Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IRP Hooks Immediately Returning After Being Detected and Deleted by AVG Free


  • This topic is locked This topic is locked
10 replies to this topic

#1 ElijahT

ElijahT

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indonesia
  • Local time:12:47 AM

Posted 11 August 2014 - 04:04 AM

After my computer slowing down to almost a halt, I finally decided to download another virus checker, so I got AVG. It cleaned about 60 threats the first scan. Every scan afterwards it would clean 15 threats, and then I noticed that it was always the same 15 threats. I entered the file that was being cleaned into Google Search and the following topic in your forum was the second result of only two results that Google gave (and the only relevant one): http://www.bleepingcomputer.com/forums/t/506739/irp-hooks-detected-by-avg-free-false-positives-or-real-problems/

 

I read that whole topic and the guy who helped was awesome, so I planned to just do what he instructed the other guy to do instead of posting because I didn't want to just ask for help when there was already a topic about it and waste your time (I know you must be busy and your time is important). However, there is a (small?) difference between the problem in that topic and my problem, and that is that AVG couldn't clean his threats and AVG did (at least claimed to have) cleaned mine and they just immediately returned after being cleaned, and so I'm not 100% sure my problem is the same as what his was. So... if it's alright, I'd like to go ahead and post my information here. I'll still do as instructed in that topic, but it would be extremely appreciated if someone could check the logs to see if it was successful as I don't really understand them.  :unsure:

 

Thank you very much for your time and any help!

 

Here is what the AVG log says (I'll also attach two others of scans I did immediately after this one so you can see the threats were there again even after AVG cleaned it):

 

Anti-Rootkit scan 

Medium severity;"15";"15";"0" 

Started:;"8/3/2014, 12:29:54 PM" 

Finished:;"8/3/2014, 12:30:06 PM" 

Scanned items:;"810" 

Launched by:;"Test" 

 

Name;"Description";"Status";"Status";"Priority" 

C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS;"IRP hook, 

C:\WINDOWS\System32\drivers\disk.sys IRP_MJ_READ -> CLASSPNP.SYS ClassCompleteRequest+0x13C";"Secured";"Healed";"Medium" 

C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS;"IRP hook, 

C:\WINDOWS\System32\drivers\disk.sys IRP_MJ_CLOSE -> CLASSPNP.SYS ClassDebugPrint+0x618";"Secured";"Healed";"Medium" 

C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS;"IRP hook, 

C:\WINDOWS\System32\drivers\pciide.sys IRP_MJ_SYSTEM_CONTROL -> PCIIDEX.SYS PciIdeXDebugPrint+0x2DB4";"Secured";"Healed";"Medium" 

C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS;"IRP hook, 

C:\WINDOWS\System32\drivers\pciide.sys IRP_MJ_PNP -> PCIIDEX.SYS PciIdeXDebugPrint+0x2D80";"Secured";"Healed";"Medium" 

C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS;"IRP hook, 

C:\WINDOWS\System32\drivers\disk.sys IRP_MJ_INTERNAL_DEVICE_CONTROL -> CLASSPNP.SYS ClassInternalIoControl";"Secured";"Healed";"Medium" 

C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS;"IRP hook, 

C:\WINDOWS\System32\drivers\disk.sys IRP_MJ_DEVICE_CONTROL -> CLASSPNP.SYS ClassIoComplete+0x1C8";"Secured";"Healed";"Medium" 

C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS;"IRP hook, 

C:\WINDOWS\System32\drivers\disk.sys IRP_MJ_PNP -> CLASSPNP.SYS ClassDebugPrint+0x6FB";"Secured";"Healed";"Medium" 

C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS;"IRP hook, 

C:\WINDOWS\System32\drivers\disk.sys IRP_MJ_FLUSH_BUFFERS -> CLASSPNP.SYS ClassIoComplete+0xEF";"Secured";"Healed";"Medium" 

C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS;"IRP hook, 

C:\WINDOWS\System32\drivers\pciide.sys IRP_MJ_INTERNAL_DEVICE_CONTROL -> PCIIDEX.SYS PciIdeXDebugPrint+0x2E38";"Secured";"Healed";"Medium" 

C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS;"IRP hook, 

C:\WINDOWS\System32\drivers\disk.sys IRP_MJ_SYSTEM_CONTROL -> CLASSPNP.SYS ClassInitialize+0x666";"Secured";"Healed";"Medium" 

C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS;"IRP hook, 

C:\WINDOWS\System32\drivers\disk.sys IRP_MJ_WRITE -> CLASSPNP.SYS ClassCompleteRequest+0x13C";"Secured";"Healed";"Medium" 

C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS;"IRP hook, 

C:\WINDOWS\System32\drivers\disk.sys IRP_MJ_SHUTDOWN -> CLASSPNP.SYS ClassIoComplete+0xEF";"Secured";"Healed";"Medium" 

C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS;"IRP hook, 

C:\WINDOWS\System32\drivers\disk.sys IRP_MJ_POWER -> CLASSPNP.SYS ClassForwardIrpSynchronous+0xD8";"Secured";"Healed";"Medium" 

C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS;"IRP hook, 

C:\WINDOWS\System32\drivers\pciide.sys IRP_MJ_POWER -> PCIIDEX.SYS +0x692";"Secured";"Healed";"Medium" 

C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS;"IRP hook, 

C:\WINDOWS\System32\drivers\disk.sys IRP_MJ_CREATE -> CLASSPNP.SYS ClassDebugPrint+0x618";"Secured";"Healed";"Medium"

 

The DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.65.2
Run by Test at 15:59:21 on 2014-08-11
#Option Extended Search is enabled.
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1012.168 [GMT 8:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\EPSON\MyEpson Portal\mepService.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\TEMP\nsa2.tmp\ns3.tmp
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
C:\Program Files\Launch Manager\LManager.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\PLFSetL.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Smadav\SMC:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\CleanMem\Mini_Monitor.exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe
C:\DOCUME~1\Test\LOCALS~1\Temp\RtkBtMnt.exe
C:\PROGRA~1\Intuwave\Shared\MROUTE~1\MRB39E~1.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\EPSON\MyEpson Portal\mep.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao531h&r=0xph03103106l0353wuj5w77n6528s
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao531h&r=0xph03103106l0353wuj5w77n6528s
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao531h&r=0xph03103106l0353wuj5w77n6528s
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao531h&r=0xph03103106l0353wuj5w77n6528s
uInternet Connection Wizard,ShellNext = iexplore
dURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12
 
\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft 
 
shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet 
 
explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [mRouterConfig] "c:\program files\intuwave\shared\mrouterruntime\mRouterConfig.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [snp2uvc] rundll32.exe c:\windows\system32\csnp2uvc.dll,ResetCIDS
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [Malwarebytes Anti-Exploit] c:\program files\malwarebytes anti-exploit\mbae.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [CleanMem Mini Monitor] c:\program files\cleanmem\Mini_Monitor.exe /startup
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: MemCheckBoxInRunDlg = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google 
 
toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows 
 
live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft 
 
office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program 
 
files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
TCP: NameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{2C3983D9-DA1F-403D-AF62-53229DB79941} : DHCPNameServer = 208.67.222.222 208.67.220.220
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12
 
\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet 
 
explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12
 
\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\test\application data\mozilla\firefox\profiles\1dnn5n7k.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://id.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}
 
\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\test\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\opera 10.50 beta\program\plugins\npdsplay.dll
FF - plugin: c:\program files\opera 10.50 beta\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-
 
a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla 
 
firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-
 
0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-
 
0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - 
 
c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-
 
46ed-80e3-08825760534b}
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-6-17 147736]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-6-17 241944]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-6-17 98584]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-6-17 27416]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-6-30 121624]
R1 AVGIDSDriverl;AVGIDSDriverl;c:\windows\system32\drivers\avgidsdriverlx.sys [2014-6-17 190232]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-6-17 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-6-17 188696]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-6-17 197400]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files\malwarebytes anti-exploit\mbae.sys [2014-7-31 44760]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2014-7-10 3244048]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2014-7-10 289328]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-6-20 54760]
R2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files\malwarebytes anti-exploit\mbae-svc.exe [2014-7-31 360592]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-7-31 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-7-31 860472]
R2 MyEpson Portal Service;MyEpson Portal Service;c:\program files\epson\myepson portal\mepService.exe [2012-10-1 696320]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-7-24 237568]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files\avg\avg pc tuneup\TuneUpUtilitiesService32.exe [2014-7-14 
 
1858360]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-7-31 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-7-31 110296]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2011-2-15 27632]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\avg\avg pc tuneup\TuneUpUtilitiesDriver32.sys [2014-6-23 12320]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan 
 
enterprise\mferkdk.sys [?]
S2 ProtectMonitor;Protect Monitor;c:\program files\pcdapp\StartHelp.exe [2014-4-11 97008]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-7-24 112480]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\rts5121.sys --> c:\windows\system32
 
\drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
.
=============== Created Last 60 ================
.
2014-08-11 05:57:56 -------- d-----w- c:\windows\pss
2014-08-01 03:28:10 121856 ----a-w- c:\windows\system32\schtasks.exe
2014-08-01 03:27:46 -------- d-----w- c:\windows\CleanMem
2014-08-01 03:27:46 -------- d-----w- c:\program files\CleanMem
2014-07-31 11:07:14 -------- d-----w- c:\documents and settings\test\application data\AVG Web TuneUp
2014-07-31 11:07:12 -------- d-----w- c:\documents and settings\all users\application data\AVG Security 
 
Toolbar
2014-07-31 08:30:31 -------- d-----w- C:\RegBackup
2014-07-31 08:01:26 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2014-07-31 08:01:19 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2014-07-31 08:01:18 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2014-07-31 08:01:11 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2014-07-31 08:01:04 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2014-07-31 08:00:48 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2014-07-31 08:00:40 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2014-07-31 08:00:37 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2014-07-31 08:00:26 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2014-07-31 08:00:24 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2014-07-31 07:59:38 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2014-07-31 07:59:31 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2014-07-31 07:59:09 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2014-07-31 07:57:53 16925 -c--a-w- c:\windows\system32\dllcache\w940nd.sys
2014-07-31 07:57:47 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys
2014-07-31 07:57:40 19528 -c--a-w- c:\windows\system32\dllcache\w840nd.sys
2014-07-31 07:57:31 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
2014-07-31 07:57:23 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
2014-07-31 07:57:15 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2014-07-31 07:57:08 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
2014-07-31 07:57:00 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2014-07-31 07:56:53 11325 -c--a-w- c:\windows\system32\dllcache\vchnt5.dll
2014-07-31 07:56:45 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2014-07-31 07:56:37 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2014-07-31 07:56:29 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2014-07-31 07:56:23 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2014-07-31 07:56:14 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
2014-07-31 07:56:08 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2014-07-31 07:56:02 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys
2014-07-31 07:55:55 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys
2014-07-31 07:55:50 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2014-07-31 07:55:48 17152 -c--a-w- c:\windows\system32\dllcache\usbohci.sys
2014-07-31 07:55:41 32384 -c--a-w- c:\windows\system32\dllcache\usb101et.sys
2014-07-31 07:55:26 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2014-07-31 07:55:20 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll
2014-07-31 07:55:14 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll
2014-07-31 07:55:08 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
2014-07-31 07:55:02 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll
2014-07-31 07:54:55 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys
2014-07-31 07:54:49 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
2014-07-31 07:54:43 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2014-07-31 07:54:36 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2014-07-31 07:54:30 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2014-07-31 07:54:26 44672 -c--a-w- c:\windows\system32\dllcache\uagp35.sys
2014-07-31 07:54:19 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2014-07-31 07:54:04 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2014-07-31 07:53:57 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2014-07-31 07:53:51 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
2014-07-31 07:53:45 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
2014-07-31 07:53:39 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2014-07-31 07:53:33 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2014-07-31 07:53:25 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2014-07-31 07:53:19 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll
2014-07-31 07:53:17 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe
2014-07-31 07:53:11 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll
2014-07-31 07:53:01 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys
2014-07-31 07:52:54 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
2014-07-31 07:52:48 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2014-07-31 07:52:40 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
2014-07-31 07:52:30 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2014-07-31 07:52:23 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2014-07-31 07:52:22 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2014-07-31 07:52:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2014-07-31 07:52:06 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2014-07-31 07:51:55 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2014-07-31 07:51:46 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2014-07-31 07:51:40 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2014-07-31 07:51:34 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2014-07-31 07:51:16 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
2014-07-31 07:51:10 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys
2014-07-31 07:51:05 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys
2014-07-31 07:50:59 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll
2014-07-31 07:50:53 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll
2014-07-31 07:50:47 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll
2014-07-31 07:50:41 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll
2014-07-31 07:50:32 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll
2014-07-31 07:50:26 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll
2014-07-31 07:50:20 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys
2014-07-31 07:50:12 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2014-07-31 07:50:01 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2014-07-31 07:49:54 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2014-07-31 07:49:40 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2014-07-31 07:49:29 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2014-07-31 07:49:23 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2014-07-31 07:49:15 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2014-07-31 07:49:09 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2014-07-31 07:49:04 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2014-07-31 07:48:58 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2014-07-31 07:48:52 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2014-07-31 07:48:51 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2014-07-31 07:48:43 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2014-07-31 07:48:23 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2014-07-31 07:48:16 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll
2014-07-31 07:48:10 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys
2014-07-31 07:48:04 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys
2014-07-31 07:46:55 94698 -c--a-w- c:\windows\system32\dllcache\sk98xwin.sys
2014-07-31 07:46:49 157696 -c--a-w- c:\windows\system32\dllcache\sisv256.dll
2014-07-31 07:46:44 50432 -c--a-w- c:\windows\system32\dllcache\sisv.sys
2014-07-31 07:46:42 32768 -c--a-w- c:\windows\system32\dllcache\sisnic.sys
2014-07-31 07:46:36 238592 -c--a-w- c:\windows\system32\dllcache\sisgrv.dll
2014-07-31 07:46:31 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys
2014-07-31 07:46:24 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2014-07-31 07:46:19 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2014-07-31 07:46:14 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2014-07-31 07:46:08 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2014-07-31 07:46:06 3901 -c--a-w- c:\windows\system32\dllcache\siint5.dll
2014-07-31 07:45:46 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2014-07-31 07:45:41 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2014-07-31 07:45:35 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2014-07-31 07:45:30 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2014-07-31 07:45:24 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2014-07-31 07:45:12 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2014-07-31 07:45:06 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2014-07-31 07:44:56 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2014-07-31 07:44:54 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2014-07-31 07:44:48 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2014-07-31 07:44:40 17280 -c--a-w- c:\windows\system32\dllcache\scr111.sys
2014-07-31 07:44:34 16640 -c--a-w- c:\windows\system32\dllcache\scmstcs.sys
2014-07-31 07:44:27 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys
2014-07-31 07:44:21 23936 -c--a-w- c:\windows\system32\dllcache\sccmn50m.sys
2014-07-31 07:44:19 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2014-07-31 07:44:13 495616 -c--a-w- c:\windows\system32\dllcache\sblfx.dll
2014-07-31 07:44:02 75392 -c--a-w- c:\windows\system32\dllcache\s3savmxm.sys
2014-07-31 07:42:54 82432 -c--a-w- c:\windows\system32\dllcache\rwia450.dll
2014-07-31 07:42:48 79872 -c--a-w- c:\windows\system32\dllcache\rwia430.dll
2014-07-31 07:42:44 29696 -c--a-w- c:\windows\system32\dllcache\rw450ext.dll
2014-07-31 07:42:42 27648 -c--a-w- c:\windows\system32\dllcache\rw430ext.dll
2014-07-31 07:42:36 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2014-07-31 07:42:30 19017 -c--a-w- c:\windows\system32\dllcache\rtl8029.sys
2014-07-31 07:42:24 30720 -c--a-w- c:\windows\system32\dllcache\rthwcls.sys
2014-07-31 07:42:16 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2014-07-31 07:42:08 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2014-07-31 07:42:03 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2014-07-31 07:42:02 30592 -c--a-w- c:\windows\system32\dllcache\rndismpx.sys
2014-07-31 07:41:55 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2014-07-31 07:41:54 59136 -c--a-w- c:\windows\system32\dllcache\rfcomm.sys
2014-07-31 07:41:48 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2014-07-31 07:41:38 13776 -c--a-w- c:\windows\system32\dllcache\recagent.sys
2014-07-31 07:41:19 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2014-07-31 07:41:10 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2014-07-31 07:41:05 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2014-07-31 07:40:59 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2014-07-31 07:40:53 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2014-07-31 07:40:42 6016 -c--a-w- c:\windows\system32\dllcache\qic157.sys
2014-07-31 07:40:34 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys
2014-07-31 07:40:28 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2014-07-31 07:40:23 128286 -c--a-w- c:\windows\system32\dllcache\ptserli.sys
2014-07-31 07:40:21 159232 -c--a-w- c:\windows\system32\dllcache\ptpusd.dll
2014-07-31 07:40:16 5632 -c--a-w- c:\windows\system32\dllcache\ptpusb.dll
2014-07-31 07:40:08 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll
2014-07-31 07:40:06 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2014-07-31 07:40:01 16128 -c--a-w- c:\windows\system32\dllcache\pscr.sys
2014-07-31 07:39:54 17664 -c--a-w- c:\windows\system32\dllcache\ppa3.sys
2014-07-31 07:39:49 17792 -c--a-w- c:\windows\system32\dllcache\ppa.sys
2014-07-31 07:39:48 8832 -c--a-w- c:\windows\system32\dllcache\powerfil.sys
2014-07-31 07:39:40 7168 -c--a-w- c:\windows\system32\dllcache\pnrmc.sys
2014-07-31 07:39:26 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
2014-07-31 07:39:20 19840 -c--a-w- c:\windows\system32\dllcache\philtune.sys
2014-07-31 07:39:14 92416 -c--a-w- c:\windows\system32\dllcache\phildec.sys
2014-07-31 07:39:09 173696 -c--a-w- c:\windows\system32\dllcache\philcam2.sys
2014-07-31 07:39:04 75776 -c--a-w- c:\windows\system32\dllcache\philcam1.sys
2014-07-31 07:37:55 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
2014-07-31 07:37:50 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll
2014-07-31 07:37:45 25216 -c--a-w- c:\windows\system32\dllcache\ovsound2.sys
2014-07-31 07:37:40 39424 -c--a-w- c:\windows\system32\dllcache\ovcoms.exe
2014-07-31 07:37:35 20480 -c--a-w- c:\windows\system32\dllcache\ovcomc.dll
2014-07-31 07:37:29 351616 -c--a-w- c:\windows\system32\dllcache\ovcodek2.sys
2014-07-31 07:37:24 116736 -c--a-w- c:\windows\system32\dllcache\ovcodec2.dll
2014-07-31 07:37:19 31872 -c--a-w- c:\windows\system32\dllcache\ovce.sys
2014-07-31 07:37:14 28032 -c--a-w- c:\windows\system32\dllcache\ovcd.sys
2014-07-31 07:37:08 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
2014-07-31 07:37:03 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
2014-07-31 07:36:58 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2014-07-31 07:36:52 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
2014-07-31 07:36:47 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
2014-07-31 07:36:39 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2014-07-31 07:36:31 61696 -c--a-w- c:\windows\system32\dllcache\ohci1394.sys
2014-07-31 07:36:21 1897408 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
2014-07-31 07:36:20 4274816 -c--a-w- c:\windows\system32\dllcache\nv4_disp.dll
2014-07-31 07:36:15 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2014-07-31 07:36:10 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2014-07-31 07:36:05 180360 -c--a-w- c:\windows\system32\dllcache\ntmtlfax.sys
2014-07-31 07:35:51 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2014-07-31 07:35:44 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2014-07-31 07:35:38 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2014-07-31 07:35:36 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2014-07-31 07:35:22 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2014-07-31 07:35:17 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2014-07-31 07:35:09 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2014-07-31 07:35:07 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2014-07-31 07:34:51 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2014-07-31 07:34:43 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
2014-07-31 07:34:38 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll
2014-07-31 07:34:32 15872 -c--a-w- c:\windows\system32\dllcache\ne2000.sys
2014-07-31 07:34:18 91488 -c--a-w- c:\windows\system32\dllcache\n9i3disp.dll
2014-07-31 07:34:13 27936 -c--a-w- c:\windows\system32\dllcache\n9i3d.sys
2014-07-31 07:34:08 33088 -c--a-w- c:\windows\system32\dllcache\n9i128v2.sys
2014-07-31 07:34:03 59104 -c--a-w- c:\windows\system32\dllcache\n9i128v2.dll
2014-07-31 07:32:45 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2014-07-31 07:32:32 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2014-07-31 07:32:12 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2014-07-31 07:32:08 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2014-07-31 07:31:45 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2014-07-31 07:31:39 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2014-07-31 07:31:35 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2014-07-31 07:31:14 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2014-07-31 07:31:02 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2014-07-31 07:30:41 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2014-07-31 07:30:28 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2014-07-31 07:30:22 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2014-07-31 07:30:19 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2014-07-31 07:30:14 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2014-07-31 07:30:09 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2014-07-31 07:30:03 164586 -c--a-w- c:\windows\system32\dllcache\mdgndis5.sys
2014-07-31 07:28:55 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys
2014-07-31 07:28:45 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys
2014-07-31 07:28:40 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys
2014-07-31 07:28:35 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
2014-07-31 07:28:29 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2014-07-31 07:28:27 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2014-07-31 07:28:22 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2014-07-31 07:28:16 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2014-07-31 07:28:07 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2014-07-31 07:28:01 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2014-07-31 07:27:59 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2014-07-31 07:27:00 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2014-07-31 07:26:55 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
2014-07-31 07:26:53 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2014-07-31 07:26:48 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys
2014-07-31 07:26:47 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2014-07-31 07:26:45 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys
2014-07-31 07:26:28 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2014-07-31 07:26:23 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2014-07-31 07:26:18 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2014-07-31 07:26:11 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2014-07-31 07:25:39 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
2014-07-31 07:25:25 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2014-07-31 07:25:19 100992 -c--a-w- c:\windows\system32\dllcache\icam5usb.sys
2014-07-31 07:25:14 20480 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll
2014-07-31 07:25:10 45056 -c--a-w- c:\windows\system32\dllcache\icam5com.dll
2014-07-31 07:25:06 154496 -c--a-w- c:\windows\system32\dllcache\icam4usb.sys
2014-07-31 07:25:02 61952 -c--a-w- c:\windows\system32\dllcache\icam4ext.dll
2014-07-31 07:23:59 32285 -c--a-w- c:\windows\system32\dllcache\hsfcisp2.dll
2014-07-31 07:22:58 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
2014-07-31 07:21:57 119296 -c--a-w- c:\windows\system32\dllcache\hpdigwia.dll
2014-07-31 07:20:56 470144 -c--a-w- c:\windows\system32\dllcache\g200d.dll
2014-07-31 07:20:53 454912 -c--a-w- c:\windows\system32\dllcache\fxusbase.sys
2014-07-31 07:20:36 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2014-07-31 07:20:33 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
2014-07-31 07:20:29 455680 -c--a-w- c:\windows\system32\dllcache\fus2base.sys
2014-07-31 07:20:20 442240 -c--a-w- c:\windows\system32\dllcache\fpnpbase.sys
2014-07-31 07:20:15 441728 -c--a-w- c:\windows\system32\dllcache\fpcmbase.sys
2014-07-31 07:20:12 444416 -c--a-w- c:\windows\system32\dllcache\fpcibase.sys
2014-07-31 07:20:08 34173 -c--a-w- c:\windows\system32\dllcache\forehe.sys
2014-07-31 07:20:02 71680 -c--a-w- c:\windows\system32\dllcache\fnfilter.dll
2014-07-31 07:19:50 27165 -c--a-w- c:\windows\system32\dllcache\fetnd5.sys
2014-07-31 07:19:40 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys
2014-07-31 07:19:33 24618 -c--a-w- c:\windows\system32\dllcache\fa410nd5.sys
2014-07-31 07:19:30 16074 -c--a-w- c:\windows\system32\dllcache\fa312nd5.sys
2014-07-31 07:19:26 11850 -c--a-w- c:\windows\system32\dllcache\f3ab18xj.sys
2014-07-31 07:19:23 12362 -c--a-w- c:\windows\system32\dllcache\f3ab18xi.sys
2014-07-31 07:19:16 7040 -c--a-w- c:\windows\system32\dllcache\exabyte2.sys
2014-07-31 07:19:13 16998 -c--a-w- c:\windows\system32\dllcache\ex10.sys
2014-07-31 07:19:03 45568 -c--a-w- c:\windows\system32\dllcache\esunib.dll
2014-07-31 07:19:00 45568 -c--a-w- c:\windows\system32\dllcache\esuni.dll
2014-07-31 07:17:58 144896 -c--a-w- c:\windows\system32\dllcache\epcfw2k.sys
2014-07-31 07:16:58 19594 -c--a-w- c:\windows\system32\dllcache\e100isa4.sys
2014-07-31 07:16:55 117760 -c--a-w- c:\windows\system32\dllcache\e100b325.sys
2014-07-31 07:16:53 50719 -c--a-w- c:\windows\system32\dllcache\e1000nt5.sys
2014-07-31 07:16:34 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys
2014-07-31 07:16:18 28062 -c--a-w- c:\windows\system32\dllcache\dp83820.sys
2014-07-31 07:16:16 23808 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
2014-07-31 07:16:14 8704 -c--a-w- c:\windows\system32\dllcache\dot4scan.sys
2014-07-31 07:16:12 12928 -c--a-w- c:\windows\system32\dllcache\dot4prt.sys
2014-07-31 07:16:11 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys
2014-07-31 07:14:59 37735 -c--a-w- c:\windows\system32\dllcache\digiasyn.sys
2014-07-31 07:13:59 27648 -c--a-w- c:\windows\system32\dllcache\cyzports.dll
2014-07-31 07:12:51 39936 -c--a-w- c:\windows\system32\dllcache\cnxt1803.sys
2014-07-31 07:11:59 21530 -c--a-w- c:\windows\system32\dllcache\ce2n5.sys
2014-07-31 07:11:52 714698 -c--a-w- c:\windows\system32\dllcache\cbmdmkxx.sys
2014-07-31 07:11:50 46108 -c--a-w- c:\windows\system32\dllcache\cben5.sys
2014-07-31 07:11:49 39680 -c--a-w- c:\windows\system32\dllcache\cb325.sys
2014-07-31 07:11:47 37916 -c--a-w- c:\windows\system32\dllcache\cb102.sys
2014-07-31 07:11:42 32256 -c--a-w- c:\windows\system32\dllcache\diapi2NT.dll
2014-07-31 07:11:40 164923 -c--a-w- c:\windows\system32\dllcache\diapi2.sys
2014-07-31 07:11:36 121856 -c--a-w- c:\windows\system32\dllcache\camext30.dll
2014-07-31 07:11:34 236032 -c--a-w- c:\windows\system32\dllcache\camext20.dll
2014-07-31 07:11:31 74240 -c--a-w- c:\windows\system32\dllcache\camexo20.dll
2014-07-31 07:11:29 171264 -c--a-w- c:\windows\system32\dllcache\camdrv30.sys
2014-07-31 07:11:28 223232 -c--a-w- c:\windows\system32\dllcache\camdrv21.sys
2014-07-31 07:11:27 314752 -c--a-w- c:\windows\system32\dllcache\camdro21.sys
2014-07-31 07:09:59 36992 -c--a-w- c:\windows\system32\dllcache\aztw2320.sys
2014-07-31 07:08:59 75136 -c--a-w- c:\windows\system32\dllcache\atimpae.sys
2014-07-31 07:07:53 3775 -c--a-w- c:\windows\system32\dllcache\adv11nt5.dll
2014-07-31 07:06:00 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2014-07-31 02:31:08 -------- d-----w- c:\program files\Tweaking.com
2014-07-31 02:20:35 -------- d-----w- c:\documents and settings\test\application data\ElevatedDiagnostics
2014-07-31 02:16:48 -------- d-----w- c:\documents and settings\test\local settings\application data\Sun
2014-07-31 02:14:42 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-07-31 02:13:58 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-07-31 01:44:28 35640 ----a-w- c:\windows\system32\uxtuneup.dll
2014-07-31 01:21:32 2289664 ----a-w- c:\windows\system32\TUKernel.exe
2014-07-30 22:48:07 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes' 
 
Anti-Malware (portable)
2014-07-30 22:44:32 -------- d-----w- c:\program files\FileASSASSIN
2014-07-30 21:54:58 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-30 21:54:12 54232 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-30 21:54:12 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-30 21:54:12 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-07-30 21:52:28 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 
 
Anti-Exploit
2014-07-30 21:52:26 -------- d-----w- c:\program files\Malwarebytes Anti-Exploit
2014-07-30 21:50:57 -------- d-----w- C:\TDSSKiller_Quarantine
2014-07-30 12:24:03 36152 ----a-w- c:\windows\system32\TURegOpt.exe
2014-07-30 12:23:28 -------- d-----w- c:\documents and settings\test\local settings\application data\AVG
2014-07-30 12:23:27 -------- d-----w- c:\documents and settings\test\application data\AVG
2014-07-30 12:19:34 -------- d-sh--w- c:\documents and settings\all users\application data\{01BD4FC9-2F86-
 
4706-A62E-774BB7E9D308}
2014-07-30 12:19:29 -------- d-----w- c:\documents and settings\all users\application data\AVG
2014-07-30 08:00:18 -------- d-----w- c:\program files\EexStRACCOUapoNi
2014-07-30 07:57:21 -------- d-----w- c:\documents and settings\test\local settings\application data\Skype
2014-07-30 07:39:34 -------- d-----w- c:\documents and settings\test\application data\AVG2014
2014-07-30 07:38:37 -------- d-----w- c:\documents and settings\test\application data\TuneUp Software
2014-07-30 07:37:52 -------- d-----w- c:\documents and settings\all users\application data\AVG2014
2014-07-30 07:37:52 -------- d-----w- C:\$AVG
2014-07-30 07:37:00 -------- d-----w- c:\program files\AVG
2014-07-30 06:03:58 -------- d-----w- c:\program files\Unlocker
2014-07-30 06:03:13 -------- d-----w- c:\documents and settings\all users\application data\EexStRACCOUapoNi
2014-07-30 05:54:32 -------- d-----w- c:\documents and settings\all users\application data\RegulaarDeals
2014-07-11 07:55:50 -------- d-----w- c:\windows\system32\wbem\repository\FS
2014-07-11 07:55:50 -------- d-----w- c:\windows\system32\wbem\Repository
2014-07-08 04:49:48 -------- d-----w- c:\documents and settings\all users\application data\Datamngr
2014-06-30 04:43:12 121624 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2014-06-17 08:22:02 188696 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-06-17 08:21:22 197400 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-06-17 08:18:00 241944 ----a-w- c:\windows\system32\drivers\avglogx.sys
2014-06-17 08:17:58 147736 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2014-06-17 08:17:56 190232 ----a-w- c:\windows\system32\drivers\avgidsdriverlx.sys
2014-06-17 08:06:22 27416 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2014-06-17 08:06:20 21272 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
.
==================== Find6M  ====================
.
2014-05-12 07:02:57 106496 ----a-w- c:\windows\DUMP65ed.tmp
2014-04-16 17:39:46 106496 ----a-w- c:\windows\DUMP7a7f.tmp
2014-03-31 14:46:48 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2014-03-31 14:46:48 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2014-03-06 17:59:23 920064 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 17:59:22 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-03-06 17:59:22 18944 ----a-w- c:\windows\system32\corpol.dll
2014-03-06 17:59:22 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 00:46:54 385024 ----a-w- c:\windows\system32\html.iec
2014-02-26 01:59:05 13312 ----a-w- c:\windows\system32\xp_eos.exe
.
============= FINISH: 16:00:57.50 ===============
 
 
The other things he instructed to do in the other topic I'll do immediately and post the logs in replies to this topic.  :thumbup2: 
 
Again, thank you VERY much for your time and any help you can provide! ^_^

 

 

[attachment=153351:attach.zip]

 

[attachment=153353:avg-threat-logs.zip]



BC AdBot (Login to Remove)

 


#2 ElijahT

ElijahT
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indonesia
  • Local time:12:47 AM

Posted 11 August 2014 - 05:33 AM

As Marius instructed that other guy (in that other topic here), I downloaded aswMBR, allowed it to download the latest virus definitions, scanned, and here is the log:
 
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-08-11 17:20:46
-----------------------------
17:20:46.125    OS Version: Windows 5.1.2600 Service Pack 3
17:20:46.125    Number of processors: 2 586 0x1C02
17:20:46.140    ComputerName: ACER-E210EBD032  UserName: Test
17:20:50.640    Initialize success
17:20:51.218    VM: initialized successfully
17:20:51.296    VM: Intel CPU virtualization not supported 
18:08:44.421    AVAST engine defs: 14081100
18:11:33.328    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
18:11:33.328    Disk 0 Vendor: Hitachi_ FB2O Size: 152627MB BusType: 3
18:11:33.937    Disk 0 MBR read successfully
18:11:33.937    Disk 0 MBR scan
18:11:34.156    Disk 0 Windows VISTA default MBR code
18:11:34.187    Disk 0 Partition 1 00     12  Compaq diag NTFS        10240 MB offset 2048
18:11:34.312    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        60161 MB offset 20973568
18:11:34.406    Disk 0 Boot: NTFS     code=1
18:11:34.468    Disk 0 Partition - 00     0F Extended LBA             82223 MB offset 144183375
18:11:34.515    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        82223 MB offset 144183438
18:11:34.593    Disk 0 scanning sectors +312576705
18:11:35.250    Disk 0 scanning C:\WINDOWS\system32\drivers
18:12:19.703    Service scanning
18:13:02.328    Modules scanning
18:13:19.687    Disk 0 trace - called modules:
18:13:19.734    TUKERNEL.EXE CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys 
18:13:19.734    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f537a8]
18:13:19.750    3 CLASSPNP.SYS[b84e8fd7] -> nt!IofCallDriver -> \Device\0000006e[0x86f402f8]
18:13:19.750    5 ACPI.sys[b845f620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86fcf028]
18:13:24.390    AVAST engine scan C:\WINDOWS
18:13:34.906    AVAST engine scan C:\WINDOWS\system32
18:17:38.765    AVAST engine scan C:\WINDOWS\system32\drivers
18:17:59.531    AVAST engine scan C:\Documents and Settings\Test
18:21:24.312    AVAST engine scan C:\Documents and Settings\All Users
18:24:08.812    Scan finished successfully
18:26:06.281    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Test\Desktop\MBR.dat"
18:26:06.296    The log file has been saved successfully to "C:\Documents and Settings\Test\Desktop\aswMBR.txt"
 
 
I'm now going to uninstall AVG and run Combofix.


#3 ElijahT

ElijahT
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indonesia
  • Local time:12:47 AM

Posted 11 August 2014 - 08:02 AM

I attempted to uninstall AVG 2014 via Start -> Control Panel -> Add or Remove Programs. It failed and gave the following error:
 
The Windows Installer Service could not be accessed.
This can occur if you are running Windows in safe
mode, or if the Windows Installer is not correctly
installed. Contact your support personnel for assistance.

 

 

So I fixed the Windows Installer by following the instructions on Microsoft's website here: http://support.microsoft.com/kb/315353

 

I then proceeded to uninstall AVG 2014 with the Add or Remove Programs utility: it worked. I also had it uninstall AVG PC Tune-up, and although it seems it succeeded, there were two errors as follows:

 

 

A module could not be unregistered.
 
Module: DseShExt-x86
Action: 0
Error: 00000002 (2)
The system cannot find the file specified
 
A module could not be unregistered.
 
Module: SdShelEx-win32
Action: 0
Error: 00000002 (2)
The system cannot find the file specified

 

 

Since I was already in the Add or Remove Programs utility, I went ahead and tried to uninstall two more programs: Skype Toolbars, and YouTube Downloader Toolbar v4.7. Skype Toolbars uninstalled without a problem. Removal of the YouTube Downloader Toolbar v4.7 failed though, and it gave these two messages in two different windows:
 
Error 1316.A network error occurred while attemption to read from the file C:\WINDOWS\Installer\youtubedownloaderToolbar.msi
 
Add or Remove Programs
Fatal error during installation.

 

 

Only option I had on both windows was "OK", so I clicked it. I don't know why that YouTube Toolbar wouldn't uninstall.

 

I restarted the computer (as AVG requested), then downloaded ComboFix and ran it.

 

ComboFix Log:

 
ComboFix 14-08-06.02 - Test 08/11/2014  19:29:22.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1012.652 [GMT 8:00]
Running from: c:\documents and settings\Test\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\RegulaarDeals
c:\documents and settings\All Users\Application Data\RegulaarDeals\7ugJ3YJ.dat
c:\documents and settings\All Users\Application Data\RegulaarDeals\7ugJ3YJ.tlb
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Test\AppData\LocalLow\{FB46DA82-2FF7-3811-CD49-DA63E9761DDB}
c:\documents and settings\Test\AppData\LocalLow\{FB46DA82-2FF7-3811-CD49-DA63E9761DDB}\RegulaarDeals.2.9.dat
c:\documents and settings\Test\Application Data\Mozilla\Firefox\Profiles\1dnn5n7k.default\extensions\staged
c:\documents and settings\Test\Application Data\Mozilla\Firefox\Profiles\1dnn5n7k.default\extensions\staged\iiaao.eo@uajfvzt-.com\bootstrap.js
c:\documents and settings\Test\Application Data\Mozilla\Firefox\Profiles\1dnn5n7k.default\extensions\staged\iiaao.eo@uajfvzt-.com\chrome.manifest
c:\documents and settings\Test\Application Data\Mozilla\Firefox\Profiles\1dnn5n7k.default\extensions\staged\iiaao.eo@uajfvzt-.com\install.rdf
c:\documents and settings\Test\Application Data\Mozilla\Firefox\Profiles\1dnn5n7k.default\extensions\staged\jkdp6ecls@pciuoi-.co.uk\bootstrap.js
c:\documents and settings\Test\Application Data\Mozilla\Firefox\Profiles\1dnn5n7k.default\extensions\staged\jkdp6ecls@pciuoi-.co.uk\chrome.manifest
c:\documents and settings\Test\Application Data\Mozilla\Firefox\Profiles\1dnn5n7k.default\extensions\staged\jkdp6ecls@pciuoi-.co.uk\install.rdf
c:\documents and settings\Test\Application Data\Mozilla\Firefox\Profiles\1dnn5n7k.default\extensions\staged\s.h8thh@vpzbyi-eo.org\bootstrap.js
c:\documents and settings\Test\Application Data\Mozilla\Firefox\Profiles\1dnn5n7k.default\extensions\staged\s.h8thh@vpzbyi-eo.org\chrome.manifest
c:\documents and settings\Test\Application Data\Mozilla\Firefox\Profiles\1dnn5n7k.default\extensions\staged\s.h8thh@vpzbyi-eo.org\install.rdf
D:\install.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_PROTECTMONITOR
-------\Service_ProtectMonitor
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-11 to 2014-08-11  )))))))))))))))))))))))))))))))
.
.
2014-08-01 03:28 . 2008-09-19 16:37 121856 ----a-w- c:\windows\system32\schtasks.exe
2014-08-01 03:27 . 2014-08-01 03:28 -------- d-----w- c:\program files\CleanMem
2014-08-01 03:27 . 2014-08-01 03:27 -------- d-----w- c:\windows\CleanMem
2014-07-31 12:25 . 2014-07-31 12:25 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AVG
2014-07-31 12:25 . 2014-07-31 12:25 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVG
2014-07-31 11:07 . 2014-07-31 11:07 -------- d-----w- c:\documents and settings\Test\Application Data\AVG Web TuneUp
2014-07-31 11:07 . 2014-08-01 01:33 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2014-07-31 08:30 . 2014-07-31 08:30 -------- d-----w- C:\RegBackup
2014-07-31 08:01 . 2008-04-13 21:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2014-07-31 08:01 . 2001-08-17 14:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2014-07-31 08:01 . 2008-04-13 21:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2014-07-31 08:01 . 2001-08-17 14:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2014-07-31 08:01 . 2001-08-17 14:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2014-07-31 08:00 . 2001-08-17 14:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2014-07-31 08:00 . 2001-08-17 04:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2014-07-31 08:00 . 2008-04-13 14:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2014-07-31 08:00 . 2008-04-13 14:04 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2014-07-31 08:00 . 2008-04-13 21:42 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2014-07-31 07:59 . 2008-04-13 14:05 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2014-07-31 07:59 . 2001-08-17 04:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2014-07-31 07:59 . 2001-08-17 05:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2014-07-31 07:57 . 2001-08-17 04:13 16925 -c--a-w- c:\windows\system32\dllcache\w940nd.sys
2014-07-31 07:57 . 2001-08-17 04:13 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys
2014-07-31 07:57 . 2001-08-17 04:13 19528 -c--a-w- c:\windows\system32\dllcache\w840nd.sys
2014-07-31 07:57 . 2001-08-17 05:28 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
2014-07-31 07:57 . 2001-08-17 05:28 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
2014-07-31 07:57 . 2001-08-17 05:28 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2014-07-31 07:57 . 2001-08-17 04:14 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
2014-07-31 07:57 . 2001-08-17 05:49 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2014-07-31 07:56 . 2008-04-14 12:00 11325 -c--a-w- c:\windows\system32\dllcache\vchnt5.dll
2014-07-31 07:56 . 2001-08-17 05:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2014-07-31 07:56 . 2001-08-17 05:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2014-07-31 07:56 . 2001-08-17 05:28 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2014-07-31 07:56 . 2001-08-17 05:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2014-07-31 07:56 . 2001-08-17 05:28 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
2014-07-31 07:56 . 2001-08-17 05:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2014-07-31 07:56 . 2001-08-17 05:28 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys
2014-07-31 07:55 . 2001-08-17 05:28 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys
2014-07-31 07:55 . 2008-04-13 16:15 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2014-07-31 07:55 . 2008-04-14 12:00 17152 -c--a-w- c:\windows\system32\dllcache\usbohci.sys
2014-07-31 07:55 . 2008-04-13 14:05 32384 -c--a-w- c:\windows\system32\dllcache\usb101et.sys
2014-07-31 07:55 . 2001-08-17 14:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2014-07-31 07:55 . 2001-08-17 14:36 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll
2014-07-31 07:55 . 2001-08-17 14:36 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll
2014-07-31 07:55 . 2001-08-17 14:36 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
2014-07-31 07:55 . 2001-08-17 14:36 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll
2014-07-31 07:54 . 2001-08-17 05:58 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys
2014-07-31 07:54 . 2001-08-17 14:36 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
2014-07-31 07:54 . 2001-08-17 14:36 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2014-07-31 07:54 . 2001-08-17 14:36 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2014-07-31 07:54 . 2001-08-17 14:36 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2014-07-31 07:54 . 2008-04-13 16:06 44672 -c--a-w- c:\windows\system32\dllcache\uagp35.sys
2014-07-31 07:54 . 2001-08-17 05:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2014-07-31 07:54 . 2001-08-17 04:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2014-07-31 07:53 . 2001-08-17 14:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2014-07-31 07:53 . 2001-08-17 04:51 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
2014-07-31 07:53 . 2001-08-17 06:56 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
2014-07-31 07:53 . 2001-08-17 04:51 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2014-07-31 07:53 . 2001-08-17 06:56 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2014-07-31 07:53 . 2001-08-17 04:12 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2014-07-31 07:53 . 2001-08-17 14:35 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll
2014-07-31 07:53 . 2008-04-13 21:42 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe
2014-07-31 07:53 . 2001-08-17 14:36 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll
2014-07-31 07:53 . 2001-08-17 06:02 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys
2014-07-31 07:52 . 2001-08-17 06:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
2014-07-31 07:52 . 2001-08-17 04:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2014-07-31 07:52 . 2001-08-17 04:14 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
2014-07-31 07:52 . 2001-08-17 04:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2014-07-31 07:52 . 2001-08-17 06:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2014-07-31 07:52 . 2008-04-14 12:00 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2014-07-31 07:52 . 2001-08-17 04:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2014-07-31 07:52 . 2001-08-17 04:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2014-07-31 07:51 . 2001-08-17 05:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2014-07-31 07:51 . 2001-08-17 05:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2014-07-31 07:51 . 2001-08-17 04:50 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2014-07-31 07:51 . 2001-08-17 06:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2014-07-31 07:51 . 2001-08-17 14:36 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
2014-07-31 07:51 . 2001-08-17 05:50 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys
2014-07-31 07:51 . 2001-08-17 06:02 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys
2014-07-31 07:50 . 2001-08-17 14:36 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll
2014-07-31 07:50 . 2001-08-17 14:36 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll
2014-07-31 07:50 . 2001-08-17 14:36 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll
2014-07-31 07:50 . 2001-08-17 14:36 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll
2014-07-31 07:50 . 2001-08-17 14:36 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll
2014-07-31 07:50 . 2001-08-17 14:36 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll
2014-07-31 07:50 . 2001-08-17 04:18 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys
2014-07-31 07:50 . 2001-08-17 05:51 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2014-07-31 07:50 . 2001-08-17 04:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2014-07-31 07:49 . 2001-08-17 14:36 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2014-07-31 07:49 . 2001-08-17 14:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2014-07-31 07:49 . 2001-08-17 05:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2014-07-31 07:49 . 2001-08-17 14:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2014-07-31 07:49 . 2001-08-17 05:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2014-07-31 07:49 . 2001-08-17 04:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2014-07-31 07:49 . 2001-08-17 14:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2014-07-31 07:48 . 2001-08-17 04:51 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2014-07-31 07:48 . 2001-08-17 05:53 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2014-07-31 07:48 . 2008-04-13 16:10 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2014-07-31 07:48 . 2001-08-17 05:53 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2014-07-31 07:48 . 2001-08-17 04:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2014-07-31 07:48 . 2001-08-17 06:56 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll
2014-07-31 07:48 . 2001-08-17 04:12 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys
2014-07-31 07:48 . 2001-08-17 04:10 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys
2014-07-31 07:46 . 2001-08-17 04:12 94698 -c--a-w- c:\windows\system32\dllcache\sk98xwin.sys
2014-07-31 07:46 . 2001-08-17 06:56 157696 -c--a-w- c:\windows\system32\dllcache\sisv256.dll
2014-07-31 07:46 . 2001-08-17 04:50 50432 -c--a-w- c:\windows\system32\dllcache\sisv.sys
2014-07-31 07:46 . 2008-04-13 14:05 32768 -c--a-w- c:\windows\system32\dllcache\sisnic.sys
2014-07-31 07:46 . 2001-08-17 14:36 238592 -c--a-w- c:\windows\system32\dllcache\sisgrv.dll
2014-07-31 07:46 . 2001-08-17 04:50 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys
2014-07-31 07:46 . 2001-08-17 06:56 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2014-07-31 07:46 . 2001-08-17 04:50 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2014-07-31 07:46 . 2001-08-17 06:56 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2014-07-31 07:46 . 2001-08-17 04:50 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2014-07-31 07:46 . 2008-04-14 12:00 3901 -c--a-w- c:\windows\system32\dllcache\siint5.dll
2014-07-31 07:45 . 2001-07-21 06:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2014-07-31 07:45 . 2001-07-21 06:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2014-07-31 07:45 . 2001-08-17 04:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2014-07-31 07:45 . 2001-08-17 14:36 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2014-07-31 07:45 . 2001-08-17 04:19 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2014-07-31 07:45 . 2001-08-17 05:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2014-07-31 07:45 . 2001-08-17 05:48 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2014-07-31 07:44 . 2001-08-17 05:53 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2014-07-31 07:44 . 2008-04-13 16:15 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2014-07-31 07:44 . 2001-08-17 05:52 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2014-07-31 07:44 . 2001-08-17 05:51 17280 -c--a-w- c:\windows\system32\dllcache\scr111.sys
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-24 09:31 . 2013-06-24 09:31 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mRouterConfig"="c:\program files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [2006-03-02 290816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SM?RT-Protection"="c:\program files\Smadav\SM?RTP.exe" [?]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-09-12 182808]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-20 817672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2009-01-13 18084864]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-07-17 53248]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2008-11-04 196608]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-27 1434920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"Malwarebytes Anti-Exploit"="c:\program files\Malwarebytes Anti-Exploit\mbae.exe" [2014-06-04 382608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-10 256896]
"CleanMem Mini Monitor"="c:\program files\CleanMem\Mini_Monitor.exe" [2012-09-20 1417216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\AVG\AWL2014\WinStyler\tu_logonui.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PC Suite for Smartphones"="c:\program files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Acer\\Acer VCM\\VC.exe"=
"c:\\Program Files\\SPSSInc\\SPSS16\\spss.com"=
"c:\\Program Files\\SPSSInc\\SPSS16\\spss.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\gnucash\\bin\\gnucash-bin.exe"=
"c:\\Program Files\\gnucash\\bin\\gconfd-2.exe"=
"c:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Documents and Settings\\All Users\\Application Data\\uTorrent\\uTorrent.exe"=
.
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files\Malwarebytes Anti-Exploit\mbae.sys [7/31/2014 5:52 AM 44760]
R2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files\Malwarebytes Anti-Exploit\mbae-svc.exe [7/31/2014 5:52 AM 360592]
R2 MyEpson Portal Service;MyEpson Portal Service;c:\program files\epson\MyEpson Portal\mepService.exe [10/1/2012 2:53 PM 696320]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [10/24/2009 3:18 AM 360224]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [7/24/2009 5:26 PM 237568]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2/15/2011 11:25 AM 27632]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [7/31/2014 5:54 AM 1809720]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [7/31/2014 5:54 AM 860472]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [7/24/2009 4:39 PM 112480]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/31/2014 5:54 AM 23256]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-11 c:\windows\Tasks\Clean System Memory.job
- c:\windows\system32\CleanMem.exe [2009-04-01 22:27]
.
2014-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 02:29]
.
2014-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 02:29]
.
2014-08-11 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-04-24 01:59]
.
2014-08-11 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-04-24 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao531h&r=0xph03103106l0353wuj5w77n6528s
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao531h&r=0xph03103106l0353wuj5w77n6528s
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
FF - ProfilePath - c:\documents and settings\Test\Application Data\Mozilla\Firefox\Profiles\1dnn5n7k.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://id.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-08-11 20:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2432)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\EPSON\MyEpson Portal\mep.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxext.exe
c:\program files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe
c:\docume~1\Test\LOCALS~1\Temp\RtkBtMnt.exe
c:\progra~1\Intuwave\Shared\MROUTE~1\MRB39E~1.EXE
.
**************************************************************************
.
Completion time: 2014-08-11  20:44:50 - machine was rebooted
ComboFix-quarantined-files.txt  2014-08-11 12:44
.
Pre-Run: 13,552,238,592 bytes free
Post-Run: 14,048,718,848 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /TUTag=M6ZWQ0 /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition (AVG Backup)" /noexecute=optin /fastdetect /TUTag=M6ZWQ0-BAK
.
- - End Of File - - BD7098D540E056A8CB6175E9A446EE5A
5C616939100B85E558DA92B899A0FC36


#4 ElijahT

ElijahT
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indonesia
  • Local time:12:47 AM

Posted 11 August 2014 - 09:56 PM

I ran Malwarebytes with a full (custom) scan. I also downloaded Farbar Service Scanner.

 

Here is the Malwarebytes log:

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/11/2014
Scan Time: 9:08:34 PM
Logfile: mbam-log-2014-08-11 (21-08-03.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.11.03
Rootkit Database: v2014.08.04.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Test
 
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 493541
Time Elapsed: 11 hr, 44 min, 0 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Farbar Service Scanner log:
 
Farbar Service Scanner Version: 21-07-2014
Ran by Test (administrator) on 12-08-2014 at 10:53:38
Running from "C:\Documents and Settings\Test\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Other Services:
==============
 
 
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
C:\WINDOWS\system32\netman.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\srsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
C:\WINDOWS\system32\qmgr.dll => File is digitally signed
C:\WINDOWS\system32\es.dll => File is digitally signed
C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
 
Extra List:
=======
fssfltr(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3) 
0x0A00000004000000010000000200000003000000080000000A00000005000000060000000700000009000000
IpSec Tag value is correct.
 
**** End of log ****


#5 ElijahT

ElijahT
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indonesia
  • Local time:12:47 AM

Posted 12 August 2014 - 12:29 AM

I ran ESET Online Scanner. It found the potential threats below. I know what the last 6 applications are. I've deleted both acv-free installers (I don't use that program anymore anyway), but I do still want to keep Unlocker and the Cheat Engine 6. However, I do NOT know what the first two applications are; should I delete them?
 
C:\Documents and Settings\User\Local Settings\Temp\is1832903999\362285_Setup.EXE Win32/Toolbar.Conduit potentially unwanted application
C:\Documents and Settings\User\Local Settings\Temp\is1832903999\536369500_Setup.EXE Win32/Toolbar.Conduit potentially unwanted application
C:\Program Files\Cheat Engine 6\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application
C:\Program Files\Cheat Engine 6\dbk32.sys probably a variant of Win32/HackTool.CheatEngine.AA potentially unsafe application
D:\Utills\avc-free.exe Win32/OpenCandy potentially unsafe application
D:\Utills\CheatEngine62.exe Win32/OpenCandy potentially unsafe application
D:\Utills\Unlocker1.9.2.exe Win32/DownWare.L potentially unwanted application
D:\Utills\avc-newer-version\avc-free.exe Win32/OpenCandy potentially unsafe application


#6 ElijahT

ElijahT
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indonesia
  • Local time:12:47 AM

Posted 12 August 2014 - 08:56 PM


I ran AdwCleaner. I deselected one entry (CheatEngine). The others I clicked "Clean" for (there was no delete button, so I thought clean was probably the correct choice). I also ran Security Check.

 

AdwCleaner log:

 

 

# AdwCleaner v3.304 - Report created 12/08/2014 at 20:32:21
# Updated 08/08/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Test - ACER-E210EBD032
# Running from : C:\Documents and Settings\Test\Desktop\adwcleaner_3.304.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\DataMngr
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Program Files\PCDApp
Folder Deleted : C:\Program Files\supporter
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Chromatic Browser
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\torch
Folder Deleted : C:\Documents and Settings\Guest\Local Settings\Application Data\Chromatic Browser
Folder Deleted : C:\Documents and Settings\Guest\Local Settings\Application Data\torch
Folder Deleted : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Chromatic Browser
Folder Deleted : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\torch
Folder Deleted : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser
Folder Deleted : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\torch
Folder Deleted : C:\Documents and Settings\Test\Local Settings\Application Data\Chromatic Browser
Folder Deleted : C:\Documents and Settings\Test\Local Settings\Application Data\torch
Folder Deleted : C:\Documents and Settings\User\Application Data\Search Settings
File Deleted : C:\END
File Deleted : C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\1dnn5n7k.default\user.js
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKCU\Software\Conduit
[x] Not Deleted : HKLM\Software\Cheat Engine\OpenCandy
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v3.6.3 (en-US)
 
[ File : C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\1dnn5n7k.default\prefs.js ]
 
 
[ File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qv4d3k9f.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Documents and Settings\Test\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Deleted [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc
 
[ File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=129&systemid=414&v=n13001-402&apn_uid=0200130852704877&apn_dtid=BND414&o=APN10649&apn_ptnrs=AGA&q={searchTerms}
Deleted [Search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=129&systemid=414&v=n13001-402&apn_uid=0200130852704877&apn_dtid=BND414&o=APN10649&apn_ptnrs=AGA&q={searchTerms}
Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
 
*************************
 
AdwCleaner[R0].txt - [4986 octets] - [12/08/2014 19:31:42]
AdwCleaner[S0].txt - [4918 octets] - [12/08/2014 20:32:21]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4978 octets] ##########
 
 
SecurityCheck log:
 

 Results of screen317's Security Check version 0.99.86  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 65  
 Adobe Flash Player 10 Flash Player out of Date! 
  Adobe Flash Player  11.7.700.169 Flash Player out of Date!  
 Adobe Reader 9  
 Adobe Reader XI  
 Mozilla Firefox (3.6.3) Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Exploit mbae-svc.exe   
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Malwarebytes Anti-Exploit mbae.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 

 



#7 ElijahT

ElijahT
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indonesia
  • Local time:12:47 AM

Posted 13 August 2014 - 12:54 AM

I installed the up-to-date versions of Adobe Flash Player and Mozilla Firefox, and removed all old versions via the Add or Remove Programs utility. I then renamed combofix.exe to uninstall.exe and ran it to remove Combofix (rather interesting method for uninstalling a program, by the way). Afterward I downloaded and ran delfix.

 

delfix log:

 

 

# DelFix v10.8 - Logfile created 13/08/2014 at 13:47:36
# Updated 29/07/2014 by Xplode
# Username : Test - ACER-E210EBD032
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\TDSSKiller_Quarantine
Deleted : C:\AdwCleaner
Deleted : C:\Documents and Settings\Test\Desktop\mbar
Deleted : C:\ComboFix.txt
Deleted : C:\TDSSKiller.3.0.0.40_31.07.2014_05.45.21_log.txt
Deleted : C:\Documents and Settings\Test\Desktop\adwcleaner_3.304.exe
Deleted : C:\Documents and Settings\Test\Desktop\aswmbr.exe
Deleted : C:\Documents and Settings\Test\Desktop\aswMBR.txt
Deleted : C:\Documents and Settings\Test\Desktop\dds.com
Deleted : C:\Documents and Settings\Test\Desktop\dds.txt
Deleted : C:\Documents and Settings\Test\Desktop\esetsmartinstaller_enu.exe
Deleted : C:\Documents and Settings\Test\Desktop\FSS.exe
Deleted : C:\Documents and Settings\Test\Desktop\FSS.txt
Deleted : C:\Documents and Settings\Test\Desktop\log.txt
Deleted : C:\Documents and Settings\Test\Desktop\MBR.dat
Deleted : C:\Documents and Settings\Test\Desktop\SecurityCheck.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########


#8 ElijahT

ElijahT
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indonesia
  • Local time:12:47 AM

Posted 14 August 2014 - 07:38 PM

-Windows XP automatic updates activated.

-Downloaded, installed, and configured Avast (already have Malwarebytes installed).

-Downloaded FileHippo Update Checker (and updated Skype ^_^).

-Downloaded DriveImage XML (will learn to use it and backup my stuff soon).

 

I think that covers everything I read in that other topic.

 

Thank you all for the awesome help you give in this forum (I'll surely be visiting often for computer advice)! I wasn't sure those steps would take care of everything in my situation as it seemed to be a little different than the other guy's, but it seems to have worked out just fine. If there is anything else I should do, please let me know. Otherwise, I just hope that this might help someone else who as the same problem I had. 

 

Thank you for your time!

 

Sincerely,

ElijahT



#9 ElijahT

ElijahT
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indonesia
  • Local time:12:47 AM

Posted 14 August 2014 - 07:56 PM

Oh, I almost forgot, I do have two important (yet rather newbie) questions: I did this all on the administrator account, Did all of this also clean my user accounts? Or must each account be cleaned individually?  :unsure:


Edited by ElijahT, 14 August 2014 - 07:56 PM.


#10 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:47 PM

Posted 16 August 2014 - 04:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/544015 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#11 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:47 PM

Posted 19 August 2014 - 05:29 AM

You have stated that you no longer need help with this issue, therefore I am closing this topic. If that is not the case and you need or wish to continue with this topic, please send any Moderator a Personal Message (PM) that you would like this topic re-opened.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users