Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bts.scour Redirect


  • This topic is locked This topic is locked
21 replies to this topic

#1 Aneler

Aneler

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 09 September 2012 - 04:40 PM

Hello. I keep getting redirected in my Google searches to bts.scour.com. I ran AVG, SuperAntiSpyware, and MalwareBytes Anti-Malware but there was no effect on the redirections, nor did the problem go away after a System Restore. I run Windows XP Home Edition 2002 and the only browser I use is Firefox, but IE is also installed on my computer.

Thank you in advance!

Here is my DDS log, and the ark.txt, and attach.txt files are attached:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.6.2
Run by Aneler at 15:53:14 on 2012-09-09
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.792 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\IProsetMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\bin\jqs.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME\TomTomHOMERunner.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Documents and Settings\Aneler\Application Data\Dropbox\bin\Dropbox.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME\TomTomHOMEService.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Aneler\Local Settings\Application Data\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe
C:\Documents and Settings\Aneler\Local Settings\Application Data\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Aneler\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://stenograph.blackboard.com/webapps/login/
uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Google Update] "c:\documents and settings\Aneler\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [TomTomHOME.exe] "c:\program files\tomtom home\TomTomHOMERunner.exe"
mRun: [UIUCU] c:\docume~1\Aneler\locals~1\temp\UIUCU.EXE -CLEAN_UP -S
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\Aneler\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\Aneler\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~2.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1316071016167
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{314AE768-34BA-4921-B656-AC22ED2B2272} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\Aneler\application data\mozilla\firefox\profiles\qasif0fa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\Aneler\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Aneler\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Aneler\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\java\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 301248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2011-9-15 112800]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2009-12-2 483688]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home\TomTomHOMEService.exe [2012-1-23 92592]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2009-12-2 554344]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2009-12-2 211304]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-12-2 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2009-12-2 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2009-12-2 209768]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 114144]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 USA19;USA19;c:\windows\system32\drivers\usa192k.sys [2011-9-15 308460]
S3 USA192KP;Keyspan MPR Serial Port Driver;c:\windows\system32\drivers\usa192kp.sys [2011-9-15 40868]
.
=============== Created Last 30 ================
.
2012-09-08 05:19:31 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-09-08 05:19:31 -------- d-----w- c:\windows\system32\wbem\Repository
2012-09-08 05:18:02 -------- d-----w- c:\program files\iTunes
2012-09-06 02:45:28 -------- d-----w- c:\program files\iTunes(2)
2012-08-30 19:41:33 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2012-08-28 23:14:53 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-28 23:14:47 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-19 17:02:25 737280 ----a-r- c:\windows\system32\hposwia_d02a.dll
2012-08-19 17:02:25 598016 ----a-r- c:\windows\system32\hpost_d02a.dll
2012-08-19 17:02:25 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2012-08-19 17:02:25 309760 ----a-r- c:\windows\system32\difxapi.dll
2012-08-19 17:02:25 307200 ----a-r- c:\windows\system32\hposc_d02a.dll
2012-08-19 16:58:08 -------- d-----w- c:\program files\common files\HP
.
==================== Find3M ====================
.
2012-08-28 23:14:31 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 15:53:36.65 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:53 AM

Posted 10 September 2012 - 07:19 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Aneler

Aneler
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 10 September 2012 - 03:53 PM

Hello, Gringo! Thank you for the help.

Here is the Security Check checkup.txt:

Results of screen317's Security Check version 0.99.50
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG 2012
AVG2012 successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.0
Java 7 Update 6
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.0.1.152
Adobe Reader 7 Adobe Reader out of Date!
Mozilla Firefox (15.0.1)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 30% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Here is the log from Combofix:

ComboFix 12-09-10.04 - Aneler 09/10/2012 16:20:50.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1428 [GMT -4:00]
Running from: c:\documents and settings\Aneler\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Aneler\My Documents\The Heroes of Olympus - The Lost Hero part 4.tmp
c:\documents and settings\Aneler\My Documents\The Heroes of Olympus - The Lost Hero part 7.tmp
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-10 to 2012-09-10 )))))))))))))))))))))))))))))))
.
.
2012-09-10 19:50 . 2012-09-10 19:50 -------- d-----w- c:\windows\LastGood
2012-09-08 05:19 . 2012-09-08 05:19 -------- d-----w- c:\windows\system32\wbem\Repository
2012-09-08 05:18 . 2012-09-08 05:18 -------- d-----w- c:\program files\iTunes
2012-08-30 19:41 . 2012-09-09 19:02 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-28 23:15 . 2012-08-28 23:15 -------- d-----w- c:\program files\Common Files\Java
2012-08-28 23:14 . 2012-08-28 23:14 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-28 23:14 . 2012-08-28 23:14 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-28 23:13 . 2012-08-28 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2012-08-19 17:02 . 2008-10-29 18:37 737280 ----a-r- c:\windows\system32\hposwia_d02a.dll
2012-08-19 17:02 . 2008-10-29 18:37 598016 ----a-r- c:\windows\system32\hpost_d02a.dll
2012-08-19 17:02 . 2008-10-29 18:37 307200 ----a-r- c:\windows\system32\hposc_d02a.dll
2012-08-19 17:02 . 2008-10-28 10:31 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2012-08-19 17:02 . 2008-10-28 10:31 309760 ----a-r- c:\windows\system32\difxapi.dll
2012-08-19 16:58 . 2012-08-19 16:58 -------- d-----w- c:\program files\Common Files\HP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 23:14 . 2011-09-15 08:24 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-24 19:43 . 2011-07-11 06:14 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-07-26 07:21 . 2011-10-07 11:23 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-07-03 17:46 . 2011-09-15 09:03 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-09 19:02 . 2011-09-15 07:33 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Aneler\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Aneler\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Aneler\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Aneler\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-09 4780928]
"TomTomHOME.exe"="c:\program files\TomTom HOME\TomTomHOMERunner.exe" [2012-01-23 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 688218]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-13 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-13 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-13 135680]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\documents and settings\Aneler\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Aneler\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693]
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2011-9-16 118784]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\CAT4\\CaseCatalyst.exe"=
"c:\\Documents and Settings\\Aneler\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Documents and Settings\\Aneler\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Program Files\\VLC\\vlc.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Java\\bin\\javaw.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 7:30 AM 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 7:23 AM 237408]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 2:14 AM 301920]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/11/2011 7:38 PM 116608]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2/28/2010 2:33 AM 821664]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [9/15/2011 4:31 AM 112800]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [12/2/2009 10:23 PM 483688]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME\TomTomHOMEService.exe [1/23/2012 12:43 AM 92592]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [8/19/2011 5:26 AM 450848]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [12/2/2009 10:23 PM 554344]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [12/2/2009 10:23 PM 211304]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [12/2/2009 10:23 PM 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [12/2/2009 10:23 PM 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [12/2/2009 10:23 PM 209768]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [8/13/2012 3:24 AM 5167736]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/3/2012 1:19 PM 160944]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 9:43 PM 114144]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S3 USA19;USA19;c:\windows\system32\drivers\usa192k.sys [9/15/2011 9:57 PM 308460]
S3 USA192KP;Keyspan MPR Serial Port Driver;c:\windows\system32\drivers\usa192kp.sys [9/15/2011 9:57 PM 40868]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1677128483-682003330-1004Core.job
- c:\documents and settings\Aneler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-22 09:05]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1677128483-682003330-1004UA.job
- c:\documents and settings\Aneler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-22 09:05]
.
2011-09-30 c:\windows\Tasks\scribeDowngrade.job
- c:\program files\NCH Software\Scribe\scribe.exe [2011-09-16 22:57]
.
2012-08-03 c:\windows\Tasks\scribeShakeIcon.job
- c:\program files\NCH Software\Scribe\scribe.exe [2011-09-16 22:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://stenograph.blackboard.com/webapps/login/
uInternet Settings,ProxyOverride = *.local
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Aneler\Application Data\Mozilla\Firefox\Profiles\qasif0fa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-10 16:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-09-10 16:28:53
ComboFix-quarantined-files.txt 2012-09-10 20:28
.
Pre-Run: 162,261,123,072 bytes free
Post-Run: 163,315,765,248 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 0D894F2EC2AF3123260F99792192E2BC


I did not have any problems during these steps. My computer is still being redirected.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:53 AM

Posted 10 September 2012 - 04:15 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Aneler

Aneler
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 10 September 2012 - 04:48 PM

The TDSSKiller had no results. Here is the report:

17:21:33.0843 4080 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
17:21:34.0156 4080 ============================================================
17:21:34.0156 4080 Current date / time: 2012/09/10 17:21:34.0156
17:21:34.0156 4080 SystemInfo:
17:21:34.0156 4080
17:21:34.0156 4080 OS Version: 5.1.2600 ServicePack: 3.0
17:21:34.0156 4080 Product type: Workstation
17:21:34.0156 4080 ComputerName: VIC
17:21:34.0406 4080 UserName: Aneler
17:21:34.0406 4080 Windows directory: C:\WINDOWS
17:21:34.0406 4080 System windows directory: C:\WINDOWS
17:21:34.0406 4080 Processor architecture: Intel x86
17:21:34.0406 4080 Number of processors: 2
17:21:34.0406 4080 Page size: 0x1000
17:21:34.0406 4080 Boot type: Normal boot
17:21:34.0406 4080 ============================================================
17:21:35.0703 4080 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:21:35.0703 4080 ============================================================
17:21:35.0703 4080 \Device\Harddisk0\DR0:
17:21:35.0703 4080 MBR partitions:
17:21:35.0703 4080 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
17:21:35.0703 4080 ============================================================
17:21:35.0734 4080 C: <-> \Device\Harddisk0\DR0\Partition1
17:21:35.0734 4080 ============================================================
17:21:35.0734 4080 Initialize success
17:21:35.0734 4080 ============================================================
17:21:39.0406 4612 ============================================================
17:21:39.0406 4612 Scan started
17:21:39.0406 4612 Mode: Manual;
17:21:39.0406 4612 ============================================================
17:21:40.0328 4612 ================ Scan system memory ========================
17:21:40.0328 4612 System memory - ok
17:21:40.0328 4612 ================ Scan services =============================
17:21:40.0468 4612 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
17:21:40.0468 4612 !SASCORE - ok
17:21:40.0859 4612 Abiosdsk - ok
17:21:40.0875 4612 abp480n5 - ok
17:21:40.0921 4612 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:21:40.0921 4612 ACPI - ok
17:21:40.0953 4612 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
17:21:40.0953 4612 ACPIEC - ok
17:21:41.0015 4612 [ 4E12C97CBFE99BE15D7680918F9899EC ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
17:21:41.0015 4612 ADIHdAudAddService - ok
17:21:41.0031 4612 adpu160m - ok
17:21:41.0031 4612 [ FFF87A9B1AB36EE4B7BEC98A4CB01B79 ] AEAudio C:\WINDOWS\system32\drivers\AEAudio.sys
17:21:41.0046 4612 AEAudio - ok
17:21:41.0062 4612 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:21:41.0062 4612 aec - ok
17:21:41.0093 4612 [ 355556D9E580915118CD7EF736653A89 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:21:41.0109 4612 AFD - ok
17:21:41.0140 4612 [ EFBC44FBD75E4F80BD927AEBF6E7EADE ] AgereModemAudio C:\WINDOWS\system32\agrsmsvc.exe
17:21:41.0140 4612 AgereModemAudio - ok
17:21:41.0203 4612 [ 1CFEBA39FC613E45B49D3EDDFBCDA289 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
17:21:41.0234 4612 AgereSoftModem - ok
17:21:41.0234 4612 Aha154x - ok
17:21:41.0250 4612 aic78u2 - ok
17:21:41.0250 4612 aic78xx - ok
17:21:41.0281 4612 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:21:41.0296 4612 Alerter - ok
17:21:41.0312 4612 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
17:21:41.0312 4612 ALG - ok
17:21:41.0312 4612 AliIde - ok
17:21:41.0328 4612 amsint - ok
17:21:41.0406 4612 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:21:41.0406 4612 Apple Mobile Device - ok
17:21:41.0421 4612 AppMgmt - ok
17:21:41.0421 4612 asc - ok
17:21:41.0437 4612 asc3350p - ok
17:21:41.0437 4612 asc3550 - ok
17:21:41.0531 4612 [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
17:21:41.0531 4612 aspnet_state - ok
17:21:41.0578 4612 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:21:41.0578 4612 AsyncMac - ok
17:21:41.0593 4612 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:21:41.0593 4612 atapi - ok
17:21:41.0593 4612 Atdisk - ok
17:21:41.0625 4612 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:21:41.0625 4612 Atmarpc - ok
17:21:41.0656 4612 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:21:41.0656 4612 AudioSrv - ok
17:21:41.0687 4612 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:21:41.0687 4612 audstub - ok
17:21:41.0906 4612 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
17:21:41.0937 4612 AVGIDSAgent - ok
17:21:41.0984 4612 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
17:21:41.0984 4612 AVGIDSDriver - ok
17:21:42.0015 4612 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
17:21:42.0015 4612 AVGIDSFilter - ok
17:21:42.0031 4612 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
17:21:42.0031 4612 AVGIDSHX - ok
17:21:42.0046 4612 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
17:21:42.0046 4612 AVGIDSShim - ok
17:21:42.0093 4612 [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
17:21:42.0093 4612 Avgldx86 - ok
17:21:42.0093 4612 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
17:21:42.0109 4612 Avgmfx86 - ok
17:21:42.0109 4612 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
17:21:42.0109 4612 Avgrkx86 - ok
17:21:42.0156 4612 [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
17:21:42.0171 4612 Avgtdix - ok
17:21:42.0218 4612 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
17:21:42.0218 4612 avgwd - ok
17:21:42.0265 4612 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:21:42.0265 4612 Beep - ok
17:21:42.0312 4612 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
17:21:42.0328 4612 BITS - ok
17:21:42.0390 4612 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:21:42.0390 4612 Bonjour Service - ok
17:21:42.0437 4612 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
17:21:42.0437 4612 Browser - ok
17:21:42.0484 4612 [ 1D25FB8B6B073E6F4FB51034F734EA2C ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys
17:21:42.0484 4612 BTDriver - ok
17:21:42.0562 4612 [ 9515D10CEAF284AB1A21934E1958D4FD ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
17:21:42.0578 4612 BTKRNL - ok
17:21:42.0625 4612 [ 189C45C7CC2526DA72932872E152A061 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
17:21:42.0640 4612 btwdins - ok
17:21:42.0640 4612 [ 66BFF2643E5F6A0F80208DDE1C4B653A ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys
17:21:42.0640 4612 BTWDNDIS - ok
17:21:42.0703 4612 [ 4272BAB9291D26DA5AC913BC79C3CE85 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
17:21:42.0703 4612 BTWUSB - ok
17:21:42.0812 4612 catchme - ok
17:21:42.0828 4612 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:21:42.0828 4612 cbidf2k - ok
17:21:42.0859 4612 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:21:42.0859 4612 CCDECODE - ok
17:21:42.0859 4612 cd20xrnt - ok
17:21:42.0906 4612 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:21:42.0906 4612 Cdaudio - ok
17:21:42.0937 4612 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:21:42.0937 4612 Cdfs - ok
17:21:42.0937 4612 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:21:42.0953 4612 Cdrom - ok
17:21:42.0953 4612 Changer - ok
17:21:43.0000 4612 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:21:43.0000 4612 CiSvc - ok
17:21:43.0000 4612 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:21:43.0000 4612 ClipSrv - ok
17:21:43.0015 4612 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:21:43.0015 4612 CmBatt - ok
17:21:43.0015 4612 CmdIde - ok
17:21:43.0031 4612 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:21:43.0031 4612 Compbatt - ok
17:21:43.0031 4612 COMSysApp - ok
17:21:43.0046 4612 Cpqarray - ok
17:21:43.0109 4612 [ D01F685F8B4598D144B0CCE9FF95D8D5 ] cpudrv C:\Program Files\SystemRequirementsLab\cpudrv.sys
17:21:43.0109 4612 cpudrv - ok
17:21:43.0125 4612 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:21:43.0125 4612 CryptSvc - ok
17:21:43.0218 4612 [ 61A86809B62769643892BC0812B204AA ] cvhsvc C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:21:43.0234 4612 cvhsvc - ok
17:21:43.0234 4612 dac2w2k - ok
17:21:43.0250 4612 dac960nt - ok
17:21:43.0296 4612 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:21:43.0312 4612 DcomLaunch - ok
17:21:43.0343 4612 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:21:43.0359 4612 Dhcp - ok
17:21:43.0390 4612 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:21:43.0390 4612 Disk - ok
17:21:43.0390 4612 dmadmin - ok
17:21:43.0453 4612 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:21:43.0468 4612 dmboot - ok
17:21:43.0484 4612 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:21:43.0484 4612 dmio - ok
17:21:43.0531 4612 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:21:43.0531 4612 dmload - ok
17:21:43.0546 4612 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:21:43.0562 4612 dmserver - ok
17:21:43.0578 4612 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:21:43.0578 4612 DMusic - ok
17:21:43.0609 4612 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:21:43.0609 4612 Dnscache - ok
17:21:43.0625 4612 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:21:43.0625 4612 Dot3svc - ok
17:21:43.0625 4612 dpti2o - ok
17:21:43.0640 4612 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:21:43.0640 4612 drmkaud - ok
17:21:43.0671 4612 [ 1A51E03B66635280684E9EDF34A2E8C0 ] DS1410D C:\WINDOWS\system32\drivers\DS1410D.SYS
17:21:43.0671 4612 DS1410D - ok
17:21:43.0718 4612 [ C537B7A32DC4D9B0112ED68BDC8395E2 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
17:21:43.0718 4612 e1express - ok
17:21:43.0765 4612 [ 81B7808D3B5892388F33273119C2DC31 ] eabfiltr C:\WINDOWS\system32\drivers\EABFiltr.sys
17:21:43.0765 4612 eabfiltr - ok
17:21:43.0796 4612 [ 1BA14DA377B66278335D4B9E8824CD42 ] eabusb C:\WINDOWS\system32\drivers\eabusb.sys
17:21:43.0796 4612 eabusb - ok
17:21:43.0796 4612 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:21:43.0796 4612 EapHost - ok
17:21:43.0843 4612 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:21:43.0843 4612 ERSvc - ok
17:21:43.0890 4612 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
17:21:43.0906 4612 Eventlog - ok
17:21:43.0921 4612 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
17:21:43.0937 4612 EventSystem - ok
17:21:43.0968 4612 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:21:43.0968 4612 Fastfat - ok
17:21:44.0000 4612 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:21:44.0015 4612 FastUserSwitchingCompatibility - ok
17:21:44.0031 4612 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
17:21:44.0031 4612 Fdc - ok
17:21:44.0046 4612 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:21:44.0046 4612 Fips - ok
17:21:44.0078 4612 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
17:21:44.0078 4612 Flpydisk - ok
17:21:44.0109 4612 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:21:44.0109 4612 FltMgr - ok
17:21:44.0125 4612 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:21:44.0125 4612 Fs_Rec - ok
17:21:44.0125 4612 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:21:44.0125 4612 Ftdisk - ok
17:21:44.0171 4612 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:21:44.0171 4612 GEARAspiWDM - ok
17:21:44.0187 4612 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:21:44.0187 4612 Gpc - ok
17:21:44.0203 4612 [ CEF316DBBD1B3845A6D53ED620EB1AEB ] HBtnKey C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
17:21:44.0218 4612 HBtnKey - ok
17:21:44.0234 4612 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:21:44.0234 4612 HDAudBus - ok
17:21:44.0296 4612 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:21:44.0312 4612 helpsvc - ok
17:21:44.0312 4612 HidServ - ok
17:21:44.0328 4612 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:21:44.0343 4612 hidusb - ok
17:21:44.0375 4612 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:21:44.0375 4612 hkmsvc - ok
17:21:44.0375 4612 hpn - ok
17:21:44.0437 4612 [ E7E0CF2E13994DAB2CE10DFEF25BF610 ] hpqwmi C:\Program Files\HPQ\SHARED\HPQWMI.exe
17:21:44.0453 4612 hpqwmi - ok
17:21:44.0500 4612 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:21:44.0500 4612 HPZid412 - ok
17:21:44.0500 4612 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:21:44.0500 4612 HPZipr12 - ok
17:21:44.0531 4612 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:21:44.0531 4612 HPZius12 - ok
17:21:44.0593 4612 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:21:44.0593 4612 HTTP - ok
17:21:44.0656 4612 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:21:44.0656 4612 HTTPFilter - ok
17:21:44.0671 4612 i2omgmt - ok
17:21:44.0671 4612 i2omp - ok
17:21:44.0734 4612 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:21:44.0734 4612 i8042prt - ok
17:21:44.0828 4612 [ C5DB546F9028CD00E64335091860D8F3 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
17:21:44.0859 4612 ialm - ok
17:21:44.0953 4612 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:21:44.0953 4612 IDriverT - ok
17:21:44.0968 4612 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:21:44.0984 4612 Imapi - ok
17:21:45.0015 4612 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
17:21:45.0015 4612 ImapiService - ok
17:21:45.0031 4612 ini910u - ok
17:21:45.0078 4612 [ 1A97E12E4037492CBF22F94D3A0CEBE9 ] Intel® PROSet Monitoring Service C:\WINDOWS\system32\IProsetMonitor.exe
17:21:45.0078 4612 Intel® PROSet Monitoring Service - ok
17:21:45.0078 4612 IntelIde - ok
17:21:45.0140 4612 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:21:45.0140 4612 intelppm - ok
17:21:45.0156 4612 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:21:45.0156 4612 Ip6Fw - ok
17:21:45.0187 4612 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:21:45.0187 4612 IpFilterDriver - ok
17:21:45.0203 4612 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:21:45.0203 4612 IpInIp - ok
17:21:45.0234 4612 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:21:45.0234 4612 IpNat - ok
17:21:45.0296 4612 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:21:45.0312 4612 iPod Service - ok
17:21:45.0359 4612 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:21:45.0375 4612 IPSec - ok
17:21:45.0390 4612 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:21:45.0390 4612 IRENUM - ok
17:21:45.0421 4612 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:21:45.0421 4612 isapnp - ok
17:21:45.0500 4612 [ 9A337AE3DB478034A7839E753BBFF1AB ] JavaQuickStarterService C:\Program Files\Java\bin\jqs.exe
17:21:45.0515 4612 JavaQuickStarterService - ok
17:21:45.0546 4612 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:21:45.0546 4612 Kbdclass - ok
17:21:45.0593 4612 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:21:45.0593 4612 kbdhid - ok
17:21:45.0625 4612 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:21:45.0640 4612 kmixer - ok
17:21:45.0671 4612 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:21:45.0671 4612 KSecDD - ok
17:21:45.0718 4612 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:21:45.0718 4612 lanmanserver - ok
17:21:45.0750 4612 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:21:45.0750 4612 lanmanworkstation - ok
17:21:45.0765 4612 lbrtfdc - ok
17:21:45.0812 4612 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:21:45.0812 4612 LmHosts - ok
17:21:45.0875 4612 [ 7521C0C58EE91BE90B6CC33E792D10C7 ] LVRS C:\WINDOWS\system32\DRIVERS\lvrs.sys
17:21:45.0875 4612 LVRS - ok
17:21:46.0046 4612 [ 37E57C48AF530DF01CDD4E8A2AD77B51 ] LVUVC C:\WINDOWS\system32\DRIVERS\lvuvc.sys
17:21:46.0078 4612 LVUVC - ok
17:21:46.0109 4612 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:21:46.0125 4612 Messenger - ok
17:21:46.0156 4612 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:21:46.0156 4612 mnmdd - ok
17:21:46.0187 4612 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
17:21:46.0187 4612 mnmsrvc - ok
17:21:46.0203 4612 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:21:46.0203 4612 Modem - ok
17:21:46.0218 4612 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:21:46.0218 4612 Mouclass - ok
17:21:46.0265 4612 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:21:46.0265 4612 mouhid - ok
17:21:46.0265 4612 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:21:46.0265 4612 MountMgr - ok
17:21:46.0328 4612 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:21:46.0328 4612 MozillaMaintenance - ok
17:21:46.0328 4612 mraid35x - ok
17:21:46.0328 4612 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:21:46.0343 4612 MRxDAV - ok
17:21:46.0390 4612 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:21:46.0390 4612 MRxSmb - ok
17:21:46.0437 4612 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
17:21:46.0437 4612 MSDTC - ok
17:21:46.0453 4612 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:21:46.0453 4612 Msfs - ok
17:21:46.0453 4612 MSIServer - ok
17:21:46.0484 4612 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:21:46.0484 4612 MSKSSRV - ok
17:21:46.0546 4612 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:21:46.0546 4612 MSPCLOCK - ok
17:21:46.0578 4612 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:21:46.0578 4612 MSPQM - ok
17:21:46.0593 4612 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:21:46.0593 4612 mssmbios - ok
17:21:46.0609 4612 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
17:21:46.0609 4612 MSTEE - ok
17:21:46.0656 4612 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:21:46.0671 4612 Mup - ok
17:21:46.0687 4612 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:21:46.0703 4612 NABTSFEC - ok
17:21:46.0750 4612 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
17:21:46.0750 4612 napagent - ok
17:21:46.0781 4612 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:21:46.0781 4612 NDIS - ok
17:21:46.0812 4612 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:21:46.0812 4612 NdisIP - ok
17:21:46.0843 4612 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:21:46.0843 4612 NdisTapi - ok
17:21:46.0859 4612 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:21:46.0859 4612 Ndisuio - ok
17:21:46.0890 4612 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:21:46.0890 4612 NdisWan - ok
17:21:46.0921 4612 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:21:46.0921 4612 NDProxy - ok
17:21:46.0968 4612 [ 510C138564486FF926A3F773205C63D1 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
17:21:46.0968 4612 Net Driver HPZ12 - ok
17:21:46.0984 4612 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:21:46.0984 4612 NetBIOS - ok
17:21:47.0015 4612 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:21:47.0015 4612 NetBT - ok
17:21:47.0062 4612 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
17:21:47.0062 4612 NetDDE - ok
17:21:47.0078 4612 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:21:47.0078 4612 NetDDEdsdm - ok
17:21:47.0125 4612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:21:47.0125 4612 Netlogon - ok
17:21:47.0156 4612 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
17:21:47.0156 4612 Netman - ok
17:21:47.0671 4612 [ 91F027C242D3FF6E5C09F92A0518297F ] NETw5x32 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
17:21:47.0734 4612 NETw5x32 - ok
17:21:47.0781 4612 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
17:21:47.0781 4612 Nla - ok
17:21:47.0828 4612 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:21:47.0828 4612 Npfs - ok
17:21:47.0859 4612 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:21:47.0859 4612 Ntfs - ok
17:21:47.0875 4612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
17:21:47.0875 4612 NtLmSsp - ok
17:21:47.0937 4612 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:21:47.0937 4612 NtmsSvc - ok
17:21:47.0968 4612 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:21:47.0968 4612 Null - ok
17:21:48.0015 4612 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:21:48.0015 4612 NwlnkFlt - ok
17:21:48.0281 4612 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:21:48.0281 4612 NwlnkFwd - ok
17:21:48.0343 4612 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:21:48.0359 4612 ose - ok
17:21:48.0578 4612 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:21:48.0640 4612 osppsvc - ok
17:21:48.0671 4612 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
17:21:48.0687 4612 Parport - ok
17:21:48.0703 4612 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:21:48.0703 4612 PartMgr - ok
17:21:48.0750 4612 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:21:48.0750 4612 ParVdm - ok
17:21:48.0765 4612 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:21:48.0765 4612 PCI - ok
17:21:48.0765 4612 PCIDump - ok
17:21:48.0812 4612 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:21:48.0812 4612 PCIIde - ok
17:21:48.0828 4612 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:21:48.0828 4612 Pcmcia - ok
17:21:48.0828 4612 PDCOMP - ok
17:21:48.0843 4612 PDFRAME - ok
17:21:48.0843 4612 PDRELI - ok
17:21:48.0859 4612 PDRFRAME - ok
17:21:48.0859 4612 perc2 - ok
17:21:48.0875 4612 perc2hib - ok
17:21:48.0906 4612 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
17:21:48.0906 4612 PlugPlay - ok
17:21:48.0937 4612 [ 37E5E8FFBAD35605DAEEC3224EA0E465 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
17:21:48.0937 4612 Pml Driver HPZ12 - ok
17:21:48.0953 4612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:21:48.0953 4612 PolicyAgent - ok
17:21:48.0968 4612 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:21:48.0968 4612 PptpMiniport - ok
17:21:48.0984 4612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:21:48.0984 4612 ProtectedStorage - ok
17:21:49.0015 4612 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:21:49.0015 4612 PSched - ok
17:21:49.0015 4612 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:21:49.0015 4612 Ptilink - ok
17:21:49.0046 4612 [ D7E32C33C08CCDBD21D47D291F30D35B ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:21:49.0046 4612 PxHelp20 - ok
17:21:49.0046 4612 ql1080 - ok
17:21:49.0062 4612 Ql10wnt - ok
17:21:49.0062 4612 ql12160 - ok
17:21:49.0078 4612 ql1240 - ok
17:21:49.0078 4612 ql1280 - ok
17:21:49.0109 4612 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:21:49.0109 4612 RasAcd - ok
17:21:49.0125 4612 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:21:49.0125 4612 RasAuto - ok
17:21:49.0140 4612 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:21:49.0140 4612 Rasl2tp - ok
17:21:49.0171 4612 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:21:49.0171 4612 RasMan - ok
17:21:49.0187 4612 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:21:49.0187 4612 RasPppoe - ok
17:21:49.0187 4612 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:21:49.0187 4612 Raspti - ok
17:21:49.0218 4612 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:21:49.0218 4612 Rdbss - ok
17:21:49.0218 4612 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:21:49.0218 4612 RDPCDD - ok
17:21:49.0281 4612 [ FC105DD312ED64EB66BFF111E8EC6EAC ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:21:49.0281 4612 RDPWD - ok
17:21:49.0312 4612 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:21:49.0328 4612 RDSessMgr - ok
17:21:49.0359 4612 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:21:49.0359 4612 redbook - ok
17:21:49.0390 4612 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:21:49.0390 4612 RemoteAccess - ok
17:21:49.0421 4612 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
17:21:49.0421 4612 RpcLocator - ok
17:21:49.0484 4612 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
17:21:49.0484 4612 RpcSs - ok
17:21:49.0515 4612 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:21:49.0515 4612 RSVP - ok
17:21:49.0562 4612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
17:21:49.0562 4612 SamSs - ok
17:21:49.0609 4612 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:21:49.0609 4612 SASDIFSV - ok
17:21:49.0609 4612 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
17:21:49.0609 4612 SASKUTIL - ok
17:21:49.0656 4612 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:21:49.0671 4612 SCardSvr - ok
17:21:49.0718 4612 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:21:49.0718 4612 Schedule - ok
17:21:49.0750 4612 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:21:49.0750 4612 Secdrv - ok
17:21:49.0781 4612 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
17:21:49.0781 4612 seclogon - ok
17:21:49.0781 4612 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
17:21:49.0781 4612 SENS - ok
17:21:49.0796 4612 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
17:21:49.0796 4612 Serial - ok
17:21:49.0812 4612 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:21:49.0812 4612 Sfloppy - ok
17:21:49.0875 4612 [ 92D1002B9ACE530F37F256D3D58E5867 ] Sftfs C:\WINDOWS\system32\DRIVERS\Sftfsxp.sys
17:21:49.0875 4612 Sftfs - ok
17:21:49.0968 4612 [ BAF282373E79D08CE9510AC8B5A1F41D ] sftlist C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
17:21:49.0968 4612 sftlist - ok
17:21:50.0015 4612 [ 5EB49D97A281C3E71B23C66B13A24A6D ] Sftplay C:\WINDOWS\system32\DRIVERS\Sftplayxp.sys
17:21:50.0015 4612 Sftplay - ok
17:21:50.0062 4612 [ E8192208CC8CF24B3A81774C8078259C ] Sftredir C:\WINDOWS\system32\DRIVERS\Sftredirxp.sys
17:21:50.0062 4612 Sftredir - ok
17:21:50.0093 4612 [ F21569A5E0F9E9CF6E32819E08ABFA2D ] Sftvol C:\WINDOWS\system32\DRIVERS\Sftvolxp.sys
17:21:50.0093 4612 Sftvol - ok
17:21:50.0109 4612 [ EE28AEB3889A9CCA894626ECD1FB1C8B ] sftvsa C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
17:21:50.0109 4612 sftvsa - ok
17:21:50.0156 4612 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:21:50.0156 4612 SharedAccess - ok
17:21:50.0171 4612 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:21:50.0171 4612 ShellHWDetection - ok
17:21:50.0171 4612 Simbad - ok
17:21:50.0234 4612 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
17:21:50.0234 4612 SkypeUpdate - ok
17:21:50.0250 4612 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:21:50.0250 4612 SLIP - ok
17:21:50.0265 4612 Sparrow - ok
17:21:50.0281 4612 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:21:50.0281 4612 splitter - ok
17:21:50.0328 4612 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:21:50.0343 4612 Spooler - ok
17:21:50.0375 4612 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:21:50.0375 4612 sr - ok
17:21:50.0421 4612 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
17:21:50.0421 4612 srservice - ok
17:21:50.0468 4612 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:21:50.0468 4612 Srv - ok
17:21:50.0500 4612 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:21:50.0500 4612 SSDPSRV - ok
17:21:50.0578 4612 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:21:50.0593 4612 stisvc - ok
17:21:50.0609 4612 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:21:50.0625 4612 streamip - ok
17:21:50.0640 4612 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:21:50.0640 4612 swenum - ok
17:21:50.0656 4612 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:21:50.0656 4612 swmidi - ok
17:21:50.0671 4612 SwPrv - ok
17:21:50.0687 4612 symc810 - ok
17:21:50.0687 4612 symc8xx - ok
17:21:50.0703 4612 sym_hi - ok
17:21:50.0703 4612 sym_u3 - ok
17:21:50.0750 4612 [ 1A8E6B04907687A8EED75C8031B679FD ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
17:21:50.0765 4612 SynTP - ok
17:21:50.0781 4612 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:21:50.0781 4612 sysaudio - ok
17:21:50.0812 4612 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:21:50.0812 4612 SysmonLog - ok
17:21:50.0859 4612 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:21:50.0875 4612 TapiSrv - ok
17:21:50.0921 4612 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:21:50.0921 4612 Tcpip - ok
17:21:50.0968 4612 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:21:50.0968 4612 TDPIPE - ok
17:21:50.0984 4612 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:21:50.0984 4612 TDTCP - ok
17:21:51.0000 4612 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:21:51.0015 4612 TermDD - ok
17:21:51.0046 4612 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
17:21:51.0046 4612 TermService - ok
17:21:51.0062 4612 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
17:21:51.0078 4612 Themes - ok
17:21:51.0125 4612 [ 3199A477F0F06EEDE41BD55179F8EB05 ] TomTomHOMEService C:\Program Files\TomTom HOME\TomTomHOMEService.exe
17:21:51.0125 4612 TomTomHOMEService - ok
17:21:51.0125 4612 TosIde - ok
17:21:51.0156 4612 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:21:51.0156 4612 TrkWks - ok
17:21:51.0187 4612 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:21:51.0187 4612 Udfs - ok
17:21:51.0203 4612 ultra - ok
17:21:51.0296 4612 [ 927754ABF077AEB5504BE4E0F2C60C1B ] UMVPFSrv C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
17:21:51.0296 4612 UMVPFSrv - ok
17:21:51.0359 4612 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:21:51.0359 4612 Update - ok
17:21:51.0390 4612 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:21:51.0406 4612 upnphost - ok
17:21:51.0421 4612 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
17:21:51.0421 4612 UPS - ok
17:21:51.0484 4612 [ 39E494D29365A9F3AA3508CDFA3107E0 ] USA19 C:\WINDOWS\system32\DRIVERS\usa192k.sys
17:21:51.0484 4612 USA19 - ok
17:21:51.0515 4612 [ 5F6816AFC44A1476244D1C1CF0D6DC9C ] USA192KP C:\WINDOWS\system32\DRIVERS\USA192kp.SYS
17:21:51.0515 4612 USA192KP - ok
17:21:51.0578 4612 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
17:21:51.0578 4612 USBAAPL - ok
17:21:51.0625 4612 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
17:21:51.0640 4612 usbaudio - ok
17:21:51.0656 4612 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:21:51.0656 4612 usbccgp - ok
17:21:51.0671 4612 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:21:51.0671 4612 usbehci - ok
17:21:51.0687 4612 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:21:51.0703 4612 usbhub - ok
17:21:51.0718 4612 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:21:51.0718 4612 usbprint - ok
17:21:51.0765 4612 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:21:51.0765 4612 usbscan - ok
17:21:51.0781 4612 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:21:51.0781 4612 USBSTOR - ok
17:21:51.0812 4612 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:21:51.0812 4612 usbuhci - ok
17:21:51.0843 4612 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
17:21:51.0843 4612 usbvideo - ok
17:21:51.0859 4612 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:21:51.0859 4612 VgaSave - ok
17:21:51.0875 4612 ViaIde - ok
17:21:51.0937 4612 [ AE01E1ED5A81E0D268B91B4A6DE5A872 ] VNUSB C:\WINDOWS\system32\DRIVERS\VNUSB.sys
17:21:51.0937 4612 VNUSB - ok
17:21:51.0984 4612 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:21:51.0984 4612 VolSnap - ok
17:21:52.0031 4612 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
17:21:52.0031 4612 VSS - ok
17:21:52.0062 4612 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
17:21:52.0062 4612 W32Time - ok
17:21:52.0078 4612 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:21:52.0078 4612 Wanarp - ok
17:21:52.0140 4612 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
17:21:52.0156 4612 Wdf01000 - ok
17:21:52.0156 4612 WDICA - ok
17:21:52.0187 4612 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:21:52.0187 4612 wdmaud - ok
17:21:52.0203 4612 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:21:52.0203 4612 WebClient - ok
17:21:52.0296 4612 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:21:52.0296 4612 winmgmt - ok
17:21:52.0343 4612 [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
17:21:52.0343 4612 WinUSB - ok
17:21:52.0375 4612 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
17:21:52.0375 4612 WmdmPmSN - ok
17:21:52.0421 4612 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
17:21:52.0437 4612 WmiAcpi - ok
17:21:52.0468 4612 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:21:52.0468 4612 WmiApSrv - ok
17:21:52.0531 4612 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:21:52.0531 4612 WS2IFSL - ok
17:21:52.0593 4612 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:21:52.0593 4612 wscsvc - ok
17:21:52.0625 4612 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:21:52.0625 4612 WSTCODEC - ok
17:21:52.0656 4612 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:21:52.0656 4612 wuauserv - ok
17:21:52.0718 4612 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:21:52.0718 4612 WZCSVC - ok
17:21:52.0750 4612 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:21:52.0750 4612 xmlprov - ok
17:21:52.0781 4612 ================ Scan global ===============================
17:21:52.0812 4612 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
17:21:52.0828 4612 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
17:21:52.0859 4612 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
17:21:52.0890 4612 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
17:21:52.0890 4612 [Global] - ok
17:21:52.0890 4612 ================ Scan MBR ==================================
17:21:52.0906 4612 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
17:21:53.0171 4612 \Device\Harddisk0\DR0 - ok
17:21:53.0171 4612 ================ Scan VBR ==================================
17:21:53.0171 4612 [ 24B9C29124AB51EB57455DE1D06FD0D9 ] \Device\Harddisk0\DR0\Partition1
17:21:53.0171 4612 \Device\Harddisk0\DR0\Partition1 - ok
17:21:53.0171 4612 ============================================================
17:21:53.0171 4612 Scan finished
17:21:53.0171 4612 ============================================================
17:21:53.0187 5628 Detected object count: 0
17:21:53.0187 5628 Actual detected object count: 0


Here is the aswMBR report:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-10 17:23:13
-----------------------------
17:23:13.296 OS Version: Windows 5.1.2600 Service Pack 3
17:23:13.296 Number of processors: 2 586 0xF0D
17:23:13.296 ComputerName: VIC UserName:
17:23:14.031 Initialize success
17:25:24.781 AVAST engine defs: 12091001
17:26:22.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:26:22.343 Disk 0 Vendor: TOSHIBA_MK2552GSX LV011C Size: 238475MB BusType: 3
17:26:22.390 Disk 0 MBR read successfully
17:26:22.406 Disk 0 MBR scan
17:26:22.453 Disk 0 Windows XP default MBR code
17:26:22.453 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
17:26:22.453 Disk 0 scanning sectors +488376000
17:26:22.531 Disk 0 scanning C:\WINDOWS\system32\drivers
17:26:36.125 Service scanning
17:26:58.656 Modules scanning
17:27:20.828 Disk 0 trace - called modules:
17:27:20.875 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:27:20.890 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5f1ab8]
17:27:20.890 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000007a[0x8a5f99e8]
17:27:20.890 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a5f8940]
17:27:21.937 AVAST engine scan C:\WINDOWS
17:27:41.218 AVAST engine scan C:\WINDOWS\system32
17:29:45.578 AVAST engine scan C:\WINDOWS\system32\drivers
17:30:08.109 AVAST engine scan C:\Documents and Settings\Aneler
17:34:56.218 AVAST engine scan C:\Documents and Settings\All Users
17:36:24.562 Scan finished successfully
17:46:37.765 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Aneler\Desktop\MBR.dat"
17:46:37.812 The log file has been saved successfully to "C:\Documents and Settings\Aneler\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:53 AM

Posted 10 September 2012 - 08:24 PM

Greetings Aneler

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Aneler

Aneler
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 10 September 2012 - 09:07 PM

Hello. Here is the second log from ComboFix:

ComboFix 12-09-10.04 - Aneler 09/10/2012 21:50:08.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1698 [GMT -4:00]
Running from: c:\documents and settings\Aneler\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Aneler\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-11 to 2012-09-11 )))))))))))))))))))))))))))))))
.
.
2012-09-10 19:50 . 2012-09-10 19:50 -------- d-----w- c:\windows\LastGood
2012-09-08 05:19 . 2012-09-08 05:19 -------- d-----w- c:\windows\system32\wbem\Repository
2012-09-08 05:18 . 2012-09-08 05:18 -------- d-----w- c:\program files\iTunes
2012-08-30 19:41 . 2012-09-09 19:02 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-28 23:15 . 2012-08-28 23:15 -------- d-----w- c:\program files\Common Files\Java
2012-08-28 23:14 . 2012-08-28 23:14 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-28 23:14 . 2012-08-28 23:14 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-28 23:13 . 2012-08-28 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2012-08-19 17:02 . 2008-10-29 18:37 737280 ----a-r- c:\windows\system32\hposwia_d02a.dll
2012-08-19 17:02 . 2008-10-29 18:37 598016 ----a-r- c:\windows\system32\hpost_d02a.dll
2012-08-19 17:02 . 2008-10-29 18:37 307200 ----a-r- c:\windows\system32\hposc_d02a.dll
2012-08-19 17:02 . 2008-10-28 10:31 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2012-08-19 17:02 . 2008-10-28 10:31 309760 ----a-r- c:\windows\system32\difxapi.dll
2012-08-19 16:58 . 2012-08-19 16:58 -------- d-----w- c:\program files\Common Files\HP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 23:14 . 2011-09-15 08:24 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-24 19:43 . 2011-07-11 06:14 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-07-26 07:21 . 2011-10-07 11:23 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-07-03 17:46 . 2011-09-15 09:03 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-09 19:02 . 2011-09-15 07:33 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Aneler\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Aneler\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Aneler\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Aneler\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-09 4780928]
"TomTomHOME.exe"="c:\program files\TomTom HOME\TomTomHOMERunner.exe" [2012-01-23 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 688218]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-13 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-13 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-13 135680]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\documents and settings\Aneler\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Aneler\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693]
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2011-9-16 118784]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\CAT4\\CaseCatalyst.exe"=
"c:\\Documents and Settings\\Aneler\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Documents and Settings\\Aneler\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Program Files\\VLC\\vlc.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Java\\bin\\javaw.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 7:30 AM 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 7:23 AM 237408]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 2:14 AM 301920]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/11/2011 7:38 PM 116608]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2/28/2010 2:33 AM 821664]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [9/15/2011 4:31 AM 112800]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [12/2/2009 10:23 PM 483688]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME\TomTomHOMEService.exe [1/23/2012 12:43 AM 92592]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [8/19/2011 5:26 AM 450848]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [12/2/2009 10:23 PM 554344]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [12/2/2009 10:23 PM 211304]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [12/2/2009 10:23 PM 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [12/2/2009 10:23 PM 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [12/2/2009 10:23 PM 209768]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [8/13/2012 3:24 AM 5167736]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/3/2012 1:19 PM 160944]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 9:43 PM 114144]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S3 USA19;USA19;c:\windows\system32\drivers\usa192k.sys [9/15/2011 9:57 PM 308460]
S3 USA192KP;Keyspan MPR Serial Port Driver;c:\windows\system32\drivers\usa192kp.sys [9/15/2011 9:57 PM 40868]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 60988335
*NewlyCreated* - ASWMBR
*Deregistered* - 60988335
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1677128483-682003330-1004Core.job
- c:\documents and settings\Aneler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-22 09:05]
.
2012-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1677128483-682003330-1004UA.job
- c:\documents and settings\Aneler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-22 09:05]
.
2011-09-30 c:\windows\Tasks\scribeDowngrade.job
- c:\program files\NCH Software\Scribe\scribe.exe [2011-09-16 22:57]
.
2012-08-03 c:\windows\Tasks\scribeShakeIcon.job
- c:\program files\NCH Software\Scribe\scribe.exe [2011-09-16 22:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://stenograph.blackboard.com/webapps/login/
uInternet Settings,ProxyOverride = *.local
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Aneler\Application Data\Mozilla\Firefox\Profiles\qasif0fa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-10 21:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1696)
c:\windows\system32\WININET.dll
c:\documents and settings\Aneler\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-09-10 21:58:18
ComboFix-quarantined-files.txt 2012-09-11 01:58
ComboFix2.txt 2012-09-10 20:28
.
Pre-Run: 162,864,594,944 bytes free
Post-Run: 162,998,202,368 bytes free
.
- - End Of File - - 010C36670B7E3407DA5D63AC4E92C236


Unfortunately, I just did a quick Google search and I'm still being redirected after running this script. I'm taken to IP address http://63.209.69.107/ and it's a basic page with the search terms on it and not much else.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:53 AM

Posted 10 September 2012 - 09:17 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Aneler

Aneler
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 11 September 2012 - 03:03 PM

OTL logfile created on: 9/11/2012 3:53:39 PM - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Documents and Settings\Aneler\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 45.87% Memory free
3.84 Gb Paging File | 2.78 Gb Available in Paging File | 72.41% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 151.23 Gb Free Space | 64.94% Space Free | Partition Type: NTFS

Computer Name: VIC | User Name: Aneler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Aneler\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Java\bin\jqs.exe (Oracle Corporation)
PRC - C:\Documents and Settings\Aneler\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Documents and Settings\Aneler\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\TomTom HOME\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files\TomTom HOME\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\WINDOWS\system32\IPROSetMonitor.exe (Intel Corporation)
PRC - C:\Documents and Settings\Aneler\Local Settings\Application Data\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe (Logitech, Inc.)
PRC - C:\Documents and Settings\Aneler\Local Settings\Application Data\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe (Logitech, Inc.)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe (Hewlett-Packard )


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\WINDOWS\system32\OdiOlDVR.dll ()
MOD - C:\WINDOWS\system32\OdiAPI.dll ()


========== Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\bin\jqs.exe (Oracle Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME\TomTomHOMEService.exe (TomTom)
SRV - (UMVPFSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (Intel® -- C:\WINDOWS\system32\IPROSetMonitor.exe (Intel Corporation)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Aneler\LOCALS~1\Temp\catchme.sys File not found
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (LVUVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (HBtnKey) -- C:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Company)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (Sftredir) -- C:\WINDOWS\system32\drivers\Sftredirxp.sys (Microsoft Corporation)
DRV - (Sftvol) -- C:\WINDOWS\system32\drivers\Sftvolxp.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\WINDOWS\system32\drivers\Sftplayxp.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\WINDOWS\system32\drivers\Sftfsxp.sys (Microsoft Corporation)
DRV - (NETw5x32) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (VNUSB) -- C:\WINDOWS\system32\drivers\VNUSB.sys (OLYMPUS IMAGING CORP.)
DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Company)
DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Company)
DRV - (USA19) -- C:\WINDOWS\system32\drivers\usa192k.sys (Keyspan)
DRV - (USA192KP) -- C:\WINDOWS\system32\drivers\usa192kp.sys (Keyspan)
DRV - (DS1410D) -- C:\WINDOWS\system32\drivers\ds1410d.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-839522115-1677128483-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://stenograph.blackboard.com/webapps/login/
IE - HKU\S-1-5-21-839522115-1677128483-682003330-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-839522115-1677128483-682003330-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-839522115-1677128483-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-839522115-1677128483-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: gmailwatcher@sonthakit:1.56
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Program Files\Java\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Aneler\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Aneler\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Aneler\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Aneler\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/09/10 15:50:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 15:57:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/09 15:02:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/01/17 21:23:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aneler\Application Data\Mozilla\Extensions
[2012/01/17 21:23:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aneler\Application Data\Mozilla\Extensions\home2@tomtom.com
[2012/09/11 15:46:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aneler\Application Data\Mozilla\Firefox\Profiles\qasif0fa.default\extensions
[2012/09/10 15:43:41 | 000,221,699 | ---- | M] () (No name found) -- C:\Documents and Settings\Aneler\Application Data\Mozilla\Firefox\Profiles\qasif0fa.default\extensions\gmailwatcher@sonthakit.xpi
[2012/01/07 13:54:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/08 00:35:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions
[2012/09/08 00:35:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/09/09 15:02:34 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/30 15:41:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/08/30 15:41:26 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/09/10 16:26:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-839522115-1677128483-682003330-1004..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-839522115-1677128483-682003330-1004..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.)
O4 - Startup: C:\Documents and Settings\Aneler\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Aneler\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-839522115-1677128483-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-839522115-1677128483-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-839522115-1677128483-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-839522115-1677128483-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1316071016167 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{314AE768-34BA-4921-B656-AC22ED2B2272}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Aneler\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Aneler\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/14 21:09:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/10 22:28:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/09/10 22:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/09/10 22:23:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/09/10 22:22:39 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Aneler\Desktop\OTL.exe
[2012/09/10 17:20:23 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Aneler\Desktop\aswMBR.exe
[2012/09/10 17:19:44 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Aneler\Desktop\tdsskiller.exe
[2012/09/10 16:18:14 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/09/10 16:16:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/09/10 16:16:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/09/10 16:16:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/09/10 16:16:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/09/10 16:16:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/10 16:16:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/09/10 15:50:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2012/09/10 15:48:42 | 004,748,983 | R--- | C] (Swearware) -- C:\Documents and Settings\Aneler\Desktop\ComboFix.exe
[2012/09/09 15:53:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Aneler\Start Menu\Programs\Administrative Tools
[2012/09/09 15:52:36 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Aneler\Desktop\dds.com
[2012/09/08 01:17:14 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/09/05 22:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(2)
[2012/09/05 22:19:58 | 077,251,480 | ---- | C] (Apple Inc.) -- C:\Documents and Settings\Aneler\My Documents\iTunesSetup.exe
[2012/08/31 20:50:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aneler\My Documents\Game of Thrones
[2012/08/28 19:15:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/08/28 19:14:53 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/08/28 19:14:52 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/08/28 19:14:47 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/08/28 19:14:47 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/08/28 19:14:46 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/08/28 19:13:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/08/24 19:40:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aneler\My Documents\RiRi
[2012/08/19 13:02:25 | 000,737,280 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hposwia_d02a.dll
[2012/08/19 13:02:25 | 000,598,016 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpost_d02a.dll
[2012/08/19 13:02:25 | 000,372,736 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hppldcoi.dll
[2012/08/19 13:02:25 | 000,309,760 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2012/08/19 13:02:25 | 000,307,200 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hposc_d02a.dll
[2012/08/19 12:58:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2012/08/19 12:57:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2012/08/14 21:09:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aneler\My Documents\pratchett_files
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/11 15:47:21 | 000,381,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/09/11 15:47:21 | 000,053,352 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/09/11 15:46:25 | 094,530,750 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/09/11 15:42:19 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/11 15:42:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/11 15:42:15 | 2138,361,856 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/10 22:31:00 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1677128483-682003330-1004UA.job
[2012/09/10 22:31:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1677128483-682003330-1004Core.job
[2012/09/10 22:28:58 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/09/10 22:22:40 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aneler\Desktop\OTL.exe
[2012/09/10 22:18:24 | 077,251,480 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Aneler\My Documents\iTunesSetup.exe
[2012/09/10 22:15:28 | 140,497,812 | ---- | M] () -- C:\Documents and Settings\Aneler\My Documents\DW19foc.rar
[2012/09/10 17:46:37 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Aneler\Desktop\MBR.dat
[2012/09/10 17:20:35 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Aneler\Desktop\aswMBR.exe
[2012/09/10 17:19:45 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Aneler\Desktop\tdsskiller.exe
[2012/09/10 16:26:33 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/09/10 16:18:24 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/09/10 15:50:38 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/09/10 15:48:44 | 004,748,983 | R--- | M] (Swearware) -- C:\Documents and Settings\Aneler\Desktop\ComboFix.exe
[2012/09/10 15:46:42 | 000,854,156 | ---- | M] () -- C:\Documents and Settings\Aneler\Desktop\SecurityCheck.exe
[2012/09/09 15:57:16 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Aneler\Desktop\02pyd96x.exe
[2012/09/09 15:52:36 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Aneler\Desktop\dds.com
[2012/09/09 15:48:02 | 001,092,770 | ---- | M] () -- C:\Documents and Settings\Aneler\My Documents\bookmarks-Sept-9-2012.html
[2012/09/08 10:46:07 | 000,085,504 | ---- | M] () -- C:\Documents and Settings\Aneler\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/06 17:44:54 | 000,469,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/09/05 16:49:19 | 173,714,100 | ---- | M] () -- C:\Documents and Settings\Aneler\My Documents\HP3hpatpoa.rar
[2012/09/04 18:54:43 | 044,373,151 | ---- | M] () -- C:\Documents and Settings\Aneler\My Documents\Jump Rope Workout Routine - Intense Home Cardio & Toning Exercises(240p_H.263-MP3).flv
[2012/09/04 18:50:03 | 122,342,180 | ---- | M] () -- C:\Documents and Settings\Aneler\My Documents\HP1hpatss.rar
[2012/09/03 19:02:32 | 177,532,945 | ---- | M] () -- C:\Documents and Settings\Aneler\My Documents\Harry Potter 3 - Harry Potter and the Prisoner of Azkaban.m4b
[2012/09/03 16:28:22 | 125,117,501 | ---- | M] () -- C:\Documents and Settings\Aneler\My Documents\Harry Potter 1 - Harry Potter and the Sorcerer's Stone.m4b
[2012/08/31 06:38:14 | 149,978,679 | ---- | M] () -- C:\Documents and Settings\Aneler\My Documents\DW08gg.rar
[2012/08/28 22:04:28 | 155,415,124 | ---- | M] () -- C:\Documents and Settings\Aneler\My Documents\DW29nw.rar
[2012/08/28 19:14:34 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/08/28 19:14:32 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/08/28 19:14:32 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/08/28 19:14:31 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/08/28 19:14:31 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/08/28 19:14:31 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/08/28 18:58:14 | 000,001,694 | ---- | M] () -- C:\Documents and Settings\Aneler\Desktop\JDownloader.lnk
[2012/08/28 18:58:13 | 000,001,658 | ---- | M] () -- C:\Documents and Settings\Aneler\Application Data\Microsoft\Internet Explorer\Quick Launch\JDownloader.lnk
[2012/08/27 20:06:44 | 001,659,684 | ---- | M] () -- C:\Documents and Settings\Aneler\My Documents\She's So High.mp3.mp3
[2012/08/27 20:06:41 | 001,754,592 | ---- | M] () -- C:\Documents and Settings\Aneler\My Documents\Butterfly.mp3.mp3
[2012/08/27 20:03:31 | 001,745,606 | ---- | M] () -- C:\Documents and Settings\Aneler\My Documents\Every Time We Touch.mp3.mp3
[2012/08/24 19:38:11 | 022,329,416 | ---- | M] () -- C:\Documents and Settings\Aneler\My Documents\RiRi.zip
[2012/08/24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2012/08/23 22:34:23 | 002,028,900 | ---- | M] () -- C:\Documents and Settings\Aneler\Desktop\falldesktop.PNG
[2012/08/23 22:06:51 | 164,035,915 | ---- | M] () -- C:\Documents and Settings\Aneler\My Documents\DW39s.rar
[2012/08/22 20:07:10 | 000,237,752 | ---- | M] () -- C:\Documents and Settings\Aneler\My Documents\dress.PNG
[2012/08/22 20:06:32 | 000,020,712 | ---- | M] () -- C:\Documents and Settings\Aneler\My Documents\dress.JPG
[2012/08/20 22:37:38 | 159,166,260 | ---- | M] () -- C:\Documents and Settings\Aneler\My Documents\DW24tfe.rar
[2012/08/19 13:09:31 | 000,162,919 | ---- | M] () -- C:\WINDOWS\hpoins37.dat
[2012/08/19 12:18:09 | 000,127,184 | ---- | M] () -- C:\Documents and Settings\Aneler\My Documents\tickets.pdf
[2012/08/17 15:46:54 | 000,002,718 | ---- | M] () -- C:\Documents and Settings\Aneler\Desktop\Workout.xspf
[2012/08/16 17:26:09 | 040,038,254 | ---- | M] () -- C:\Documents and Settings\Aneler\My Documents\Crunchless Abs Workout - Crunch Free Ab Workout Routine(480p_H.264-AAC).flv
[2012/08/16 16:19:42 | 034,637,949 | ---- | M] () -- C:\Documents and Settings\Aneler\My Documents\The Heroes of Olympus - The Lost Hero part 11.mp3
[2012/08/14 21:36:38 | 035,656,306 | ---- | M] () -- C:\Documents and Settings\Aneler\My Documents\The Heroes of Olympus - The Lost Hero part 3.mp3
[2012/08/14 21:30:09 | 033,693,570 | ---- | M] () -- C:\Documents and Settings\Aneler\My Documents\The Heroes of Olympus - The Lost Hero part 14.mp3
[2012/08/14 21:29:27 | 035,934,249 | ---- | M] () -- C:\Documents and Settings\Aneler\My Documents\The Heroes of Olympus - The Lost Hero part 2.mp3
[2012/08/14 21:29:23 | 034,680,999 | ---- | M] () -- C:\Documents and Settings\Aneler\My Documents\The Heroes of Olympus - The Lost Hero part 12.mp3
[2012/08/14 21:28:26 | 034,080,809 | ---- | M] () -- C:\Documents and Settings\Aneler\My Documents\The Heroes of Olympus - The Lost Hero part 6.mp3
[2012/08/14 21:27:52 | 033,518,445 | ---- | M] () -- C:\Documents and Settings\Aneler\My Documents\The Heroes of Olympus - The Lost Hero part 5.mp3
[2012/08/14 21:27:19 | 014,869,466 | ---- | M] () -- C:\Documents and Settings\Aneler\My Documents\The Heroes of Olympus - The Lost Hero part 1.avi
[2012/08/14 21:27:13 | 055,712,744 | ---- | M] () -- C:\Documents and Settings\Aneler\My Documents\The Heroes of Olympus - The Lost Hero part 4.avi
[2012/08/14 21:27:13 | 055,283,042 | ---- | M] () -- C:\Documents and Settings\Aneler\My Documents\The Heroes of Olympus - The Lost Hero part 7.avi
[2012/08/14 21:22:12 | 033,283,343 | ---- | M] () -- C:\Documents and Settings\Aneler\My Documents\The Heroes of Olympus - The Lost Hero part 7.mp3
[2012/08/14 21:21:12 | 033,305,077 | ---- | M] () -- C:\Documents and Settings\Aneler\My Documents\The Heroes of Olympus - The Lost Hero part 4.mp3
[2012/08/14 21:21:06 | 098,379,605 | ---- | M] () -- C:\Documents and Settings\Aneler\My Documents\The Heroes of Olympus - The Lost Hero part 1.mp3
[2012/08/14 21:20:14 | 032,964,022 | ---- | M] () -- C:\Documents and Settings\Aneler\My Documents\The Heroes of Olympus - The Lost Hero part 13.mp3
[2012/08/14 21:09:58 | 000,168,663 | ---- | M] () -- C:\Documents and Settings\Aneler\My Documents\pratchett.htm
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/10 22:34:16 | 143,545,420 | ---- | C] () -- C:\Documents and Settings\Aneler\My Documents\Discworld 19 - Feet of Clay.m4b
[2012/09/10 22:28:58 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/09/10 22:12:33 | 140,497,812 | ---- | C] () -- C:\Documents and Settings\Aneler\My Documents\DW19foc.rar
[2012/09/10 17:46:37 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Aneler\Desktop\MBR.dat
[2012/09/10 16:18:24 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/09/10 16:18:19 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/09/10 16:16:39 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/09/10 16:16:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/09/10 16:16:39 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/09/10 16:16:39 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/09/10 16:16:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/09/10 15:46:37 | 000,854,156 | ---- | C] () -- C:\Documents and Settings\Aneler\Desktop\SecurityCheck.exe
[2012/09/09 15:57:15 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Aneler\Desktop\02pyd96x.exe
[2012/09/09 15:48:01 | 001,092,770 | ---- | C] () -- C:\Documents and Settings\Aneler\My Documents\bookmarks-Sept-9-2012.html
[2012/09/05 20:28:01 | 044,373,151 | ---- | C] () -- C:\Documents and Settings\Aneler\My Documents\Jump Rope Workout Routine - Intense Home Cardio & Toning Exercises(240p_H.263-MP3).flv
[2012/09/05 16:51:19 | 177,532,945 | ---- | C] () -- C:\Documents and Settings\Aneler\My Documents\Harry Potter 3 - Harry Potter and the Prisoner of Azkaban.m4b
[2012/09/05 16:44:42 | 173,714,100 | ---- | C] () -- C:\Documents and Settings\Aneler\My Documents\HP3hpatpoa.rar
[2012/09/04 22:03:12 | 125,117,501 | ---- | C] () -- C:\Documents and Settings\Aneler\My Documents\Harry Potter 1 - Harry Potter and the Sorcerer's Stone.m4b
[2012/09/04 18:47:56 | 122,342,180 | ---- | C] () -- C:\Documents and Settings\Aneler\My Documents\HP1hpatss.rar
[2012/08/31 06:41:34 | 153,235,185 | ---- | C] () -- C:\Documents and Settings\Aneler\My Documents\Discworld 08 - Guards! Guards!.m4b
[2012/08/31 06:35:40 | 149,978,679 | ---- | C] () -- C:\Documents and Settings\Aneler\My Documents\DW08gg.rar
[2012/08/28 22:05:32 | 159,406,188 | ---- | C] () -- C:\Documents and Settings\Aneler\My Documents\Discworld 29 - Night Watch.m4b
[2012/08/28 21:58:19 | 155,415,124 | ---- | C] () -- C:\Documents and Settings\Aneler\My Documents\DW29nw.rar
[2012/08/27 20:06:44 | 001,659,684 | ---- | C] () -- C:\Documents and Settings\Aneler\My Documents\She's So High.mp3.mp3
[2012/08/27 20:06:40 | 001,754,592 | ---- | C] () -- C:\Documents and Settings\Aneler\My Documents\Butterfly.mp3.mp3
[2012/08/27 20:03:31 | 001,745,606 | ---- | C] () -- C:\Documents and Settings\Aneler\My Documents\Every Time We Touch.mp3.mp3
[2012/08/24 19:37:52 | 022,329,416 | ---- | C] () -- C:\Documents and Settings\Aneler\My Documents\RiRi.zip
[2012/08/23 22:55:24 | 167,670,258 | ---- | C] () -- C:\Documents and Settings\Aneler\My Documents\Discworld 39 - Snuff.m4b
[2012/08/23 22:34:23 | 002,028,900 | ---- | C] () -- C:\Documents and Settings\Aneler\Desktop\falldesktop.PNG
[2012/08/23 22:03:40 | 164,035,915 | ---- | C] () -- C:\Documents and Settings\Aneler\My Documents\DW39s.rar
[2012/08/22 20:07:09 | 000,237,752 | ---- | C] () -- C:\Documents and Settings\Aneler\My Documents\dress.PNG
[2012/08/22 20:06:31 | 000,020,712 | ---- | C] () -- C:\Documents and Settings\Aneler\My Documents\dress.JPG
[2012/08/20 22:40:14 | 162,958,656 | ---- | C] () -- C:\Documents and Settings\Aneler\My Documents\Discworld 24 - The Fifth Elephant.m4b
[2012/08/20 22:29:12 | 159,166,260 | ---- | C] () -- C:\Documents and Settings\Aneler\My Documents\DW24tfe.rar
[2012/08/19 12:52:57 | 000,162,919 | ---- | C] () -- C:\WINDOWS\hpoins37.dat
[2012/08/19 12:52:57 | 000,000,632 | ---- | C] () -- C:\WINDOWS\hpomdl37.dat
[2012/08/19 12:26:22 | 000,000,632 | ---- | C] () -- C:\WINDOWS\hpomdl37.dat.temp
[2012/08/19 12:18:09 | 000,127,184 | ---- | C] () -- C:\Documents and Settings\Aneler\My Documents\tickets.pdf
[2012/08/16 17:16:31 | 040,038,254 | ---- | C] () -- C:\Documents and Settings\Aneler\My Documents\Crunchless Abs Workout - Crunch Free Ab Workout Routine(480p_H.264-AAC).flv
[2012/08/16 16:19:28 | 034,637,949 | ---- | C] () -- C:\Documents and Settings\Aneler\My Documents\The Heroes of Olympus - The Lost Hero part 11.mp3
[2012/08/14 21:36:35 | 035,656,306 | ---- | C] () -- C:\Documents and Settings\Aneler\My Documents\The Heroes of Olympus - The Lost Hero part 3.mp3
[2012/08/14 21:29:56 | 033,693,570 | ---- | C] () -- C:\Documents and Settings\Aneler\My Documents\The Heroes of Olympus - The Lost Hero part 14.mp3
[2012/08/14 21:29:18 | 035,934,249 | ---- | C] () -- C:\Documents and Settings\Aneler\My Documents\The Heroes of Olympus - The Lost Hero part 2.mp3
[2012/08/14 21:29:02 | 034,680,999 | ---- | C] () -- C:\Documents and Settings\Aneler\My Documents\The Heroes of Olympus - The Lost Hero part 12.mp3
[2012/08/14 21:28:01 | 034,080,809 | ---- | C] () -- C:\Documents and Settings\Aneler\My Documents\The Heroes of Olympus - The Lost Hero part 6.mp3
[2012/08/14 21:22:26 | 033,518,445 | ---- | C] () -- C:\Documents and Settings\Aneler\My Documents\The Heroes of Olympus - The Lost Hero part 5.mp3
[2012/08/14 21:21:29 | 033,283,343 | ---- | C] () -- C:\Documents and Settings\Aneler\My Documents\The Heroes of Olympus - The Lost Hero part 7.mp3
[2012/08/14 21:21:06 | 014,869,466 | ---- | C] () -- C:\Documents and Settings\Aneler\My Documents\The Heroes of Olympus - The Lost Hero part 1.avi
[2012/08/14 21:20:46 | 033,305,077 | ---- | C] () -- C:\Documents and Settings\Aneler\My Documents\The Heroes of Olympus - The Lost Hero part 4.mp3
[2012/08/14 21:20:08 | 032,964,022 | ---- | C] () -- C:\Documents and Settings\Aneler\My Documents\The Heroes of Olympus - The Lost Hero part 13.mp3
[2012/08/14 21:19:41 | 055,283,042 | ---- | C] () -- C:\Documents and Settings\Aneler\My Documents\The Heroes of Olympus - The Lost Hero part 7.avi
[2012/08/14 21:19:37 | 055,712,744 | ---- | C] () -- C:\Documents and Settings\Aneler\My Documents\The Heroes of Olympus - The Lost Hero part 4.avi
[2012/08/14 21:09:56 | 000,168,663 | ---- | C] () -- C:\Documents and Settings\Aneler\My Documents\pratchett.htm
[2012/08/14 20:55:17 | 098,379,605 | ---- | C] () -- C:\Documents and Settings\Aneler\My Documents\The Heroes of Olympus - The Lost Hero part 1.mp3
[2012/06/13 19:31:02 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/29 20:44:53 | 000,034,814 | ---- | C] () -- C:\Documents and Settings\Aneler\Local Settings\Application Data\dt.dat
[2012/01/05 01:26:11 | 000,000,017 | ---- | C] () -- C:\WINDOWS\System32\shortcut_ex.dat
[2011/09/25 14:25:53 | 000,085,504 | ---- | C] () -- C:\Documents and Settings\Aneler\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/20 00:02:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\catalyst.ini
[2011/09/16 17:53:16 | 000,000,093 | ---- | C] () -- C:\WINDOWS\.ini
[2011/09/16 00:54:31 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\OdiOlDVR.dll
[2011/09/16 00:54:31 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\OdiAPI.dll
[2011/09/15 22:04:24 | 000,000,045 | ---- | C] () -- C:\WINDOWS\CBTPath.ini
[2011/09/15 22:04:18 | 000,007,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\ds1410d.sys
[2011/09/15 21:57:54 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Usa19PropPage.dll
[2011/09/15 21:57:54 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\k19inst.dll
[2011/09/14 22:13:16 | 001,498,560 | ---- | C] () -- C:\WINDOWS\System32\igkrng400.bin
[2011/09/14 21:31:49 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2011/09/14 21:11:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/09/14 21:06:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/09/14 16:59:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/09/14 16:58:43 | 000,103,032 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/19 05:26:20 | 010,898,456 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2011/08/19 05:26:20 | 000,336,408 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2011/08/19 05:26:20 | 000,104,472 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2011/07/26 02:48:54 | 000,028,418 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

< End of report >

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:53 AM

Posted 11 September 2012 - 03:57 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Aneler

Aneler
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 11 September 2012 - 04:16 PM

Here is the report after the OTL fix. It appeared really quickly.

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Aneler\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Aneler\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Aneler
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Aneler
->Flash cache emptied: 1098 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.61.3 log created on 09112012_171354

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:53 AM

Posted 11 September 2012 - 04:35 PM

how are things running now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Aneler

Aneler
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 11 September 2012 - 04:37 PM

I'm clicking links on Google and I haven't been redirected so far, but since it only happened to me intermittently before, I'll try over a longer period of time and report back to let you know if I'm still being redirected.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:53 AM

Posted 11 September 2012 - 04:45 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 7.0
Java 7 Update 6
JavaFX 2.1.0
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:53 AM

Posted 11 September 2012 - 04:46 PM

double post

Edited by gringo_pr, 11 September 2012 - 04:46 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users