Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with trojan.siggen4.32187 freezes up


  • This topic is locked This topic is locked
17 replies to this topic

#1 salguy

salguy

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 07 November 2012 - 07:25 PM

MOD EDIT: Moved to Virus, Trojan, Spyware, and Malware Removal Logs ~~ boopme


Hello I had the two trojan siggen4. I think drweb found them and moved them. Ican't do much in regular or safe mode. It freezes and says navigation canceled.the operation could not be completed due to low memory or harddrive space. there are ok. error 66dcvs I have to use other machine to download anything and put on a stick.thank you for any help.
DDS (Ver_2012-11-05.02) - NTFS_x86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by Administrator at 9:14:58 on 2012-11-07
.
============== Running Processes ================
.
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://msn.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AOL Fast Start] "c:\program files\aol 9.5\AOL.EXE" -b
uRun: [Tucan] "c:\documents and settings\sal\desktop\PAVARK.exe" /Monitor
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_3_300_271_ActiveX.exe -update activex
uRunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f
uRunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f
uRunOnce: [adawarebp_DATA_FOLDER] cmd.exe /c rmdir "c:\documents and settings\all users\application data\Ad-Aware Browsing Protection" /s /q
uRunOnce: [adawarebp_INSTALL_FOLDER] cmd.exe /c rmdir "c:\documents and settings\administrator\local settings\application data\adawarebp" /s /q
uRunOnce: [Report] C:\AdwCleaner[S1].txt
mRun: [SpIDerAgent] "c:\program files\drweb\spideragent.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{875F0608-04DF-4455-B52D-C95F902A3BDD} : DHCPNameServer = 192.168.1.254 192.168.1.254
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {56F9679E-7826-4C84-81F3-532071A8BCC5} - <orphaned>
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
.
============= FINISH: 9:15:29.89 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-05.02)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/22/2011 1:40:08 AM
System Uptime: 11/7/2012 6:35:56 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0M3918
Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 71 GiB total, 57.955 GiB free.
D: is CDROM ()
E: is Removable
F: is FIXED (NTFS) - 0 GiB total, 0.034 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
3100_3200_3300_Help
3100_3200_3300trb
3300
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
AiO_Scan_CDA
AiOSoftwareNPI
AOL Uninstaller (Choose which Products to Remove)
Ashampoo WinOptimizer 6.60
avast! Free Antivirus
Belarc Advisor 8.1
BufferChm
CCleaner
Compatibility Pack for the 2007 Office system
CP_AtenaShokunin1Config
CP_CalendarTemplates1
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
CueTour
DC-300 TWAIN driver
Dell Driver Download Manager
Dell Driver Reset Tool
Dell ResourceCD
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
DocProc
DocumentViewer
DocumentViewerQFolder
Easy CD Creator 5 Basic
EPSON Printer Software
ESET Online Scanner v3
eSupportQFolder
Fax_CDA
FullDPAppQFolder
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.0.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Document Viewer 5.3
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP Product Assistant
HP Product Detection
HP PSC & OfficeJet 5.3.A
HP Solution Center & Imaging Support Tools 5.3
HP Update
HPProductAssistant
InstantShareAlert
InstantShareDevices
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
Java 7 Update 7
Java Auto Updater
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
NewCopy_CDA
NTREGOPT 1.1j
PanoStandAlone
PhotoGallery
PowerDVD
ProductContextNPI
RandMap
Readme
Revo Uninstaller 1.94
Scan
ScannerCopy
Secunia PSI (2.0.0.4003)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
SkinsHP1
SolutionCenter
Sonic_PrimoSDK
SoundMAX
Status
SUPERAntiSpyware
TrayApp
Uninstall Startup Inspector
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
User Profile Hive Cleanup Service
VC 9.0 Runtime
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 CRT (x86) WinSXS MSM
Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
WebFldrs XP
WebReg
Windows Backup Utility
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WMI ODBC Driver
ZoneAlarm Free Firewall
ZoneAlarm LTD Toolbar
.
==== Event Viewer Messages From Past Week ========
.
11/6/2012 8:59:32 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
11/6/2012 10:26:25 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
11/6/2012 10:26:23 PM, error: SRService [104] - The System Restore initialization process failed.
11/5/2012 9:15:26 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WSearch service.
11/5/2012 8:54:28 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/5/2012 8:54:28 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
11/5/2012 8:27:00 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
11/5/2012 8:26:49 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
11/5/2012 8:18:10 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi Fips intelppm Lbd OMCI SASDIFSV SASKUTIL
11/5/2012 7:34:08 PM, error: Service Control Manager [7028] - The SpiderG3 Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
11/5/2012 7:32:14 PM, error: Service Control Manager [7028] - The DwProt Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
11/5/2012 7:32:06 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
11/5/2012 7:28:37 PM, error: Service Control Manager [7028] - The DrWebAVService Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
11/5/2012 7:28:29 PM, error: Service Control Manager [7028] - The DrWebNetFilter Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
11/5/2012 7:28:19 PM, error: Service Control Manager [7028] - The DrWebEngine Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
11/5/2012 6:58:53 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
11/5/2012 3:05:04 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
11/5/2012 3:04:59 PM, error: Service Control Manager [7000] - The PfModNT service failed to start due to the following error: The system cannot find the file specified.
11/5/2012 3:03:34 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/5/2012 2:56:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/5/2012 2:46:36 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi DrWebWfp Fips intelppm Lbd OMCI SASDIFSV SASKUTIL
11/4/2012 4:11:44 PM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
.
==== End Of File ===========================
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-05.02)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/22/2011 1:40:08 AM
System Uptime: 11/7/2012 6:35:56 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0M3918
Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 71 GiB total, 57.955 GiB free.
D: is CDROM ()
E: is Removable
F: is FIXED (NTFS) - 0 GiB total, 0.034 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
3100_3200_3300_Help
3100_3200_3300trb
3300
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
AiO_Scan_CDA
AiOSoftwareNPI
AOL Uninstaller (Choose which Products to Remove)
Ashampoo WinOptimizer 6.60
avast! Free Antivirus
Belarc Advisor 8.1
BufferChm
CCleaner
Compatibility Pack for the 2007 Office system
CP_AtenaShokunin1Config
CP_CalendarTemplates1
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
CueTour
DC-300 TWAIN driver
Dell Driver Download Manager
Dell Driver Reset Tool
Dell ResourceCD
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
DocProc
DocumentViewer
DocumentViewerQFolder
Easy CD Creator 5 Basic
EPSON Printer Software
ESET Online Scanner v3
eSupportQFolder
Fax_CDA
FullDPAppQFolder
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.0.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Document Viewer 5.3
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP Product Assistant
HP Product Detection
HP PSC & OfficeJet 5.3.A
HP Solution Center & Imaging Support Tools 5.3
HP Update
HPProductAssistant
InstantShareAlert
InstantShareDevices
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
Java 7 Update 7
Java Auto Updater
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
NewCopy_CDA
NTREGOPT 1.1j
PanoStandAlone
PhotoGallery
PowerDVD
ProductContextNPI
RandMap
Readme
Revo Uninstaller 1.94
Scan
ScannerCopy
Secunia PSI (2.0.0.4003)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
SkinsHP1
SolutionCenter
Sonic_PrimoSDK
SoundMAX
Status
SUPERAntiSpyware
TrayApp
Uninstall Startup Inspector
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
User Profile Hive Cleanup Service
VC 9.0 Runtime
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 CRT (x86) WinSXS MSM
Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
WebFldrs XP
WebReg
Windows Backup Utility
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WMI ODBC Driver
ZoneAlarm Free Firewall
ZoneAlarm LTD Toolbar
.
==== Event Viewer Messages From Past Week ========
.
11/6/2012 8:59:32 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
11/6/2012 10:26:25 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
11/6/2012 10:26:23 PM, error: SRService [104] - The System Restore initialization process failed.
11/5/2012 9:15:26 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WSearch service.
11/5/2012 8:54:28 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/5/2012 8:54:28 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
11/5/2012 8:27:00 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
11/5/2012 8:26:49 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
11/5/2012 8:18:10 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi Fips intelppm Lbd OMCI SASDIFSV SASKUTIL
11/5/2012 7:34:08 PM, error: Service Control Manager [7028] - The SpiderG3 Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
11/5/2012 7:32:14 PM, error: Service Control Manager [7028] - The DwProt Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
11/5/2012 7:32:06 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
11/5/2012 7:28:37 PM, error: Service Control Manager [7028] - The DrWebAVService Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
11/5/2012 7:28:29 PM, error: Service Control Manager [7028] - The DrWebNetFilter Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
11/5/2012 7:28:19 PM, error: Service Control Manager [7028] - The DrWebEngine Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
11/5/2012 6:58:53 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
11/5/2012 3:05:04 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
11/5/2012 3:04:59 PM, error: Service Control Manager [7000] - The PfModNT service failed to start due to the following error: The system cannot find the file specified.
11/5/2012 3:03:34 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/5/2012 2:56:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/5/2012 2:46:36 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi DrWebWfp Fips intelppm Lbd OMCI SASDIFSV SASKUTIL
11/4/2012 4:11:44 PM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
.
==== End Of File ===========================
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-11-07 02:29:00
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e WDC_WD800JD-75JNA0 rev.05.01C05
Running: xr0j9qjh.exe; Driver: C:\DOCUME~1\SAL\LOCALS~1\Temp\fglyyaog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA95C44BA]
SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwAllocateVirtualMemory [0xF73DDEDE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xA95C4ED6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA9606811]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA95CFFA8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA95CFFF4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA95D0176]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA96061C5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA95CFF16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA95D0038]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA95CFF5E]
SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwCreateThread [0xF73E0632]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA95D0130]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xA95C593E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA95C4508]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA9606ED7]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA960718D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA95C91C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA9606D42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA9606BAD]
SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwFreeVirtualMemory [0xF73DE25C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA95C4170]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA95C4556]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA95C9534]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA95C63A6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA95CFFD2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA95D0016]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA95D019A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA9606521]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA95CFF3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA95C8C3E]
SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwOpenSection [0xF73DDC12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA95CFF86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA95C8F14]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA95D0154]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA9699E4A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA9606A28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA95C6272]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA960687A]
SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwQueueApcThread [0xF73E07C4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA96A67D2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA9605838]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA95C45A4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA95C45F2]
SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwSetContextThread [0xF73E0864]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA95C41FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA95C43AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA9606FDE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA95C4350]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xA95C5AF8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xA95C5C54]
SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwSystemDebugControl [0xF73DDAD8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xA95C54D4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xA95C5636]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xA969841C]
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xA8EAA75C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA95C4640]
SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwWriteVirtualMemory [0xF73DE3A0]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA96B2E56]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 23C8 80501C18 2 Bytes [D6, 4E] {SALC ; DEC ESI}
.text ntkrnlpa.exe!ZwCallbackReturn + 2564 80501DB4 2 Bytes [3E, 8C]
.text ntkrnlpa.exe!ZwCallbackReturn + 257C 80501DCC 2 Bytes [14, 8F] {ADC AL, 0x8f}
.text ntkrnlpa.exe!ZwCallbackReturn + 26C8 80501F18 12 Bytes [A4, 45, 5C, A9, F2, 45, 5C, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2770 80501FC0 2 Bytes [F8, 5A] {CLC ; POP EDX}
.text ...
.text ntkrnlpa.exe!ObfDereferenceObject 80522BA2 7 Bytes [B8, 44, F8, 83, F7, FF, E0] {MOV EAX, 0xf783f844; JMP EAX}
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 8059B956 4 Bytes CALL A95C6A77 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!MmMapViewOfSection 805A73EA 7 Bytes [B8, D0, F2, 83, F7, FF, E0] {MOV EAX, 0xf783f2d0; JMP EAX}
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1E1E 5 Bytes JMP A96AFCF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObCreateObject 805B6F1C 7 Bytes [B8, 12, F2, 83, F7, FF, E0] {MOV EAX, 0xf783f212; JMP EAX}
PAGE ntkrnlpa.exe!ObInsertObject 805B8C96 7 Bytes JMP A96B1810 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C7540 7 Bytes JMP A96B2E5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF701FF80]
.text win32k.sys!EngFreeUserMem + 674 BF80991D 5 Bytes JMP A95CAB4C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C879 5 Bytes JMP A95CAA3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP A95CA9F6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C57B 5 Bytes JMP A95CA0A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF8240EB 5 Bytes JMP A95C97C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828A55 5 Bytes JMP A95CACB6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8314A0 5 Bytes JMP A95CAEBE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B687 BF839ED7 5 Bytes JMP A95CA8FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF851765 5 Bytes JMP A95C9688 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC8A 5 Bytes JMP A95CA16A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E2F4 5 Bytes JMP A95C9C1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E37F 5 Bytes JMP A95C9EE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F5F0 5 Bytes JMP A95C9670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5457 BF8649BF 5 Bytes JMP A95CAA86 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 35FB BF8731B9 5 Bytes JMP A95C9CDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4138 BF873CF6 5 Bytes JMP A95C9E9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF890DF1 5 Bytes JMP A95CA182 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF89439B 5 Bytes JMP A95CABFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF894E73 5 Bytes JMP A95CAE1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 3862 BF89C226 5 Bytes JMP A95CA090 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DF7 BF89D7BB 5 Bytes JMP A95C9834 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9E8 BF8C1D00 5 Bytes JMP A95C9944 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA191 5 Bytes JMP A95C9A1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA411 5 Bytes JMP A95C9B48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B33 BF8EBDCC 5 Bytes JMP A95C956A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + CB47 BF8F4DE0 5 Bytes JMP A95CA0C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1A2F BF9142F4 5 Bytes JMP A95C9760 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2603 BF914EC8 5 Bytes JMP A95C98F0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F7C BF917841 5 Bytes JMP A95C9FFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1947 BF947973 3 Bytes JMP A95CAD74 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 194B BF947977 1 Byte [E9]
? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[168] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[168] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[168] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[168] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre7\bin\jqs.exe[300] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Program Files\Java\jre7\bin\jqs.exe[300] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre7\bin\jqs.exe[300] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Program Files\Java\jre7\bin\jqs.exe[300] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre7\bin\jqs.exe[300] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
.text C:\Program Files\Java\jre7\bin\jqs.exe[300] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
.text C:\Program Files\Java\jre7\bin\jqs.exe[300] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
.text C:\Program Files\Java\jre7\bin\jqs.exe[300] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
.text C:\Program Files\Java\jre7\bin\jqs.exe[300] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
.text C:\Program Files\Java\jre7\bin\jqs.exe[300] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
.text C:\Program Files\Java\jre7\bin\jqs.exe[300] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
.text C:\Program Files\Java\jre7\bin\jqs.exe[300] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
.text C:\Program Files\Java\jre7\bin\jqs.exe[300] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003E0804
.text C:\Program Files\Java\jre7\bin\jqs.exe[300] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003E0A08
.text C:\Program Files\Java\jre7\bin\jqs.exe[300] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003E0600
.text C:\Program Files\Java\jre7\bin\jqs.exe[300] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003E01F8
.text C:\Program Files\Java\jre7\bin\jqs.exe[300] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\HPZipm12.exe[496] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8
.text C:\WINDOWS\system32\HPZipm12.exe[496] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\HPZipm12.exe[496] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC
.text C:\WINDOWS\system32\HPZipm12.exe[496] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[620] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Secunia\PSI\PSIA.exe[652] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Program Files\Secunia\PSI\PSIA.exe[652] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Secunia\PSI\PSIA.exe[652] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Program Files\Secunia\PSI\PSIA.exe[652] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Secunia\PSI\PSIA.exe[652] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 010A1014
.text C:\Program Files\Secunia\PSI\PSIA.exe[652] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 010A0804
.text C:\Program Files\Secunia\PSI\PSIA.exe[652] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 010A0A08
.text C:\Program Files\Secunia\PSI\PSIA.exe[652] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 010A0C0C
.text C:\Program Files\Secunia\PSI\PSIA.exe[652] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 010A0E10
.text C:\Program Files\Secunia\PSI\PSIA.exe[652] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 010A01F8
.text C:\Program Files\Secunia\PSI\PSIA.exe[652] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 010A03FC
.text C:\Program Files\Secunia\PSI\PSIA.exe[652] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 010A0600
.text C:\WINDOWS\System32\svchost.exe[668] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[668] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[668] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[668] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[668] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00A61014
.text C:\WINDOWS\System32\svchost.exe[668] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00A60804
.text C:\WINDOWS\System32\svchost.exe[668] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00A60A08
.text C:\WINDOWS\System32\svchost.exe[668] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00A60C0C
.text C:\WINDOWS\System32\svchost.exe[668] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00A60E10
.text C:\WINDOWS\System32\svchost.exe[668] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00A601F8
.text C:\WINDOWS\System32\svchost.exe[668] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00A603FC
.text C:\WINDOWS\System32\svchost.exe[668] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00A60600
.text C:\WINDOWS\system32\csrss.exe[688] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[688] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[712] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[756] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[924] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\UPHClean\uphclean.exe[1056] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Program Files\UPHClean\uphclean.exe[1056] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\UPHClean\uphclean.exe[1056] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Program Files\UPHClean\uphclean.exe[1056] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\SearchIndexer.exe[1120] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\SearchIndexer.exe[1120] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\SearchIndexer.exe[1120] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\SearchIndexer.exe[1120] KERNEL32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[1120] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\SearchIndexer.exe[1120] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00951014
.text C:\WINDOWS\system32\SearchIndexer.exe[1120] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00950804
.text C:\WINDOWS\system32\SearchIndexer.exe[1120] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00950A08
.text C:\WINDOWS\system32\SearchIndexer.exe[1120] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00950C0C
.text C:\WINDOWS\system32\SearchIndexer.exe[1120] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00950E10
.text C:\WINDOWS\system32\SearchIndexer.exe[1120] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 009501F8
.text C:\WINDOWS\system32\SearchIndexer.exe[1120] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009503FC
.text C:\WINDOWS\system32\SearchIndexer.exe[1120] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00950600
.text C:\WINDOWS\system32\SearchIndexer.exe[1120] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 011F0804
.text C:\WINDOWS\system32\SearchIndexer.exe[1120] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 011F0A08
.text C:\WINDOWS\system32\SearchIndexer.exe[1120] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 011F0600
.text C:\WINDOWS\system32\SearchIndexer.exe[1120] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 011F01F8
.text C:\WINDOWS\system32\SearchIndexer.exe[1120] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 011F03FC
.text C:\WINDOWS\System32\svchost.exe[1136] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1288] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1436] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1436] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1436] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1488] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1488] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2012] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[2012] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2012] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[2012] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2012] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00B31014
.text C:\WINDOWS\System32\svchost.exe[2012] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00B30804
.text C:\WINDOWS\System32\svchost.exe[2012] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00B30A08
.text C:\WINDOWS\System32\svchost.exe[2012] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00B30C0C
.text C:\WINDOWS\System32\svchost.exe[2012] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00B30E10
.text C:\WINDOWS\System32\svchost.exe[2012] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00B301F8
.text C:\WINDOWS\System32\svchost.exe[2012] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00B303FC
.text C:\WINDOWS\System32\svchost.exe[2012] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00B30600
.text C:\WINDOWS\System32\alg.exe[2268] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[2268] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2268] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[2268] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\AOL\1295804831\ee\aolsoftware.exe[3032] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\AOL\1295804831\ee\aolsoftware.exe[3032] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\AOL\1295804831\ee\aolsoftware.exe[3032] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\AOL\1295804831\ee\aolsoftware.exe[3032] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\AOL\1295804831\ee\aolsoftware.exe[3032] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 01F01014
.text C:\Program Files\Common Files\AOL\1295804831\ee\aolsoftware.exe[3032] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 01F00804
.text C:\Program Files\Common Files\AOL\1295804831\ee\aolsoftware.exe[3032] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 01F00A08
.text C:\Program Files\Common Files\AOL\1295804831\ee\aolsoftware.exe[3032] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 01F00C0C
.text C:\Program Files\Common Files\AOL\1295804831\ee\aolsoftware.exe[3032] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 01F00E10
.text C:\Program Files\Common Files\AOL\1295804831\ee\aolsoftware.exe[3032] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 01F001F8
.text C:\Program Files\Common Files\AOL\1295804831\ee\aolsoftware.exe[3032] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 01F003FC
.text C:\Program Files\Common Files\AOL\1295804831\ee\aolsoftware.exe[3032] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 01F00600
.text C:\Program Files\Common Files\AOL\1295804831\ee\aolsoftware.exe[3032] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 01D60804
.text C:\Program Files\Common Files\AOL\1295804831\ee\aolsoftware.exe[3032] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01D60A08
.text C:\Program Files\Common Files\AOL\1295804831\ee\aolsoftware.exe[3032] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 01D60600
.text C:\Program Files\Common Files\AOL\1295804831\ee\aolsoftware.exe[3032] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 01D601F8
.text C:\Program Files\Common Files\AOL\1295804831\ee\aolsoftware.exe[3032] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 01D603FC
.text C:\WINDOWS\Explorer.EXE[3680] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[3680] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[3680] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[3680] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[3680] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00371014
.text C:\WINDOWS\Explorer.EXE[3680] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00370804
.text C:\WINDOWS\Explorer.EXE[3680] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00370A08
.text C:\WINDOWS\Explorer.EXE[3680] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00370C0C
.text C:\WINDOWS\Explorer.EXE[3680] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00370E10
.text C:\WINDOWS\Explorer.EXE[3680] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003701F8
.text C:\WINDOWS\Explorer.EXE[3680] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003703FC
.text C:\WINDOWS\Explorer.EXE[3680] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00370600
.text C:\WINDOWS\Explorer.EXE[3680] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 01F40804
.text C:\WINDOWS\Explorer.EXE[3680] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01F40A08
.text C:\WINDOWS\Explorer.EXE[3680] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 01F40600
.text C:\WINDOWS\Explorer.EXE[3680] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 01F401F8
.text C:\WINDOWS\Explorer.EXE[3680] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 01F403FC
.text E:\xr0j9qjh.exe[4112] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text E:\xr0j9qjh.exe[4112] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text E:\xr0j9qjh.exe[4112] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text E:\xr0j9qjh.exe[4112] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text E:\xr0j9qjh.exe[4112] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014
.text E:\xr0j9qjh.exe[4112] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804
.text E:\xr0j9qjh.exe[4112] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08
.text E:\xr0j9qjh.exe[4112] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C
.text E:\xr0j9qjh.exe[4112] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10
.text E:\xr0j9qjh.exe[4112] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8
.text E:\xr0j9qjh.exe[4112] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC
.text E:\xr0j9qjh.exe[4112] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600
.text E:\xr0j9qjh.exe[4112] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F0804
.text E:\xr0j9qjh.exe[4112] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003F0A08
.text E:\xr0j9qjh.exe[4112] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600
.text E:\xr0j9qjh.exe[4112] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8
.text E:\xr0j9qjh.exe[4112] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[4852] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[4852] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[4852] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[4852] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[4852] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 009B1014
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[4852] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 009B0804
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[4852] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 009B0A08
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[4852] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 009B0C0C
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[4852] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 009B0E10
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[4852] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 009B01F8
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[4852] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009B03FC
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[4852] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 009B0600
.text C:\Program Files\AOL 9.5\shellmon.exe[5172] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
.text C:\Program Files\AOL 9.5\shellmon.exe[5172] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AOL 9.5\shellmon.exe[5172] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
.text C:\Program Files\AOL 9.5\shellmon.exe[5172] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\AOL 9.5\shellmon.exe[5172] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 008F1014
.text C:\Program Files\AOL 9.5\shellmon.exe[5172] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 008F0804
.text C:\Program Files\AOL 9.5\shellmon.exe[5172] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 008F0A08
.text C:\Program Files\AOL 9.5\shellmon.exe[5172] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 008F0C0C
.text C:\Program Files\AOL 9.5\shellmon.exe[5172] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 008F0E10
.text C:\Program Files\AOL 9.5\shellmon.exe[5172] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 008F01F8
.text C:\Program Files\AOL 9.5\shellmon.exe[5172] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 008F03FC
.text C:\Program Files\AOL 9.5\shellmon.exe[5172] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 008F0600
.text C:\Program Files\AOL 9.5\shellmon.exe[5172] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00900804
.text C:\Program Files\AOL 9.5\shellmon.exe[5172] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00900A08
.text C:\Program Files\AOL 9.5\shellmon.exe[5172] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00900600
.text C:\Program Files\AOL 9.5\shellmon.exe[5172] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 009001F8
.text C:\Program Files\AOL 9.5\shellmon.exe[5172] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 009003FC
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5336] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5336] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[5380] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\ctfmon.exe[5380] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[5380] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\ctfmon.exe[5380] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[5380] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 009E1014
.text C:\WINDOWS\system32\ctfmon.exe[5380] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 009E0804
.text C:\WINDOWS\system32\ctfmon.exe[5380] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 009E0A08
.text C:\WINDOWS\system32\ctfmon.exe[5380] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 009E0C0C
.text C:\WINDOWS\system32\ctfmon.exe[5380] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 009E0E10
.text C:\WINDOWS\system32\ctfmon.exe[5380] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 009E01F8
.text C:\WINDOWS\system32\ctfmon.exe[5380] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009E03FC
.text C:\WINDOWS\system32\ctfmon.exe[5380] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 009E0600
.text C:\Program Files\AOL 9.5\waol.exe[5592] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 004A01F8
.text C:\Program Files\AOL 9.5\waol.exe[5592] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AOL 9.5\waol.exe[5592] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 004A03FC
.text C:\Program Files\AOL 9.5\waol.exe[5592] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\AOL 9.5\waol.exe[5592] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00AD1014
.text C:\Program Files\AOL 9.5\waol.exe[5592] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00AD0804
.text C:\Program Files\AOL 9.5\waol.exe[5592] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00AD0A08
.text C:\Program Files\AOL 9.5\waol.exe[5592] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00AD0C0C
.text C:\Program Files\AOL 9.5\waol.exe[5592] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00AD0E10
.text C:\Program Files\AOL 9.5\waol.exe[5592] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00AD01F8
.text C:\Program Files\AOL 9.5\waol.exe[5592] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00AD03FC
.text C:\Program Files\AOL 9.5\waol.exe[5592] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00AD0600
.text C:\Program Files\AOL 9.5\waol.exe[5592] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 04E90804
.text C:\Program Files\AOL 9.5\waol.exe[5592] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 04E90A08
.text C:\Program Files\AOL 9.5\waol.exe[5592] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 04E90600
.text C:\Program Files\AOL 9.5\waol.exe[5592] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 04E901F8
.text C:\Program Files\AOL 9.5\waol.exe[5592] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 04E903FC

---- Devices - GMER 1.0.15 ----

Device aswSP.SYS (avast! self protection module/AVAST Software)
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)

Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
I am sorry,but I can not find any thing that says browse or attachment section. thanks again

Edited by boopme, 07 November 2012 - 10:49 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:24 AM

Posted 07 November 2012 - 11:44 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 salguy

salguy
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 08 November 2012 - 07:15 PM

Hello Again Gringo The only way I can run roguekiller is from the stick.I can't get anything on the infected computer.It freezes up quickley.I have Results of screen317's Security Check version 0.99.54
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
ZoneAlarm Free Firewall
ZoneAlarm LTD Toolbar
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Secunia PSI (2.0.0.4003)
Malwarebytes Anti-Malware version 1.65.1.1000
CCleaner
Java 7 Update 7
Java version out of Date!
Adobe Reader X (10.1.4)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast setup avast.setup
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 5%
````````````````````End of Log``````````````````````
to run a scan as it is booting up. After each scan it freezes and I have to restart. thanks again for taking alook. Results of screen317's Security Check version 0.99.54
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
ZoneAlarm Free Firewall
ZoneAlarm LTD Toolbar
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Secunia PSI (2.0.0.4003)
Malwarebytes Anti-Malware version 1.65.1.1000
CCleaner
Java 7 Update 7
Java version out of Date!
Adobe Reader X (10.1.4)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast setup avast.setup
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 5%
````````````````````End of Log``````````````````````
Results of screen317's Security Check version 0.99.54
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
ZoneAlarm Free Firewall
ZoneAlarm LTD Toolbar
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Secunia PSI (2.0.0.4003)
Malwarebytes Anti-Malware version 1.65.1.1000
CCleaner
Java 7 Update 7
Java version out of Date!
Adobe Reader X (10.1.4)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast setup avast.setup
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 5%
````````````````````End of Log``````````````````````
# AdwCleaner v2.007 - Logfile created 11/08/2012 at 18:07:27
# Updated 06/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : SAL - 11BBTTEJHJ
# Boot Mode : Normal
# Running from : E:\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [4202 octets] - [29/10/2012 08:56:32]
AdwCleaner[R2].txt - [4826 octets] - [29/10/2012 17:12:31]
AdwCleaner[R3].txt - [4433 octets] - [31/10/2012 15:11:46]
AdwCleaner[R4].txt - [4493 octets] - [31/10/2012 15:12:11]
AdwCleaner[R5].txt - [4811 octets] - [06/11/2012 21:03:28]
AdwCleaner[S1].txt - [4653 octets] - [06/11/2012 21:03:54]
AdwCleaner[S2].txt - [1054 octets] - [08/11/2012 18:07:27]

########## EOF - C:\AdwCleaner[S2].txt - [1114 octets] ##########
Results of screen317's Security Check version 0.99.54
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
ZoneAlarm Free Firewall
ZoneAlarm LTD Toolbar
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Secunia PSI (2.0.0.4003)
Malwarebytes Anti-Malware version 1.65.1.1000
CCleaner
Java 7 Update 7
Java version out of Date!
Adobe Reader X (10.1.4)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast setup avast.setup
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 5%
````````````````````End of Log``````````````````````
# AdwCleaner v2.007 - Logfile created 11/08/2012 at 18:07:27
# Updated 06/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : SAL - 11BBTTEJHJ
# Boot Mode : Normal
# Running from : E:\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [4202 octets] - [29/10/2012 08:56:32]
AdwCleaner[R2].txt - [4826 octets] - [29/10/2012 17:12:31]
AdwCleaner[R3].txt - [4433 octets] - [31/10/2012 15:11:46]
AdwCleaner[R4].txt - [4493 octets] - [31/10/2012 15:12:11]
AdwCleaner[R5].txt - [4811 octets] - [06/11/2012 21:03:28]
AdwCleaner[S1].txt - [4653 octets] - [06/11/2012 21:03:54]
AdwCleaner[S2].txt - [1054 octets] - [08/11/2012 18:07:27]

########## EOF - C:\AdwCleaner[S2].txt - [1114 octets] ##########
RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : SAL [Admin rights]
Mode : Remove -- Date : 11/08/2012 18:48:52

Bad processes : 0

Registry Entries : 0

Particular Files / Folders:

Driver : [LOADED]

HOSTS File:
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: WDC WD800JD-75JNA0 +++++
--- User ---
[MBR] bb2464443a8a57fd83f3e7c28d9bf2d0
[BSP] ae203e84dcb456630d870d8f3155a2b5 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 16065 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 96390 | Size: 72645 Mo
2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 148890420 | Size: 3584 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Verbatim STORE N GO USB Device +++++
--- User ---
[MBR] f984950d2e9ec169a4a57b9e671c79ee
[BSP] ef3177ea6997481f5647d45aa222b26f : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 7632 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_11082012_02d1848.txt >>
RKreport[1]_S_11082012_02d1848.txt ; RKreport[2]_D_11082012_02d1848.txt

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:24 AM

Posted 08 November 2012 - 09:30 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 salguy

salguy
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 09 November 2012 - 06:56 PM

Thank you Gringo. It let me get online for the first time in long time. I ran combofix.I could not disable drweb. I wish I could. this thing will not die. thanks again. G
ComboFix 12-11-09.02 - SAL 11/09/2012 18:27:22.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.585 [GMT -5:00]
Running from: c:\documents and settings\SAL\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Doctor Web Anti-Virus *Enabled/Updated* {3454C8F1-ECBC-4180-A6F4-04632FBA762B}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\documents and settings\SAL\Application Data\HPSU_48BitScanUpdate.log
C:\drvrtmp
C:\prefs.js
c:\windows\EventSystem.log
c:\windows\system32\default_user_class.dat.LOG
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-09 to 2012-11-09 )))))))))))))))))))))))))))))))
.
.
2012-11-09 23:17 . 2012-11-09 23:17 -------- d-----w- c:\windows\LastGood
2012-11-07 03:24 . 2012-11-07 03:24 23552 ----a-w- c:\windows\system32\drivers\phooks.sys
2012-11-07 02:17 . 2012-11-07 02:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sun
2012-11-07 02:02 . 2012-11-07 02:02 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-11-06 00:02 . 2012-11-05 23:54 290304 ----a-w- C:\subinacl.exe
2012-11-05 23:57 . 2012-11-05 23:57 -------- d-----w- C:\RegBackup
2012-11-05 23:55 . 2012-11-06 00:14 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-11-05 13:58 . 2012-11-05 13:59 -------- d-----w- c:\documents and settings\SAL\Application Data\FixCleaner
2012-11-05 13:27 . 2012-11-05 13:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\FixCleaner
2012-11-05 01:32 . 2012-11-05 13:28 -------- d-----w- c:\program files\FixCleaner
2012-11-04 13:27 . 2012-11-04 13:27 -------- d-----w- c:\program files\CheckPoint
2012-11-04 13:07 . 2012-10-30 23:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-11-04 13:07 . 2012-10-30 23:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-11-04 13:06 . 2012-10-30 23:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-11-04 13:06 . 2012-10-30 23:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-11-04 13:06 . 2012-10-30 23:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-11-04 13:06 . 2012-10-30 23:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-11-04 13:06 . 2012-10-30 23:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-11-04 13:06 . 2012-10-30 23:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-11-04 13:06 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr
2012-11-04 13:06 . 2012-10-30 23:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-11-04 03:57 . 2012-11-09 23:27 -------- d-sh--w- C:\DrWeb Quarantine
2012-11-03 21:55 . 2012-11-03 23:10 -------- d-----w- c:\documents and settings\SAL\Doctor Web
2012-11-03 21:42 . 2012-11-03 21:42 57088 ----a-w- c:\windows\system32\drivers\dw_wfp.sys
2012-11-03 21:42 . 2012-11-03 21:42 167128 ----a-w- c:\windows\system32\drivers\spiderg3.sys
2012-11-03 21:41 . 2012-11-03 21:41 234240 ----a-w- c:\windows\system32\drivers\dwprot.sys
2012-11-03 21:41 . 2012-11-03 21:41 -------- d-----w- c:\program files\Common Files\Doctor Web
2012-11-03 21:41 . 2012-11-03 21:54 -------- d-----w- c:\program files\DrWeb
2012-11-03 21:41 . 2012-11-03 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Doctor Web
2012-11-01 20:44 . 2012-11-01 20:44 -------- d--h--w- c:\windows\PIF
2012-10-30 23:36 . 2012-10-30 23:36 -------- d-----w- c:\program files\ESET
2012-10-30 13:26 . 2012-10-30 13:26 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-10-29 20:53 . 2012-10-29 20:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2012-10-29 20:53 . 2012-10-29 20:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2012-10-29 20:53 . 2012-11-07 01:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-10-29 20:53 . 2012-10-29 20:53 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-10-29 13:58 . 2012-11-07 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-10-29 13:53 . 2012-10-29 22:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\LavasoftStatistics
2012-10-29 13:53 . 2012-10-29 13:53 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-10-29 13:52 . 2012-10-29 13:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations
2012-10-29 13:49 . 2012-11-07 03:14 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\adawarebp
2012-10-29 13:49 . 2012-10-29 15:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection
2012-10-29 02:10 . 2012-10-31 00:50 -------- d-----w- c:\program files\CCleaner
2012-10-27 15:49 . 2012-10-27 15:49 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-27 14:12 . 2012-10-27 14:12 -------- d-----w- c:\windows\system32\wbem\Repository
2012-10-27 02:15 . 2012-11-04 13:05 -------- d-----w- c:\program files\AVAST Software
2012-10-27 02:15 . 2012-11-04 13:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 12:19 . 2012-03-30 20:13 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 12:19 . 2011-11-14 14:56 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-30 00:54 . 2012-07-18 16:48 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-08 12:05 . 2012-09-08 12:05 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-08 12:05 . 2012-09-08 12:05 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-08 12:05 . 2012-07-04 01:07 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-08 12:05 . 2011-04-15 00:40 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-28 15:14 . 2002-09-03 17:12 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2002-09-03 16:39 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2002-09-03 16:35 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2002-09-03 17:12 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29 . 2002-09-03 16:50 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2002-08-29 01:04 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpIDerAgent"="c:\program files\DrWeb\spideragent.exe" [2012-11-03 7518560]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DrWebEngine]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^SAL^Start Menu^Programs^Startup^Secunia PSI.lnk]
path=c:\documents and settings\SAL\Start Menu\Programs\Startup\Secunia PSI.lnk
backup=c:\windows\pss\Secunia PSI.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Antivirus]
c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Browsing Protection]
2012-08-08 08:17 540056 ----a-w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-12-17 17:28 684032 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2009-10-28 14:38 50536 ----a-w- c:\progra~1\AOL9~1.5\aol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R380 Series]
2006-05-29 09:00 139264 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIBOA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCleaner]
2012-01-06 18:55 47658848 ----a-w- c:\program files\FixCleaner\FixCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2009-07-20 19:52 41264 ----a-w- c:\program files\Common Files\AOL\1295804831\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-10 00:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2006-01-06 19:07 188416 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2006-03-24 01:13 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2006-03-24 01:17 118784 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2006-03-24 01:17 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-09-30 00:54 981656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 19:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 13:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-11-07 01:35 4763008 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"DrWebNetFilter"=3 (0x3)
"DrWebEngine"=3 (0x3)
"DrWebAVService"=2 (0x2)
"SharedAccess"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1295804831\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
.
R0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [11/3/2012 4:41 PM 234240]
R0 phooks;phooks;c:\windows\system32\drivers\phooks.sys [11/6/2012 10:24 PM 23552]
R0 SpiderG3;DrWeb file system scanner;c:\windows\system32\drivers\spiderg3.sys [11/3/2012 4:42 PM 167128]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/4/2012 8:06 AM 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/4/2012 8:07 AM 361032]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [7/16/2012 5:31 PM 101720]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 1:54 PM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/4/2012 8:07 AM 21256]
R2 DrWebAVService;Dr.Web Control Service;c:\program files\DrWeb\dwservice.exe --loglevel=inf --logfile="c:\documents and settings\All Users\Application Data\Doctor Web\Logs\dwservice.log" --> c:\program files\DrWeb\dwservice.exe --loglevel=inf --logfile=c:\documents and settings\All Users\Application Data\Doctor Web\Logs\dwservice.log [?]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10/14/2011 1:01 AM 994360]
R3 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);c:\program files\Common Files\Doctor Web\Scanning Engine\dwengine.exe [11/3/2012 4:41 PM 1913680]
R3 DrWebNetFilter;Dr.Web Net Filtering Service;c:\program files\DrWeb\dwnetfilter.exe [11/3/2012 4:41 PM 2226528]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [2/27/2011 1:24 PM 406016]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - D005DDB9
*Deregistered* - D005DDB9
*Deregistered* - DrWebWfp
*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 12:20]
.
2012-11-09 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-11-04 23:50]
.
2012-11-05 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 8a539c99-0e93-4b00-a46a-3079e9a52085.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-11-07 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c11345c0-d409-401f-936b-34ad8a044912.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
IE: Check by Dr.Web - http://www.drweb.com/static/online/drweb-online-en.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{56F9679E-7826-4C84-81F3-532071A8BCC5} - (no file)
MSConfigStartUp-ISUSPM - c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
MSConfigStartUp-Windows Defender - c:\program files\Windows Defender\MSASCui.exe
AddRemove-{DE114695-AE58-4B66-8E0F-2505188602FB}_is1 - c:\program files\Startup Inspector for Windows\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-09 18:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
"ImagePath"="system32\drivers\dwprot.sys"
"Name"="ImagePath"
"ImagePath"="system32\drivers\dwprot.sys"
"Name"="ImagePath"
"Name"="ImagePath"
"ImagePath"="system32\drivers\dwprot.sys"
"Name"="ImagePath"
"Name"="ImagePath"
"Name"="ImagePath"
"ImagePath"="system32\drivers\dwprot.sys"
"Name"="ImagePath"
"Name"="ImagePath"
"Name"="ImagePath"
"Name"="ImagePath"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-776561741-1757981266-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b5,0d,0a,83,36,33,9b,4e,96,af,03,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,6b,47,d9,d4,11,41,4b,97,36,f9,\
.
Completion time: 2012-11-09 18:36:55
ComboFix-quarantined-files.txt 2012-11-09 23:36
.
Pre-Run: 62,353,498,112 bytes free
Post-Run: 62,742,417,408 bytes freeComboFix 12-11-09.02 - SAL 11/09/2012 18:27:22.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.585 [GMT -5:00]
Running from: c:\documents and settings\SAL\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Doctor Web Anti-Virus *Enabled/Updated* {3454C8F1-ECBC-4180-A6F4-04632FBA762B}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\documents and settings\SAL\Application Data\HPSU_48BitScanUpdate.log
C:\drvrtmp
C:\prefs.js
c:\windows\EventSystem.log
c:\windows\system32\default_user_class.dat.LOG
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-09 to 2012-11-09 )))))))))))))))))))))))))))))))
.
.
2012-11-09 23:17 . 2012-11-09 23:17 -------- d-----w- c:\windows\LastGood
2012-11-07 03:24 . 2012-11-07 03:24 23552 ----a-w- c:\windows\system32\drivers\phooks.sys
2012-11-07 02:17 . 2012-11-07 02:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sun
2012-11-07 02:02 . 2012-11-07 02:02 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-11-06 00:02 . 2012-11-05 23:54 290304 ----a-w- C:\subinacl.exe
2012-11-05 23:57 . 2012-11-05 23:57 -------- d-----w- C:\RegBackup
2012-11-05 23:55 . 2012-11-06 00:14 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-11-05 13:58 . 2012-11-05 13:59 -------- d-----w- c:\documents and settings\SAL\Application Data\FixCleaner
2012-11-05 13:27 . 2012-11-05 13:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\FixCleaner
2012-11-05 01:32 . 2012-11-05 13:28 -------- d-----w- c:\program files\FixCleaner
2012-11-04 13:27 . 2012-11-04 13:27 -------- d-----w- c:\program files\CheckPoint
2012-11-04 13:07 . 2012-10-30 23:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-11-04 13:07 . 2012-10-30 23:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-11-04 13:06 . 2012-10-30 23:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-11-04 13:06 . 2012-10-30 23:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-11-04 13:06 . 2012-10-30 23:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-11-04 13:06 . 2012-10-30 23:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-11-04 13:06 . 2012-10-30 23:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-11-04 13:06 . 2012-10-30 23:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-11-04 13:06 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr
2012-11-04 13:06 . 2012-10-30 23:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-11-04 03:57 . 2012-11-09 23:27 -------- d-sh--w- C:\DrWeb Quarantine
2012-11-03 21:55 . 2012-11-03 23:10 -------- d-----w- c:\documents and settings\SAL\Doctor Web
2012-11-03 21:42 . 2012-11-03 21:42 57088 ----a-w- c:\windows\system32\drivers\dw_wfp.sys
2012-11-03 21:42 . 2012-11-03 21:42 167128 ----a-w- c:\windows\system32\drivers\spiderg3.sys
2012-11-03 21:41 . 2012-11-03 21:41 234240 ----a-w- c:\windows\system32\drivers\dwprot.sys
2012-11-03 21:41 . 2012-11-03 21:41 -------- d-----w- c:\program files\Common Files\Doctor Web
2012-11-03 21:41 . 2012-11-03 21:54 -------- d-----w- c:\program files\DrWeb
2012-11-03 21:41 . 2012-11-03 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Doctor Web
2012-11-01 20:44 . 2012-11-01 20:44 -------- d--h--w- c:\windows\PIF
2012-10-30 23:36 . 2012-10-30 23:36 -------- d-----w- c:\program files\ESET
2012-10-30 13:26 . 2012-10-30 13:26 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-10-29 20:53 . 2012-10-29 20:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2012-10-29 20:53 . 2012-10-29 20:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2012-10-29 20:53 . 2012-11-07 01:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-10-29 20:53 . 2012-10-29 20:53 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-10-29 13:58 . 2012-11-07 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-10-29 13:53 . 2012-10-29 22:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\LavasoftStatistics
2012-10-29 13:53 . 2012-10-29 13:53 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-10-29 13:52 . 2012-10-29 13:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations
2012-10-29 13:49 . 2012-11-07 03:14 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\adawarebp
2012-10-29 13:49 . 2012-10-29 15:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection
2012-10-29 02:10 . 2012-10-31 00:50 -------- d-----w- c:\program files\CCleaner
2012-10-27 15:49 . 2012-10-27 15:49 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-27 14:12 . 2012-10-27 14:12 -------- d-----w- c:\windows\system32\wbem\Repository
2012-10-27 02:15 . 2012-11-04 13:05 -------- d-----w- c:\program files\AVAST Software
2012-10-27 02:15 . 2012-11-04 13:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 12:19 . 2012-03-30 20:13 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 12:19 . 2011-11-14 14:56 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-30 00:54 . 2012-07-18 16:48 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-08 12:05 . 2012-09-08 12:05 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-08 12:05 . 2012-09-08 12:05 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-08 12:05 . 2012-07-04 01:07 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-08 12:05 . 2011-04-15 00:40 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-28 15:14 . 2002-09-03 17:12 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2002-09-03 16:39 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2002-09-03 16:35 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2002-09-03 17:12 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29 . 2002-09-03 16:50 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2002-08-29 01:04 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpIDerAgent"="c:\program files\DrWeb\spideragent.exe" [2012-11-03 7518560]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DrWebEngine]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^SAL^Start Menu^Programs^Startup^Secunia PSI.lnk]
path=c:\documents and settings\SAL\Start Menu\Programs\Startup\Secunia PSI.lnk
backup=c:\windows\pss\Secunia PSI.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Antivirus]
c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Browsing Protection]
2012-08-08 08:17 540056 ----a-w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-12-17 17:28 684032 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2009-10-28 14:38 50536 ----a-w- c:\progra~1\AOL9~1.5\aol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R380 Series]
2006-05-29 09:00 139264 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIBOA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCleaner]
2012-01-06 18:55 47658848 ----a-w- c:\program files\FixCleaner\FixCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2009-07-20 19:52 41264 ----a-w- c:\program files\Common Files\AOL\1295804831\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-10 00:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2006-01-06 19:07 188416 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2006-03-24 01:13 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2006-03-24 01:17 118784 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2006-03-24 01:17 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-09-30 00:54 981656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 19:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 13:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-11-07 01:35 4763008 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"DrWebNetFilter"=3 (0x3)
"DrWebEngine"=3 (0x3)
"DrWebAVService"=2 (0x2)
"SharedAccess"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1295804831\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
.
R0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [11/3/2012 4:41 PM 234240]
R0 phooks;phooks;c:\windows\system32\drivers\phooks.sys [11/6/2012 10:24 PM 23552]
R0 SpiderG3;DrWeb file system scanner;c:\windows\system32\drivers\spiderg3.sys [11/3/2012 4:42 PM 167128]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/4/2012 8:06 AM 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/4/2012 8:07 AM 361032]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [7/16/2012 5:31 PM 101720]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 1:54 PM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/4/2012 8:07 AM 21256]
R2 DrWebAVService;Dr.Web Control Service;c:\program files\DrWeb\dwservice.exe --loglevel=inf --logfile="c:\documents and settings\All Users\Application Data\Doctor Web\Logs\dwservice.log" --> c:\program files\DrWeb\dwservice.exe --loglevel=inf --logfile=c:\documents and settings\All Users\Application Data\Doctor Web\Logs\dwservice.log [?]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10/14/2011 1:01 AM 994360]
R3 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);c:\program files\Common Files\Doctor Web\Scanning Engine\dwengine.exe [11/3/2012 4:41 PM 1913680]
R3 DrWebNetFilter;Dr.Web Net Filtering Service;c:\program files\DrWeb\dwnetfilter.exe [11/3/2012 4:41 PM 2226528]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [2/27/2011 1:24 PM 406016]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - D005DDB9
*Deregistered* - D005DDB9
*Deregistered* - DrWebWfp
*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 12:20]
.
2012-11-09 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-11-04 23:50]
.
2012-11-05 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 8a539c99-0e93-4b00-a46a-3079e9a52085.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-11-07 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c11345c0-d409-401f-936b-34ad8a044912.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
IE: Check by Dr.Web - http://www.drweb.com/static/online/drweb-online-en.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{56F9679E-7826-4C84-81F3-532071A8BCC5} - (no file)
MSConfigStartUp-ISUSPM - c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
MSConfigStartUp-Windows Defender - c:\program files\Windows Defender\MSASCui.exe
AddRemove-{DE114695-AE58-4B66-8E0F-2505188602FB}_is1 - c:\program files\Startup Inspector for Windows\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-09 18:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
"ImagePath"="system32\drivers\dwprot.sys"
"Name"="ImagePath"
"ImagePath"="system32\drivers\dwprot.sys"
"Name"="ImagePath"
"Name"="ImagePath"
"ImagePath"="system32\drivers\dwprot.sys"
"Name"="ImagePath"
"Name"="ImagePath"
"Name"="ImagePath"
"ImagePath"="system32\drivers\dwprot.sys"
"Name"="ImagePath"
"Name"="ImagePath"
"Name"="ImagePath"
"Name"="ImagePath"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-776561741-1757981266-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b5,0d,0a,83,36,33,9b,4e,96,af,03,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,6b,47,d9,d4,11,41,4b,97,36,f9,\
.
Completion time: 2012-11-09 18:36:55
ComboFix-quarantined-files.txt 2012-11-09 23:36
.
Pre-Run: 62,353,498,112 bytes free
Post-Run: 62,742,417,408 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect
.
- - End Of File - - 8230A6A67562E75D5FF9D917EF6A22FB

.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect
.
- - End Of File - - 8230A6A67562E75D5FF9D917EF6A22FB

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:24 AM

Posted 10 November 2012 - 02:07 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 salguy

salguy
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 10 November 2012 - 11:23 AM

Hello gringo thanks for reply It let me online sorta. top left it signed on but, I cannot go anywhere. double click on anything and it says navigation canceled. safe mode seems to work. I ran tdsskiller and aswmbr in regular mode.They both ran, and i got tdsskiller results tex ok. not so with aswmbr. I hit save log and it says not responding. it does it so many times. it just freezes and i have to button in to shut down.It worked in safe mode, thanks again .
09:49:32.0375 4800 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
09:49:34.0390 4800 ============================================================
09:49:34.0390 4800 Current date / time: 2012/11/10 09:49:34.0390
09:49:34.0406 4800 SystemInfo:
09:49:34.0406 4800
09:49:34.0406 4800 OS Version: 5.1.2600 ServicePack: 3.0
09:49:34.0406 4800 Product type: Workstation
09:49:34.0406 4800 ComputerName: 11BBTTEJHJ
09:49:34.0406 4800 UserName: SAL
09:49:34.0406 4800 Windows directory: C:\WINDOWS
09:49:34.0406 4800 System windows directory: C:\WINDOWS
09:49:34.0406 4800 Processor architecture: Intel x86
09:49:34.0406 4800 Number of processors: 1
09:49:34.0406 4800 Page size: 0x1000
09:49:34.0406 4800 Boot type: Normal boot
09:49:34.0406 4800 ============================================================
09:49:36.0343 4800 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:49:36.0359 4800 Drive \Device\Harddisk1\DR4 - Size: 0x1DD400000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:49:36.0359 4800 ============================================================
09:49:36.0359 4800 \Device\Harddisk0\DR0:
09:49:36.0359 4800 MBR partitions:
09:49:36.0359 4800 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x13986
09:49:36.0359 4800 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x8DE2BED
09:49:36.0359 4800 \Device\Harddisk1\DR4:
09:49:36.0359 4800 MBR partitions:
09:49:36.0359 4800 \Device\Harddisk1\DR4\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0xEE8080
09:49:36.0359 4800 ============================================================
09:49:36.0406 4800 C: <-> \Device\Harddisk0\DR0\Partition2
09:49:36.0437 4800 F: <-> \Device\Harddisk0\DR0\Partition1
09:49:36.0437 4800 ============================================================
09:49:36.0437 4800 Initialize success
09:49:36.0437 4800 ============================================================
09:49:42.0437 2808 ============================================================
09:49:42.0437 2808 Scan started
09:49:42.0437 2808 Mode: Manual;
09:49:42.0437 2808 ============================================================
09:49:42.0906 2808 ================ Scan system memory ========================
09:49:42.0921 2808 System memory - ok
09:49:42.0921 2808 ================ Scan services =============================
09:49:43.0031 2808 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
09:49:43.0031 2808 !SASCORE - ok
09:49:43.0218 2808 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
09:49:43.0234 2808 Aavmker4 - ok
09:49:43.0250 2808 Abiosdsk - ok
09:49:43.0250 2808 abp480n5 - ok
09:49:43.0296 2808 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:49:43.0312 2808 ACPI - ok
09:49:43.0343 2808 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
09:49:43.0359 2808 ACPIEC - ok
09:49:43.0437 2808 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:49:43.0453 2808 AdobeFlashPlayerUpdateSvc - ok
09:49:43.0453 2808 adpu160m - ok
09:49:43.0500 2808 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
09:49:43.0531 2808 aec - ok
09:49:43.0578 2808 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
09:49:43.0578 2808 AFD - ok
09:49:43.0593 2808 Aha154x - ok
09:49:43.0609 2808 aic78u2 - ok
09:49:43.0609 2808 aic78xx - ok
09:49:43.0640 2808 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
09:49:43.0656 2808 Alerter - ok
09:49:43.0671 2808 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
09:49:43.0687 2808 ALG - ok
09:49:43.0687 2808 AliIde - ok
09:49:43.0703 2808 amsint - ok
09:49:43.0828 2808 [ 85180CF88C5EBAD73B452A43A004CA51 ] AOL ACS C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
09:49:43.0828 2808 AOL ACS - ok
09:49:43.0843 2808 AppMgmt - ok
09:49:43.0843 2808 asc - ok
09:49:43.0859 2808 asc3350p - ok
09:49:43.0875 2808 asc3550 - ok
09:49:43.0953 2808 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:49:43.0968 2808 aspnet_state - ok
09:49:44.0000 2808 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
09:49:44.0000 2808 aswFsBlk - ok
09:49:44.0031 2808 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
09:49:44.0031 2808 aswMon2 - ok
09:49:44.0062 2808 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
09:49:44.0062 2808 AswRdr - ok
09:49:44.0109 2808 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
09:49:44.0140 2808 aswSnx - ok
09:49:44.0187 2808 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
09:49:44.0203 2808 aswSP - ok
09:49:44.0250 2808 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
09:49:44.0250 2808 aswTdi - ok
09:49:44.0281 2808 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:49:44.0281 2808 AsyncMac - ok
09:49:44.0328 2808 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
09:49:44.0328 2808 atapi - ok
09:49:44.0343 2808 Atdisk - ok
09:49:44.0390 2808 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:49:44.0390 2808 Atmarpc - ok
09:49:44.0421 2808 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
09:49:44.0437 2808 AudioSrv - ok
09:49:44.0484 2808 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
09:49:44.0484 2808 audstub - ok
09:49:44.0546 2808 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
09:49:44.0562 2808 avast! Antivirus - ok
09:49:44.0609 2808 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
09:49:44.0609 2808 Beep - ok
09:49:44.0671 2808 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
09:49:44.0765 2808 BITS - ok
09:49:44.0812 2808 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
09:49:44.0828 2808 Browser - ok
09:49:44.0953 2808 catchme - ok
09:49:44.0984 2808 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
09:49:44.0984 2808 cbidf2k - ok
09:49:45.0000 2808 cd20xrnt - ok
09:49:45.0062 2808 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
09:49:45.0062 2808 Cdaudio - ok
09:49:45.0093 2808 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
09:49:45.0109 2808 Cdfs - ok
09:49:45.0140 2808 [ 297ACC7D7C66EC86EE0B4EB5AF9A8FD3 ] Cdr4_xp C:\WINDOWS\system32\drivers\Cdr4_xp.sys
09:49:45.0156 2808 Cdr4_xp - ok
09:49:45.0171 2808 [ 5E31ABF467A6FD857710C0927C88EE4C ] Cdralw2k C:\WINDOWS\system32\drivers\Cdralw2k.sys
09:49:45.0171 2808 Cdralw2k - ok
09:49:45.0187 2808 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:49:45.0203 2808 Cdrom - ok
09:49:45.0218 2808 [ CFD81F2140193FC7F1812E6D6EAF6795 ] cdudf_xp C:\WINDOWS\system32\drivers\cdudf_xp.sys
09:49:45.0234 2808 cdudf_xp - ok
09:49:45.0234 2808 Changer - ok
09:49:45.0281 2808 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
09:49:45.0281 2808 CiSvc - ok
09:49:45.0312 2808 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
09:49:45.0328 2808 ClipSrv - ok
09:49:45.0359 2808 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:49:45.0390 2808 clr_optimization_v2.0.50727_32 - ok
09:49:45.0468 2808 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:49:45.0484 2808 clr_optimization_v4.0.30319_32 - ok
09:49:45.0484 2808 CmdIde - ok
09:49:45.0500 2808 COMSysApp - ok
09:49:45.0515 2808 Cpqarray - ok
09:49:45.0546 2808 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
09:49:45.0562 2808 CryptSvc - ok
09:49:45.0562 2808 dac2w2k - ok
09:49:45.0578 2808 dac960nt - ok
09:49:45.0640 2808 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
09:49:45.0734 2808 DcomLaunch - ok
09:49:45.0843 2808 [ 92AE26F2CAF4A67E24A0BA6DDF32CC3C ] DfSdkS C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
09:49:45.0859 2808 DfSdkS - ok
09:49:45.0906 2808 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
09:49:45.0921 2808 Dhcp - ok
09:49:45.0937 2808 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
09:49:45.0953 2808 Disk - ok
09:49:45.0968 2808 dmadmin - ok
09:49:46.0015 2808 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
09:49:46.0046 2808 dmboot - ok
09:49:46.0062 2808 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
09:49:46.0078 2808 dmio - ok
09:49:46.0109 2808 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
09:49:46.0125 2808 dmload - ok
09:49:46.0125 2808 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
09:49:46.0156 2808 dmserver - ok
09:49:46.0187 2808 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
09:49:46.0203 2808 DMusic - ok
09:49:46.0234 2808 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
09:49:46.0265 2808 Dnscache - ok
09:49:46.0312 2808 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
09:49:46.0328 2808 Dot3svc - ok
09:49:46.0359 2808 [ 3E4B043F8BC6BE1D4820CC6C9C500306 ] dot4 C:\WINDOWS\system32\DRIVERS\Dot4.sys
09:49:46.0375 2808 dot4 - ok
09:49:46.0406 2808 [ 77CE63A8A34AE23D9FE4C7896D1DEBE7 ] Dot4Print C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
09:49:46.0421 2808 Dot4Print - ok
09:49:46.0437 2808 [ 6EC3AF6BB5B30E488A0C559921F012E1 ] dot4usb C:\WINDOWS\system32\DRIVERS\dot4usb.sys
09:49:46.0437 2808 dot4usb - ok
09:49:46.0453 2808 dpti2o - ok
09:49:46.0484 2808 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
09:49:46.0500 2808 drmkaud - ok
09:49:46.0531 2808 DrWebAVService - ok
09:49:46.0671 2808 [ 5EB07FF90D62118EE9EDE7FD340C0FBD ] DrWebEngine C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
09:49:46.0687 2808 DrWebEngine - ok
09:49:46.0796 2808 [ 8607AB3FE9D2FE62D41A3C1D47A2FE97 ] DrWebNetFilter C:\Program Files\DrWeb\dwnetfilter.exe
09:49:48.0437 2808 DrWebNetFilter - ok
09:49:48.0484 2808 [ 1BC7749882D02EFC24E881E2C1B22297 ] DrWebWfp C:\WINDOWS\system32\drivers\dw_wfp.sys
09:49:48.0500 2808 DrWebWfp - ok
09:49:48.0531 2808 [ 677829F7010768EEEED8D0083E510DAB ] dvd_2K C:\WINDOWS\system32\drivers\dvd_2K.sys
09:49:48.0546 2808 dvd_2K - ok
09:49:48.0578 2808 [ 6D8B3BB5796A0BBDF67F22D9E74FF02C ] DwProt C:\WINDOWS\system32\drivers\dwprot.sys
09:49:48.0593 2808 DwProt - ok
09:49:48.0640 2808 [ D57A8FC800B501AC05B10D00F66D127A ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
09:49:48.0640 2808 E100B - ok
09:49:48.0687 2808 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
09:49:48.0703 2808 EapHost - ok
09:49:48.0734 2808 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
09:49:48.0734 2808 ERSvc - ok
09:49:48.0734 2808 esgiguard - ok
09:49:48.0781 2808 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
09:49:48.0812 2808 Eventlog - ok
09:49:48.0859 2808 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
09:49:48.0859 2808 EventSystem - ok
09:49:48.0906 2808 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
09:49:48.0906 2808 Fastfat - ok
09:49:48.0937 2808 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
09:49:49.0031 2808 FastUserSwitchingCompatibility - ok
09:49:49.0062 2808 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
09:49:49.0062 2808 Fdc - ok
09:49:49.0093 2808 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
09:49:49.0093 2808 Fips - ok
09:49:49.0140 2808 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:49:49.0187 2808 Flpydisk - ok
09:49:49.0218 2808 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
09:49:49.0218 2808 FltMgr - ok
09:49:49.0281 2808 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:49:49.0296 2808 FontCache3.0.0.0 - ok
09:49:49.0312 2808 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:49:49.0328 2808 Fs_Rec - ok
09:49:49.0343 2808 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:49:49.0343 2808 Ftdisk - ok
09:49:49.0390 2808 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:49:49.0406 2808 Gpc - ok
09:49:49.0484 2808 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:49:49.0484 2808 helpsvc - ok
09:49:49.0500 2808 HidServ - ok
09:49:49.0515 2808 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:49:49.0531 2808 hidusb - ok
09:49:49.0562 2808 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
09:49:49.0578 2808 hkmsvc - ok
09:49:49.0593 2808 hpn - ok
09:49:49.0625 2808 [ 9F1D80908658EB7F1BF70809E0B51470 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
09:49:49.0625 2808 HPZid412 - ok
09:49:49.0656 2808 [ F7E3E9D50F9CD3DE28085A8FDAA0A1C3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
09:49:49.0656 2808 HPZipr12 - ok
09:49:49.0687 2808 [ CF1B7951B4EC8D13F3C93B74BB2B461B ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
09:49:49.0703 2808 HPZius12 - ok
09:49:49.0750 2808 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
09:49:49.0765 2808 HTTP - ok
09:49:49.0796 2808 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
09:49:49.0843 2808 HTTPFilter - ok
09:49:49.0843 2808 i2omgmt - ok
09:49:49.0859 2808 i2omp - ok
09:49:49.0875 2808 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:49:49.0890 2808 i8042prt - ok
09:49:49.0968 2808 [ 0F0194C4B635C10C3F785E4FEE52D641 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
09:49:50.0015 2808 ialm - ok
09:49:50.0078 2808 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:49:50.0109 2808 idsvc - ok
09:49:50.0140 2808 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
09:49:50.0140 2808 Imapi - ok
09:49:50.0187 2808 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
09:49:50.0218 2808 ImapiService - ok
09:49:50.0234 2808 ini910u - ok
09:49:50.0250 2808 IntelIde - ok
09:49:50.0281 2808 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:49:50.0281 2808 intelppm - ok
09:49:50.0312 2808 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
09:49:50.0312 2808 ip6fw - ok
09:49:50.0359 2808 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:49:50.0359 2808 IpFilterDriver - ok
09:49:50.0375 2808 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:49:50.0390 2808 IpInIp - ok
09:49:50.0421 2808 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:49:50.0437 2808 IpNat - ok
09:49:50.0484 2808 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:49:50.0484 2808 IPSec - ok
09:49:50.0515 2808 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
09:49:50.0531 2808 IRENUM - ok
09:49:50.0578 2808 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:49:50.0578 2808 isapnp - ok
09:49:50.0703 2808 [ A12175F063302CD68F8FC6D572D7E5FD ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
09:49:50.0703 2808 JavaQuickStarterService - ok
09:49:50.0718 2808 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:49:50.0734 2808 Kbdclass - ok
09:49:50.0781 2808 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:49:50.0796 2808 kbdhid - ok
09:49:50.0812 2808 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
09:49:50.0828 2808 kmixer - ok
09:49:50.0859 2808 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
09:49:50.0875 2808 KSecDD - ok
09:49:50.0937 2808 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
09:49:51.0000 2808 lanmanserver - ok
09:49:51.0015 2808 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
09:49:51.0078 2808 lanmanworkstation - ok
09:49:51.0078 2808 Lavasoft Kernexplorer - ok
09:49:51.0093 2808 Lbd - ok
09:49:51.0093 2808 lbrtfdc - ok
09:49:51.0156 2808 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
09:49:51.0187 2808 LmHosts - ok
09:49:51.0218 2808 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
09:49:51.0250 2808 Messenger - ok
09:49:51.0265 2808 [ 9B90303A9C9405A6CE1466FF4AA20FDD ] mmc_2K C:\WINDOWS\system32\drivers\mmc_2K.sys
09:49:51.0281 2808 mmc_2K - ok
09:49:51.0296 2808 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
09:49:51.0296 2808 mnmdd - ok
09:49:51.0328 2808 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
09:49:51.0375 2808 mnmsrvc - ok
09:49:51.0406 2808 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
09:49:51.0406 2808 Modem - ok
09:49:51.0437 2808 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:49:51.0453 2808 Mouclass - ok
09:49:51.0453 2808 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
09:49:51.0468 2808 MountMgr - ok
09:49:51.0468 2808 mraid35x - ok
09:49:51.0500 2808 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:49:51.0500 2808 MRxDAV - ok
09:49:51.0546 2808 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:49:51.0562 2808 MRxSmb - ok
09:49:51.0593 2808 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
09:49:51.0625 2808 MSDTC - ok
09:49:51.0656 2808 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
09:49:51.0671 2808 Msfs - ok
09:49:51.0671 2808 MSIServer - ok
09:49:51.0718 2808 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:49:51.0718 2808 MSKSSRV - ok
09:49:51.0750 2808 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:49:51.0765 2808 MSPCLOCK - ok
09:49:51.0828 2808 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
09:49:51.0828 2808 MSPQM - ok
09:49:51.0875 2808 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:49:51.0890 2808 mssmbios - ok
09:49:51.0921 2808 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
09:49:51.0921 2808 Mup - ok
09:49:51.0968 2808 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
09:49:52.0046 2808 napagent - ok
09:49:52.0093 2808 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
09:49:52.0109 2808 NDIS - ok
09:49:52.0156 2808 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:49:52.0171 2808 NdisTapi - ok
09:49:52.0187 2808 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:49:52.0187 2808 Ndisuio - ok
09:49:52.0203 2808 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:49:52.0218 2808 NdisWan - ok
09:49:52.0250 2808 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
09:49:52.0265 2808 NDProxy - ok
09:49:52.0265 2808 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
09:49:52.0281 2808 NetBIOS - ok
09:49:52.0312 2808 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
09:49:52.0328 2808 NetBT - ok
09:49:52.0359 2808 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
09:49:52.0406 2808 NetDDE - ok
09:49:52.0406 2808 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
09:49:52.0453 2808 NetDDEdsdm - ok
09:49:52.0484 2808 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
09:49:52.0515 2808 Netlogon - ok
09:49:52.0578 2808 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
09:49:52.0625 2808 Netman - ok
09:49:52.0734 2808 [ 02D0798F376FCBD0210EDA58476D0B1B ] NetSvc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
09:49:52.0734 2808 NetSvc - ok
09:49:52.0765 2808 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:49:52.0781 2808 NetTcpPortSharing - ok
09:49:52.0828 2808 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
09:49:52.0890 2808 Nla - ok
09:49:52.0906 2808 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
09:49:52.0921 2808 Npfs - ok
09:49:52.0953 2808 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
09:49:52.0984 2808 Ntfs - ok
09:49:53.0000 2808 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
09:49:53.0046 2808 NtLmSsp - ok
09:49:53.0078 2808 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
09:49:53.0140 2808 NtmsSvc - ok
09:49:53.0171 2808 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
09:49:53.0187 2808 Null - ok
09:49:53.0218 2808 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:49:53.0234 2808 NwlnkFlt - ok
09:49:53.0250 2808 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:49:53.0265 2808 NwlnkFwd - ok
09:49:53.0296 2808 [ CEC7E2C6C1FA00C7AB2F5434F848AE51 ] OMCI C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
09:49:53.0312 2808 OMCI - ok
09:49:53.0359 2808 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
09:49:53.0375 2808 Parport - ok
09:49:53.0390 2808 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
09:49:53.0406 2808 PartMgr - ok
09:49:53.0437 2808 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
09:49:53.0453 2808 ParVdm - ok
09:49:53.0484 2808 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
09:49:53.0500 2808 PCI - ok
09:49:53.0515 2808 PCIDump - ok
09:49:53.0515 2808 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
09:49:53.0531 2808 PCIIde - ok
09:49:53.0546 2808 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
09:49:53.0562 2808 Pcmcia - ok
09:49:53.0578 2808 PDCOMP - ok
09:49:53.0593 2808 PDFRAME - ok
09:49:53.0593 2808 PDRELI - ok
09:49:53.0609 2808 PDRFRAME - ok
09:49:53.0625 2808 perc2 - ok
09:49:53.0625 2808 perc2hib - ok
09:49:53.0656 2808 PfModNT - ok
09:49:53.0687 2808 [ BF017D9A12D049FDE1591F9F96C63431 ] phooks C:\WINDOWS\system32\drivers\phooks.sys
09:49:53.0703 2808 phooks - ok
09:49:53.0734 2808 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
09:49:53.0796 2808 PlugPlay - ok
09:49:53.0843 2808 [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
09:49:53.0859 2808 Pml Driver HPZ12 - ok
09:49:53.0875 2808 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
09:49:53.0906 2808 PolicyAgent - ok
09:49:53.0937 2808 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:49:53.0953 2808 PptpMiniport - ok
09:49:53.0968 2808 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
09:49:53.0984 2808 Processor - ok
09:49:54.0000 2808 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
09:49:54.0046 2808 ProtectedStorage - ok
09:49:54.0046 2808 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
09:49:54.0078 2808 PSched - ok
09:49:54.0093 2808 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\WINDOWS\system32\DRIVERS\psi_mf.sys
09:49:54.0109 2808 PSI - ok
09:49:54.0125 2808 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:49:54.0140 2808 Ptilink - ok
09:49:54.0171 2808 [ D8B90616A8BD53DE281DBDB664C0984A ] pwd_2k C:\WINDOWS\system32\drivers\pwd_2k.sys
09:49:54.0203 2808 pwd_2k - ok
09:49:54.0234 2808 [ 7C81AE3C9B82BA2DA437ED4D31BC56CF ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:49:54.0250 2808 PxHelp20 - ok
09:49:54.0265 2808 ql1080 - ok
09:49:54.0265 2808 Ql10wnt - ok
09:49:54.0281 2808 ql12160 - ok
09:49:54.0296 2808 ql1240 - ok
09:49:54.0296 2808 ql1280 - ok
09:49:54.0328 2808 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:49:54.0343 2808 RasAcd - ok
09:49:54.0390 2808 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
09:49:54.0453 2808 RasAuto - ok
09:49:54.0453 2808 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:49:54.0468 2808 Rasl2tp - ok
09:49:54.0515 2808 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
09:49:54.0593 2808 RasMan - ok
09:49:54.0609 2808 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:49:54.0625 2808 RasPppoe - ok
09:49:54.0625 2808 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
09:49:54.0640 2808 Raspti - ok
09:49:54.0671 2808 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:49:54.0703 2808 Rdbss - ok
09:49:54.0718 2808 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:49:54.0734 2808 RDPCDD - ok
09:49:54.0812 2808 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
09:49:54.0828 2808 RDPWD - ok
09:49:54.0859 2808 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
09:49:54.0921 2808 RDSessMgr - ok
09:49:54.0953 2808 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
09:49:54.0968 2808 redbook - ok
09:49:55.0015 2808 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
09:49:55.0062 2808 RemoteAccess - ok
09:49:55.0093 2808 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
09:49:55.0125 2808 RpcLocator - ok
09:49:55.0171 2808 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
09:49:55.0250 2808 RpcSs - ok
09:49:55.0296 2808 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
09:49:55.0375 2808 RSVP - ok
09:49:55.0390 2808 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
09:49:55.0437 2808 SamSs - ok
09:49:55.0468 2808 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
09:49:55.0468 2808 SASDIFSV - ok
09:49:55.0484 2808 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
09:49:55.0484 2808 SASKUTIL - ok
09:49:55.0531 2808 [ 0505DA5D357F18A5D42FC5DEDE6BC9A0 ] SBRE C:\WINDOWS\system32\drivers\SBREdrv.sys
09:49:55.0546 2808 SBRE - ok
09:49:55.0578 2808 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
09:49:55.0859 2808 SCardSvr - ok
09:49:55.0875 2808 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
09:49:56.0093 2808 Schedule - ok
09:49:56.0140 2808 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:49:56.0187 2808 Secdrv - ok
09:49:56.0218 2808 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
09:49:56.0375 2808 seclogon - ok
09:49:56.0484 2808 [ 5B66DB4877BBAC9F7493AA8D84421E49 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
09:49:56.0531 2808 Secunia PSI Agent - ok
09:49:56.0593 2808 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
09:49:56.0640 2808 senfilt - ok
09:49:56.0703 2808 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
09:49:56.0828 2808 SENS - ok
09:49:56.0843 2808 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
09:49:56.0875 2808 serenum - ok
09:49:56.0906 2808 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
09:49:56.0937 2808 Serial - ok
09:49:57.0000 2808 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
09:49:57.0031 2808 Sfloppy - ok
09:49:57.0093 2808 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
09:49:57.0171 2808 SharedAccess - ok
09:49:57.0187 2808 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
09:49:57.0296 2808 ShellHWDetection - ok
09:49:57.0296 2808 Simbad - ok
09:49:57.0359 2808 [ C6D9959E493682F872A639B6EC1B4A08 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
09:49:57.0390 2808 smwdm - ok
09:49:57.0390 2808 Sparrow - ok
09:49:57.0453 2808 [ 8B3A572549B39824C69C12199F69DA5D ] SpiderG3 C:\WINDOWS\system32\drivers\spiderg3.sys
09:49:57.0468 2808 SpiderG3 - ok
09:49:57.0484 2808 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
09:49:57.0500 2808 splitter - ok
09:49:57.0531 2808 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
09:49:57.0578 2808 Spooler - ok
09:49:57.0593 2808 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
09:49:57.0609 2808 sr - ok
09:49:57.0640 2808 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
09:49:57.0718 2808 srservice - ok
09:49:57.0765 2808 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
09:49:57.0781 2808 Srv - ok
09:49:57.0828 2808 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
09:49:57.0875 2808 SSDPSRV - ok
09:49:57.0921 2808 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
09:49:57.0984 2808 stisvc - ok
09:49:58.0031 2808 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
09:49:58.0046 2808 swenum - ok
09:49:58.0062 2808 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
09:49:58.0078 2808 swmidi - ok
09:49:58.0093 2808 SwPrv - ok
09:49:58.0093 2808 symc810 - ok
09:49:58.0109 2808 symc8xx - ok
09:49:58.0125 2808 sym_hi - ok
09:49:58.0125 2808 sym_u3 - ok
09:49:58.0140 2808 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
09:49:58.0156 2808 sysaudio - ok
09:49:58.0203 2808 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
09:49:58.0250 2808 SysmonLog - ok
09:49:58.0281 2808 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
09:49:58.0343 2808 TapiSrv - ok
09:49:58.0406 2808 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:49:58.0437 2808 Tcpip - ok
09:49:58.0468 2808 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
09:49:58.0484 2808 TDPIPE - ok
09:49:58.0515 2808 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
09:49:58.0531 2808 TDTCP - ok
09:49:58.0546 2808 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
09:49:58.0562 2808 TermDD - ok
09:49:58.0593 2808 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
09:49:58.0656 2808 TermService - ok
09:49:58.0671 2808 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
09:49:58.0718 2808 Themes - ok
09:49:58.0734 2808 TosIde - ok
09:49:58.0765 2808 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
09:49:58.0812 2808 TrkWks - ok
09:49:58.0828 2808 [ 4E75005B74BE901C30F2636DF40B0C15 ] UdfReadr_xp C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
09:49:58.0859 2808 UdfReadr_xp - ok
09:49:58.0890 2808 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
09:49:58.0906 2808 Udfs - ok
09:49:58.0921 2808 ultra - ok
09:49:58.0968 2808 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
09:49:59.0000 2808 Update - ok
09:49:59.0046 2808 [ 325FB38C323C63C7F57885B4DFB1B91E ] UPHClean C:\Program Files\UPHClean\uphclean.exe
09:49:59.0062 2808 UPHClean - ok
09:49:59.0093 2808 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
09:49:59.0156 2808 upnphost - ok
09:49:59.0171 2808 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
09:49:59.0234 2808 UPS - ok
09:49:59.0265 2808 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:49:59.0281 2808 usbccgp - ok
09:49:59.0312 2808 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:49:59.0328 2808 usbehci - ok
09:49:59.0343 2808 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:49:59.0359 2808 usbhub - ok
09:49:59.0390 2808 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:49:59.0406 2808 usbprint - ok
09:49:59.0406 2808 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:49:59.0437 2808 usbscan - ok
09:49:59.0437 2808 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:49:59.0453 2808 USBSTOR - ok
09:49:59.0500 2808 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:49:59.0515 2808 usbuhci - ok
09:49:59.0531 2808 [ BEE793D4A059CAEA55D6AC20E19B3A8F ] USB_RNDIS_XP C:\WINDOWS\system32\DRIVERS\usb8023.sys
09:49:59.0546 2808 USB_RNDIS_XP - ok
09:49:59.0578 2808 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
09:49:59.0593 2808 VgaSave - ok
09:49:59.0593 2808 ViaIde - ok
09:49:59.0609 2808 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
09:49:59.0640 2808 VolSnap - ok
09:49:59.0671 2808 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
09:49:59.0750 2808 VSS - ok
09:49:59.0781 2808 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
09:49:59.0843 2808 W32Time - ok
09:49:59.0875 2808 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:49:59.0890 2808 Wanarp - ok
09:49:59.0937 2808 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys
09:49:59.0953 2808 wanatw - ok
09:49:59.0953 2808 WDICA - ok
09:50:00.0015 2808 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
09:50:00.0031 2808 wdmaud - ok
09:50:00.0046 2808 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
09:50:00.0125 2808 WebClient - ok
09:50:00.0218 2808 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
09:50:00.0234 2808 winmgmt - ok
09:50:00.0281 2808 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
09:50:00.0312 2808 WmdmPmSN - ok
09:50:00.0343 2808 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
09:50:00.0359 2808 WmiApSrv - ok
09:50:00.0421 2808 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
09:50:00.0453 2808 WMPNetworkSvc - ok
09:50:00.0515 2808 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:50:00.0578 2808 WPFFontCache_v0400 - ok
09:50:00.0593 2808 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:50:00.0609 2808 WS2IFSL - ok
09:50:00.0640 2808 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
09:50:00.0718 2808 wscsvc - ok
09:50:00.0734 2808 WSearch - ok
09:50:00.0765 2808 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
09:50:00.0781 2808 wuauserv - ok
09:50:00.0828 2808 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:50:01.0031 2808 WudfPf - ok
09:50:01.0031 2808 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:50:01.0062 2808 WudfRd - ok
09:50:01.0093 2808 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
09:50:01.0109 2808 WudfSvc - ok
09:50:01.0156 2808 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
09:50:01.0187 2808 WZCSVC - ok
09:50:01.0234 2808 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
09:50:01.0250 2808 xmlprov - ok
09:50:01.0265 2808 ================ Scan global ===============================
09:50:01.0296 2808 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
09:50:01.0359 2808 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
09:50:01.0390 2808 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
09:50:01.0421 2808 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
09:50:01.0421 2808 [Global] - ok
09:50:01.0437 2808 ================ Scan MBR ==================================
09:50:01.0453 2808 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
09:50:01.0640 2808 \Device\Harddisk0\DR0 - ok
09:50:01.0890 2808 [ 65E858A8A0293BE11A920B0BC99D695E ] \Device\Harddisk1\DR4
09:50:02.0687 2808 \Device\Harddisk1\DR4 - ok
09:50:02.0703 2808 ================ Scan VBR ==================================
09:50:02.0718 2808 [ D28F67985EE6E76B29570EAC5AAD5408 ] \Device\Harddisk0\DR0\Partition1
09:50:02.0718 2808 \Device\Harddisk0\DR0\Partition1 - ok
09:50:02.0734 2808 [ 75F3B9179C5D8994BB20DCF6169A224B ] \Device\Harddisk0\DR0\Partition2
09:50:02.0734 2808 \Device\Harddisk0\DR0\Partition2 - ok
09:50:02.0734 2808 [ 9B1362D5A4F1A98A0F4AB4F114B12D82 ] \Device\Harddisk1\DR4\Partition1
09:50:02.0734 2808 \Device\Harddisk1\DR4\Partition1 - ok
09:50:02.0734 2808 ============================================================
09:50:02.0734 2808 Scan finished
09:50:02.0734 2808 ============================================================
09:50:02.0750 1576 Detected object count: 0
09:50:02.0750 1576 Actual detected object count: 0
09:52:46.0734 5280 Deinitialize success

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-10 10:53:52
-----------------------------
10:53:52.796 OS Version: Windows 5.1.2600 Service Pack 3
10:53:52.796 Number of processors: 1 586 0x401
10:53:52.796 ComputerName: 11BBTTEJHJ UserName: SAL
10:53:53.031 Initialize success
10:53:55.078 AVAST engine defs: 12110900
10:54:09.359 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
10:54:09.359 Disk 0 Vendor: WDC_WD800JD-75JNA0 05.01C05 Size: 76293MB BusType: 3
10:54:09.390 Disk 0 MBR read successfully
10:54:09.406 Disk 0 MBR scan
10:54:09.937 Disk 0 Windows XP default MBR code
10:54:09.953 Disk 0 Partition - 00 05 Extended 39 MB offset 16065
10:54:09.984 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 72645 MB offset 96390
10:54:10.593 Disk 0 Partition 2 00 DB CP/M / CTOS MSWIN4.1 3584 MB offset 148890420
10:54:10.812 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 39 MB offset 16128
10:54:10.921 Disk 0 scanning sectors +156232125
10:54:11.171 Disk 0 scanning C:\WINDOWS\system32\drivers
10:54:28.250 Service scanning
10:54:45.421 Modules scanning
10:54:51.265 Disk 0 trace - called modules:
10:54:51.343 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
10:54:51.390 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86390ab8]
10:54:51.437 3 CLASSPNP.SYS[f764dfd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x86359b00]
10:54:51.734 AVAST engine scan C:\WINDOWS
10:54:56.265 AVAST engine scan C:\WINDOWS\system32
10:57:02.093 AVAST engine scan C:\WINDOWS\system32\drivers
10:57:16.859 AVAST engine scan C:\Documents and Settings\SAL
10:59:24.875 AVAST engine scan C:\Documents and Settings\All Users
11:00:22.937 Scan finished successfully
11:00:46.218 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
11:00:46.250 The log file has been saved successfully to "E:\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:24 AM

Posted 10 November 2012 - 12:00 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 salguy

salguy
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 10 November 2012 - 02:15 PM

Hi Gringo Thanks again I had to run this in safe mode. One change seems to bring me to a different site then I clicked on. not often. Thank you
ClearJavaCache::

ComboFix 12-11-09.02 - SAL 11/10/2012 13:51:02.2.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.755 [GMT -5:00]
Running from: c:\documents and settings\SAL\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\SAL\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Doctor Web Anti-Virus *Enabled/Updated* {3454C8F1-ECBC-4180-A6F4-04632FBA762B}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-10 to 2012-11-10 )))))))))))))))))))))))))))))))
.
.
2012-11-07 03:24 . 2012-11-07 03:24 23552 ----a-w- c:\windows\system32\drivers\phooks.sys
2012-11-07 02:17 . 2012-11-07 02:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sun
2012-11-07 02:02 . 2012-11-07 02:02 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-11-06 00:02 . 2012-11-05 23:54 290304 ----a-w- C:\subinacl.exe
2012-11-05 23:57 . 2012-11-05 23:57 -------- d-----w- C:\RegBackup
2012-11-05 23:55 . 2012-11-06 00:14 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-11-05 13:58 . 2012-11-05 13:59 -------- d-----w- c:\documents and settings\SAL\Application Data\FixCleaner
2012-11-05 13:27 . 2012-11-05 13:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\FixCleaner
2012-11-05 01:32 . 2012-11-05 13:28 -------- d-----w- c:\program files\FixCleaner
2012-11-04 13:27 . 2012-11-04 13:27 -------- d-----w- c:\program files\CheckPoint
2012-11-04 13:07 . 2012-10-30 23:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-11-04 13:07 . 2012-10-30 23:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-11-04 13:06 . 2012-10-30 23:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-11-04 13:06 . 2012-10-30 23:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-11-04 13:06 . 2012-10-30 23:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-11-04 13:06 . 2012-10-30 23:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-11-04 13:06 . 2012-10-30 23:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-11-04 13:06 . 2012-10-30 23:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-11-04 13:06 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr
2012-11-04 13:06 . 2012-10-30 23:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-11-04 03:57 . 2012-11-09 23:27 -------- d-sh--w- C:\DrWeb Quarantine
2012-11-03 21:55 . 2012-11-03 23:10 -------- d-----w- c:\documents and settings\SAL\Doctor Web
2012-11-03 21:42 . 2012-11-03 21:42 57088 ----a-w- c:\windows\system32\drivers\dw_wfp.sys
2012-11-03 21:42 . 2012-11-03 21:42 167128 ----a-w- c:\windows\system32\drivers\spiderg3.sys
2012-11-03 21:41 . 2012-11-03 21:41 234240 ----a-w- c:\windows\system32\drivers\dwprot.sys
2012-11-03 21:41 . 2012-11-03 21:41 -------- d-----w- c:\program files\Common Files\Doctor Web
2012-11-03 21:41 . 2012-11-03 21:54 -------- d-----w- c:\program files\DrWeb
2012-11-03 21:41 . 2012-11-03 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Doctor Web
2012-11-01 20:44 . 2012-11-01 20:44 -------- d--h--w- c:\windows\PIF
2012-10-30 23:36 . 2012-10-30 23:36 -------- d-----w- c:\program files\ESET
2012-10-30 13:26 . 2012-10-30 13:26 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-10-29 20:53 . 2012-10-29 20:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2012-10-29 20:53 . 2012-10-29 20:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2012-10-29 20:53 . 2012-11-07 01:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-10-29 20:53 . 2012-10-29 20:53 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-10-29 13:58 . 2012-11-07 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-10-29 13:53 . 2012-10-29 22:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\LavasoftStatistics
2012-10-29 13:53 . 2012-10-29 13:53 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-10-29 13:52 . 2012-10-29 13:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations
2012-10-29 13:49 . 2012-11-07 03:14 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\adawarebp
2012-10-29 13:49 . 2012-10-29 15:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection
2012-10-29 02:10 . 2012-10-31 00:50 -------- d-----w- c:\program files\CCleaner
2012-10-27 15:49 . 2012-10-27 15:49 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-27 14:12 . 2012-10-27 14:12 -------- d-----w- c:\windows\system32\wbem\Repository
2012-10-27 02:15 . 2012-11-04 13:05 -------- d-----w- c:\program files\AVAST Software
2012-10-27 02:15 . 2012-11-04 13:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 12:19 . 2012-03-30 20:13 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 12:19 . 2011-11-14 14:56 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-30 00:54 . 2012-07-18 16:48 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-08 12:05 . 2012-09-08 12:05 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-08 12:05 . 2012-09-08 12:05 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-08 12:05 . 2012-07-04 01:07 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-08 12:05 . 2011-04-15 00:40 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-28 15:14 . 2002-09-03 17:12 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2002-09-03 16:39 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2002-09-03 16:35 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2002-09-03 17:12 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29 . 2002-09-03 16:50 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2002-08-29 01:04 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files\AOL 9.5\AOL.EXE" [2009-10-28 50536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpIDerAgent"="c:\program files\DrWeb\spideragent.exe" [2012-11-03 7518560]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DrWebEngine]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^SAL^Start Menu^Programs^Startup^Secunia PSI.lnk]
path=c:\documents and settings\SAL\Start Menu\Programs\Startup\Secunia PSI.lnk
backup=c:\windows\pss\Secunia PSI.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Antivirus]
c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Browsing Protection]
2012-08-08 08:17 540056 ----a-w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-12-17 17:28 684032 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2009-10-28 14:38 50536 ----a-w- c:\progra~1\AOL9~1.5\aol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R380 Series]
2006-05-29 09:00 139264 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIBOA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCleaner]
2012-01-06 18:55 47658848 ----a-w- c:\program files\FixCleaner\FixCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2009-07-20 19:52 41264 ----a-w- c:\program files\Common Files\AOL\1295804831\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-10 00:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2006-01-06 19:07 188416 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2006-03-24 01:13 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2006-03-24 01:17 118784 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2006-03-24 01:17 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-09-30 00:54 981656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 19:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 13:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-11-07 01:35 4763008 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"DrWebNetFilter"=3 (0x3)
"DrWebEngine"=3 (0x3)
"DrWebAVService"=2 (0x2)
"SharedAccess"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1295804831\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
.
R0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [11/3/2012 4:41 PM 234240]
R0 phooks;phooks;c:\windows\system32\drivers\phooks.sys [11/6/2012 10:24 PM 23552]
R0 SpiderG3;DrWeb file system scanner;c:\windows\system32\drivers\spiderg3.sys [11/3/2012 4:42 PM 167128]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [7/16/2012 5:31 PM 101720]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 1:54 PM 116608]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/4/2012 8:06 AM 738504]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/4/2012 8:07 AM 361032]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/4/2012 8:07 AM 21256]
S2 DrWebAVService;Dr.Web Control Service;c:\program files\DrWeb\dwservice.exe --loglevel=inf --logfile="c:\documents and settings\All Users\Application Data\Doctor Web\Logs\dwservice.log" --> c:\program files\DrWeb\dwservice.exe --loglevel=inf --logfile=c:\documents and settings\All Users\Application Data\Doctor Web\Logs\dwservice.log [?]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10/14/2011 1:01 AM 994360]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [2/27/2011 1:24 PM 406016]
S3 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);c:\program files\Common Files\Doctor Web\Scanning Engine\dwengine.exe [11/3/2012 4:41 PM 1913680]
S3 DrWebNetFilter;Dr.Web Net Filtering Service;c:\program files\DrWeb\dwnetfilter.exe [11/3/2012 4:41 PM 2226528]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 12:20]
.
2012-11-10 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-11-04 23:50]
.
2012-11-05 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 8a539c99-0e93-4b00-a46a-3079e9a52085.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-11-07 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c11345c0-d409-401f-936b-34ad8a044912.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
IE: Check by Dr.Web - http://www.drweb.com/static/online/drweb-online-en.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-10 13:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
"ImagePath"="system32\drivers\dwprot.sys"
"Name"="ImagePath"
"ImagePath"="system32\drivers\dwprot.sys"
"Name"="ImagePath"
"Name"="ImagePath"
"ImagePath"="system32\drivers\dwprot.sys"
"Name"="ImagePath"
"Name"="ImagePath"
"Name"="ImagePath"
"ImagePath"="system32\drivers\dwprot.sys"
"Name"="ImagePath"
"Name"="ImagePath"
"Name"="ImagePath"
"Name"="ImagePath"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1756)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2012-11-10 13:57:04
ComboFix-quarantined-files.txt 2012-11-10 18:57
ComboFix2.txt 2012-11-09 23:36
.
Pre-Run: 62,766,231,552 bytes free
Post-Run: 62,812,008,448 bytes free
.
- - End Of File - - F6B232866873B2D44782C98E7A096D09

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:24 AM

Posted 10 November 2012 - 07:23 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 salguy

salguy
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 10 November 2012 - 10:11 PM

Hi Gringo Still no good in regular mode. It won't let me online. It won't desplay page.
If I try to do anything it freezes and says not responding. Hold the button in until it sshuts down. thanks
OTL logfile created on: 11/10/2012 9:57:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\SAL\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.08 Mb Total Physical Memory | 810.55 Mb Available Physical Memory | 79.93% Memory free
1.64 Gb Paging File | 1.56 Gb Available in Paging File | 95.54% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.94 Gb Total Space | 58.52 Gb Free Space | 82.49% Space Free | Partition Type: NTFS
Drive E: | 7.45 Gb Total Space | 3.09 Gb Free Space | 41.46% Space Free | Partition Type: FAT32
Drive F: | 39.19 Mb Total Space | 35.19 Mb Free Space | 89.79% Space Free | Partition Type: NTFS

Computer Name: 11BBTTEJHJ | User Name: SAL | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\SAL\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (DrWebNetFilter) -- C:\Program Files\DrWeb\dwnetfilter.exe (Doctor Web, Ltd.)
SRV - (DrWebAVService) -- C:\Program Files\DrWeb\dwservice.exe (Doctor Web, Ltd.)
SRV - (DrWebEngine) -- C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe (Doctor Web, Ltd.)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\psia.exe (Secunia)
SRV - (UPHClean) -- C:\Program Files\UPHClean\uphclean.exe (Windows ® Codename Longhorn DDK provider)
SRV - (DfSdkS) -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe (mst software GmbH, Germany)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PfModNT) -- C:\WINDOWS\system32\PfModNT.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\SAL\LOCALS~1\Temp\catchme.sys File not found
DRV - (phooks) -- C:\WINDOWS\System32\drivers\phooks.sys (Panda Software)
DRV - (DrWebWfp) -- C:\WINDOWS\system32\drivers\dw_wfp.sys (Doctor Web, Ltd.)
DRV - (SpiderG3) -- C:\WINDOWS\system32\drivers\spiderg3.sys (Doctor Web, Ltd.)
DRV - (DwProt) -- C:\WINDOWS\system32\drivers\dwprot.sys (Doctor Web, Ltd.)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (SBRE) -- C:\WINDOWS\system32\drivers\SBREDrv.sys (Sunbelt Software)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (UdfReadr_xp) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys (Roxio)
DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\pwd_2K.sys (Roxio)
DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (USB_RNDIS_XP) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (wanatw) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Roxio)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Roxio)
DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys (Roxio)
DRV - (OMCI) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Computer Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-776561741-1757981266-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-776561741-1757981266-839522115-1004\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
IE - HKU\S-1-5-21-776561741-1757981266-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-776561741-1757981266-839522115-1004\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={SearchTerms}&invocationType=tb50TB50CL-chromesbox-en-us
IE - HKU\S-1-5-21-776561741-1757981266-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2012/11/09 18:32:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-776561741-1757981266-839522115-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-776561741-1757981266-839522115-1004\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SpIDerAgent] C:\Program Files\DrWeb\spideragent.exe (Doctor Web, Ltd.)
O4 - HKU\S-1-5-21-776561741-1757981266-839522115-1004..\Run: [AOL Fast Start] C:\Program Files\AOL 9.5\AOL.EXE (AOL, LLC.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-776561741-1757981266-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-776561741-1757981266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-776561741-1757981266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-776561741-1757981266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Check by Dr.Web - http://www.drweb.com/static/online/drweb-online-en.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O15 - HKU\S-1-5-21-776561741-1757981266-839522115-1004\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-776561741-1757981266-839522115-1004\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-776561741-1757981266-839522115-1004\..Trusted Domains: dell.com ([]* in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{875F0608-04DF-4455-B52D-C95F902A3BDD}: DhcpNameServer = 192.168.1.254 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\SAL\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\SAL\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/22 01:38:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/09/26 15:59:32 | 000,000,000 | ---D | M] - E:\Autoruns -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/10 21:54:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\SAL\Desktop\OTL.exe
[2012/11/10 21:41:41 | 000,000,000 | -HSD | C] -- C:\found.001
[2012/11/10 13:57:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/11/09 18:24:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/11/09 18:22:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/11/09 18:22:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/11/09 18:22:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/11/09 18:22:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/11/09 18:20:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/09 18:20:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/11/09 18:16:21 | 004,998,937 | R--- | C] (Swearware) -- C:\Documents and Settings\SAL\Desktop\ComboFix.exe
[2012/11/08 18:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SAL\Desktop\RK_Quarantine
[2012/11/06 22:24:26 | 000,023,552 | ---- | C] (Panda Software) -- C:\WINDOWS\System32\drivers\phooks.sys
[2012/11/06 21:02:13 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2012/11/05 20:17:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SAL\Start Menu\Programs\Revo Uninstaller
[2012/11/05 19:14:34 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstall Information
[2012/11/05 19:02:09 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\subinacl.exe
[2012/11/05 18:57:03 | 000,000,000 | ---D | C] -- C:\RegBackup
[2012/11/05 18:55:36 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2012/11/05 18:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SAL\Desktop\Tweaking.com - Windows Repair
[2012/11/05 08:58:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SAL\Application Data\FixCleaner
[2012/11/04 20:32:58 | 000,000,000 | ---D | C] -- C:\Program Files\FixCleaner
[2012/11/04 08:27:20 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2012/11/04 08:07:00 | 000,361,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/11/04 08:07:00 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/11/04 08:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/11/04 08:06:57 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/11/04 08:06:57 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/11/04 08:06:56 | 000,738,504 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/11/04 08:06:56 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/11/04 08:06:56 | 000,089,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/11/04 08:06:55 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/11/04 08:06:18 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/11/04 08:06:16 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/11/03 22:57:35 | 000,000,000 | -HSD | C] -- C:\DrWeb Quarantine
[2012/11/03 16:55:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SAL\Doctor Web
[2012/11/03 16:55:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dr.Web
[2012/11/03 16:42:25 | 000,057,088 | ---- | C] (Doctor Web, Ltd.) -- C:\WINDOWS\System32\drivers\dw_wfp.sys
[2012/11/03 16:42:07 | 000,167,128 | ---- | C] (Doctor Web, Ltd.) -- C:\WINDOWS\System32\drivers\spiderg3.sys
[2012/11/03 16:41:53 | 000,234,240 | ---- | C] (Doctor Web, Ltd.) -- C:\WINDOWS\System32\drivers\dwprot.sys
[2012/11/03 16:41:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Doctor Web
[2012/11/03 16:41:02 | 000,000,000 | ---D | C] -- C:\Program Files\DrWeb
[2012/11/03 16:41:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Doctor Web
[2012/11/01 15:44:01 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2012/10/30 18:36:42 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/10/30 08:26:56 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2012/10/29 15:53:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/10/29 15:53:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/10/29 15:53:44 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/10/29 08:58:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/10/29 08:53:06 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2012/10/29 08:49:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2012/10/28 21:10:21 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/10/27 10:49:16 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/10/27 10:01:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SAL\Start Menu\Programs\Dell Inc
[2012/10/26 21:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/10/26 21:15:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software

========== Files - Modified Within 30 Days ==========

[2012/11/10 21:54:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SAL\Desktop\OTL.exe
[2012/11/10 21:50:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/10 21:42:51 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/11/10 11:01:00 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\SAL\Desktop\MBR.dat
[2012/11/10 10:18:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/11/09 18:32:35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/11/09 18:25:19 | 000,000,420 | RHS- | M] () -- C:\boot.ini
[2012/11/09 18:16:21 | 004,998,937 | R--- | M] (Swearware) -- C:\Documents and Settings\SAL\Desktop\ComboFix.exe
[2012/11/08 18:39:39 | 000,000,524 | ---- | M] () -- C:\Documents and Settings\SAL\Desktop\Shortcut to AdwCleaner[S2].lnk
[2012/11/07 08:34:50 | 000,000,304 | ---- | M] () -- C:\Boot.bak
[2012/11/07 02:00:01 | 000,000,526 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task c11345c0-d409-401f-936b-34ad8a044912.job
[2012/11/06 22:26:12 | 000,175,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/11/06 22:24:17 | 000,023,552 | ---- | M] (Panda Software) -- C:\WINDOWS\System32\drivers\phooks.sys
[2012/11/06 21:53:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/06 21:17:21 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/11/06 21:02:13 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2012/11/06 08:39:55 | 000,001,883 | ---- | M] () -- C:\Documents and Settings\SAL\Desktop\Resume ZoneAlarm Security Install.lnk
[2012/11/05 20:17:33 | 000,000,935 | ---- | M] () -- C:\Documents and Settings\SAL\Desktop\Revo Uninstaller.lnk
[2012/11/05 19:13:25 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/11/05 19:13:25 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/11/05 18:54:53 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\subinacl.exe
[2012/11/05 16:03:18 | 000,020,958 | ---- | M] () -- C:\Documents and Settings\SAL\Desktop\xpnetdiag error repotr.xml
[2012/11/05 00:54:00 | 000,000,526 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 8a539c99-0e93-4b00-a46a-3079e9a52085.job
[2012/11/04 08:07:00 | 000,001,695 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/11/04 08:06:56 | 000,002,638 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/11/04 05:06:05 | 000,502,238 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/04 05:06:05 | 000,086,704 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/03 16:42:25 | 000,057,088 | ---- | M] (Doctor Web, Ltd.) -- C:\WINDOWS\System32\drivers\dw_wfp.sys
[2012/11/03 16:42:07 | 000,167,128 | ---- | M] (Doctor Web, Ltd.) -- C:\WINDOWS\System32\drivers\spiderg3.sys
[2012/11/03 16:41:53 | 000,234,240 | ---- | M] (Doctor Web, Ltd.) -- C:\WINDOWS\System32\drivers\dwprot.sys
[2012/10/30 18:51:58 | 000,738,504 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/10/30 18:51:58 | 000,361,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/10/30 18:51:58 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/10/30 18:51:58 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/10/30 18:51:57 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/10/30 18:51:57 | 000,089,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/10/30 18:51:56 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/10/30 18:51:56 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/10/30 18:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/10/30 18:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/10/30 08:26:45 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2012/10/29 18:30:51 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\default_user_class.dat
[2012/10/29 15:53:48 | 000,001,694 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/10/28 15:20:41 | 096,814,416 | ---- | M] () -- C:\Documents and Settings\SAL\Desktop\avast_free_antivirus_setup.exe
[2012/10/27 12:00:16 | 000,744,339 | ---- | M] () -- C:\Documents and Settings\SAL\Desktop\PAVARK.exe
[2012/10/27 09:30:11 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/10/27 09:30:11 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat

========== Files Created - No Company Name ==========

[2012/11/10 11:01:00 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\SAL\Desktop\MBR.dat
[2012/11/09 18:25:19 | 000,000,304 | ---- | C] () -- C:\Boot.bak
[2012/11/09 18:25:15 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/11/09 18:22:20 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/11/09 18:22:20 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/11/09 18:22:20 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/11/09 18:22:20 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/11/09 18:22:20 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/11/08 18:39:39 | 000,000,524 | ---- | C] () -- C:\Documents and Settings\SAL\Desktop\Shortcut to AdwCleaner[S2].lnk
[2012/11/05 20:08:02 | 000,000,935 | ---- | C] () -- C:\Documents and Settings\SAL\Desktop\Revo Uninstaller.lnk
[2012/11/05 16:03:18 | 000,020,958 | ---- | C] () -- C:\Documents and Settings\SAL\Desktop\xpnetdiag error repotr.xml
[2012/11/04 11:15:21 | 000,001,883 | ---- | C] () -- C:\Documents and Settings\SAL\Desktop\Resume ZoneAlarm Security Install.lnk
[2012/11/04 08:07:00 | 000,001,695 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/11/04 08:06:56 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/10/29 15:54:18 | 000,000,526 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task c11345c0-d409-401f-936b-34ad8a044912.job
[2012/10/29 15:54:18 | 000,000,526 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 8a539c99-0e93-4b00-a46a-3079e9a52085.job
[2012/10/29 15:53:48 | 000,001,694 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/10/28 15:20:38 | 096,814,416 | ---- | C] () -- C:\Documents and Settings\SAL\Desktop\avast_free_antivirus_setup.exe
[2012/07/03 19:20:09 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2012/07/02 14:26:39 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\SAL\Local Settings\Application Data\housecall.guid.cache
[2012/06/06 08:56:11 | 000,001,835 | ---- | C] () -- C:\Documents and Settings\SAL\Application Data\SAS7_000.DAT
[2012/02/15 07:13:12 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/04/22 17:46:22 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/22 17:46:22 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/02/24 20:24:13 | 000,088,397 | ---- | C] () -- C:\WINDOWS\hpoins06.dat
[2011/02/24 20:24:13 | 000,005,389 | ---- | C] () -- C:\WINDOWS\hpomdl06.dat
[2011/02/24 17:52:41 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2011/02/24 17:52:17 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2011/02/24 17:51:36 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\SAL\Local Settings\Application Data\fusioncache.dat
[2011/02/24 17:47:49 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2011/02/24 17:16:55 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2011/01/25 12:32:00 | 000,043,442 | ---- | C] () -- C:\Documents and Settings\All Users\Favorite Places.pfc
[2011/01/25 12:31:53 | 000,043,442 | ---- | C] () -- C:\Documents and Settings\SAL\Favorite Places.pfc
[2011/01/23 18:30:58 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/23 15:56:03 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2011/01/23 15:54:52 | 000,000,125 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/01/23 12:40:14 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/23 11:41:18 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2011/01/23 09:34:35 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\SAL\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/23 09:12:03 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2011/01/22 20:48:57 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2011/01/22 20:42:40 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2011/01/22 20:42:35 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll
[2011/01/22 19:48:41 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/01/22 03:27:37 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/01/22 01:53:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2011/01/22 01:40:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/01/22 01:36:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/01/21 20:30:56 | 000,004,317 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/21 20:29:03 | 000,175,464 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2011/01/24 12:38:59 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/04/16 11:09:07 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\drivers\sfloppy.sys:SummaryInformation
@Alternate Data Stream - 20 bytes -> C:\Documents and Settings\SAL\Desktop\PAVARK.exe:License
@Alternate Data Stream - 20 bytes -> C:\Documents and Settings\SAL\Desktop\antirootkit.exe:License

< End of report >

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:24 AM

Posted 10 November 2012 - 10:20 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
    O3 - HKU\S-1-5-21-776561741-1757981266-839522115-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-776561741-1757981266-839522115-1004\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
    O8 - Extra context menu item: Check by Dr.Web - http://www.drweb.com/static/online/drweb-online-en.html File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
    O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
    SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
    SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
    DRV - (WDICA) -- File not found
    DRV - (PfModNT) -- C:\WINDOWS\system32\PfModNT.sys File not found
    DRV - (PDRFRAME) -- File not found
    DRV - (PDRELI) -- File not found
    DRV - (PDFRAME) -- File not found
    DRV - (PDCOMP) -- File not found
    DRV - (PCIDump) -- File not found
    DRV - (lbrtfdc) -- File not found
    DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found
    DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
    DRV - (i2omgmt) -- File not found
    DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
    DRV - (Changer) -- File not found
    DRV - (catchme) -- C:\DOCUME~1\SAL\LOCALS~1\Temp\catchme.sys File not found
    @Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\drivers\sfloppy.sys:SummaryInformation
    @Alternate Data Stream - 20 bytes -> C:\Documents and Settings\SAL\Desktop\PAVARK.exe:License
    @Alternate Data Stream - 20 bytes -> C:\Documents and Settings\SAL\Desktop\antirootkit.exe:License      
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 salguy

salguy
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 11 November 2012 - 03:59 PM

Hello Gringo It is the same. I can't get online in regular mode. that little drweb updater icon is still there. I had to this in safe mode. my sunday football team is losing too. ha ha thanks again. bye
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@checkpoint.com/FFApi\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-776561741-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-776561741-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Check by Dr.Web\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Service HidServ stopped successfully!
Service HidServ deleted successfully!
File %SystemRoot%\System32\hidserv.dll File not found not found.
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
File %SystemRoot%\System32\appmgmts.dll File not found not found.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
File File not found not found.
Service PfModNT stopped successfully!
Service PfModNT deleted successfully!
File C:\WINDOWS\system32\PfModNT.sys File not found not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
File File not found not found.
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
File File not found not found.
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
File File not found not found.
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
File File not found not found.
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
File File not found not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
File File not found not found.
Service Lbd stopped successfully!
Service Lbd deleted successfully!
File system32\DRIVERS\Lbd.sys File not found not found.
Service Lavasoft Kernexplorer stopped successfully!
Service Lavasoft Kernexplorer deleted successfully!
File C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found not found.
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
File File not found not found.
Service esgiguard stopped successfully!
Service esgiguard deleted successfully!
File C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found not found.
Service Changer stopped successfully!
Service Changer deleted successfully!
File File not found not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\SAL\LOCALS~1\Temp\catchme.sys File not found not found.
ADS C:\WINDOWS\System32\drivers\sfloppy.sys:SummaryInformation deleted successfully.
ADS C:\Documents and Settings\SAL\Desktop\PAVARK.exe:License deleted successfully.
ADS C:\Documents and Settings\SAL\Desktop\antirootkit.exe:License deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\SAL\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\SAL\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: SAL
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 663 bytes

User: All Users
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: SAL
->Flash cache emptied: 1668 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11112012_153753

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:24 AM

Posted 14 November 2012 - 02:22 AM

Please download Kaspersky Virus Removal Tool and SAVE it to your desktop

  • Right click and run as admin (xp please double click to run)
  • select lang
  • accept the license aggreement
  • click on settings (gear looking thing on the right)
  • put check mark in
    • system memory
      hidden objects
      disk boot sectors
      computer
  • go back to automatic scan
  • click on start scan
  • For this scan select skip for anything found
  • when the scan is complete click on the report button (looks like a peace of paper on the right of the gear looking thing)
  • on the left you will see
    status
    Detected threats<-- click on this one
    automatic Scan report
    Manual disinfection report
  • click on the save button
    save to a location that you can find it ( default is in the document folder)
  • copy and paste this report in your next post

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 salguy

salguy
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 14 November 2012 - 10:16 AM

Hello Gringo I hade to run this in safe mode. It said nothing was found so I could not get report at all. Thanks for reply.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users