSS.Q";"Moved to Virus Vault"
"C:\TDSSKiller_Quarantine\27.08.2012_15.32.50\mbr0000\tdlfs0000\tsk0002.dta";"Trojan horse TDSS.O";"Moved to Virus Vault"
"C:\TDSSKiller_Quarantine\27.08.2012_15.32.50\mbr0000\tdlfs0000\tsk0001.dta";"Trojan horse TDSS.R";"Moved to Virus Vault"

Does this mean it's gone or not...
Thank you for your help...
Biggg79

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:59 PM

Posted 04 September 2012 - 09:26 AM

The file are in the TDSSKiller quarantine folder. Nothing to worry about.
You can delete all the files in that quarantine folder.
===

Any remaining issues with this computer?

Edited by nasdaq, 09 September 2012 - 08:00 AM.


#9 Biggg79

Biggg79
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 09 September 2012 - 03:02 AM

No remaining problems...Thank you for your help...Feel free to close this topic now...
Biggg79

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:59 PM

Posted 09 September 2012 - 08:01 AM

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on adwcleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

Delete the other tools we used.

Surf Safely, and Think Prevention!
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users