Jump to content

Google redirct virus


Recommended Posts

Infected with redirect, common results from Avira are TR/sirefef.BV.2 in multiple files. Malware quickscan results 0

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Jim at 8:07:14 on 2012-04-03

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.516 [GMT -4:00]

.

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\Microsoft Office\Office\OSA.EXE

C:\WINDOWS\system32\devldr32.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

.

============== Pseudo HJT Report ===============

.

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.com/finance#

mDefault_Page_URL = hxxp://www.yahoo.com

mStart Page = hxxp://www.yahoo.com

uInternet Settings,ProxyOverride = *.local;<local>

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [WorksFUD] c:\program files\microsoft works\wkfud.exe

mRun: [Microsoft Works Portfolio] c:\program files\microsoft works\WksSb.exe /AllUsers

mRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\FINDFAST.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~3.lnk - c:\program files\microsoft office\office\OSA9.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\common files\microsoft shared\works shared\wkcalrem.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

LSP: mswsock.dll

Trusted Zone: intuit.com\ttlc

DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/hsi/vzTCPConfig.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{1F37DF49-DAEF-485E-8177-019B7073E748} : DhcpNameServer = 192.168.1.1

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-12-8 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-8 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-8 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-8 66616]

R2 HPFECP15;HPFECP15;c:\windows\system32\drivers\HPFecp15.sys [1999-2-16 52800]

S0 cerc6;cerc6; [x]

S1 lbhogssh;lbhogssh;\??\c:\windows\system32\drivers\lbhogssh.sys --> c:\windows\system32\drivers\lbhogssh.sys [?]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-2 40776]

.

=============== Created Last 30 ================

.

2012-04-02 21:36:37 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-03-29 21:42:35 -------- d-----w- C:\931fa0e1b60e8a898b01c790

2012-03-28 13:10:05 -------- d-----w- c:\windows\system32\MpEngineStore

2012-03-26 21:32:43 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

2012-03-25 11:10:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2012-03-25 11:10:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2012-03-25 11:10:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2012-03-25 11:10:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2012-03-25 11:10:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2012-03-25 11:10:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2012-03-25 11:10:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2012-03-25 11:00:34 -------- d-----w- c:\program files\iPod

2012-03-25 11:00:21 -------- d-----w- c:\program files\iTunes

.

==================== Find3M ====================

.

2012-02-21 21:54:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll

2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

============= FINISH: 8:08:18.35 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 12/6/2010 10:06:40 AM

System Uptime: 4/3/2012 8:02:39 AM (0 hours ago)

.

Motherboard: Dell Computer Corporation | | Dimension 8200

Processor: Intel® Pentium® 4 CPU 2.26GHz | Microprocessor | 2254/133mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 74 GiB total, 54.869 GiB free.

D: is CDROM ()

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Parallel Device

Device ID: ROOT\LEGACY_HPFECP15\0000

Manufacturer:

Name: Parallel Device

PNP Device ID: ROOT\LEGACY_HPFECP15\0000

Service: HPFECP15

.

==== System Restore Points ===================

.

RP413: 1/4/2012 5:05:36 PM - System Checkpoint

RP414: 1/5/2012 5:27:52 PM - System Checkpoint

RP415: 1/6/2012 6:05:36 PM - System Checkpoint

RP416: 1/6/2012 9:09:37 PM - Installed iTunes

RP417: 1/7/2012 10:02:42 PM - System Checkpoint

RP418: 1/8/2012 10:37:08 PM - System Checkpoint

RP419: 1/9/2012 10:37:57 PM - System Checkpoint

RP420: 1/10/2012 11:32:06 PM - System Checkpoint

RP421: 1/11/2012 3:00:15 AM - Software Distribution Service 3.0

RP422: 1/12/2012 3:28:58 AM - System Checkpoint

RP423: 1/13/2012 3:32:28 AM - System Checkpoint

RP424: 1/14/2012 4:32:28 AM - System Checkpoint

RP425: 1/19/2012 7:42:24 AM - System Checkpoint

RP426: 1/20/2012 8:13:55 AM - System Checkpoint

RP427: 1/21/2012 9:13:55 AM - System Checkpoint

RP428: 1/22/2012 9:38:16 AM - System Checkpoint

RP429: 1/23/2012 10:02:33 AM - System Checkpoint

RP430: 1/24/2012 11:02:36 AM - System Checkpoint

RP431: 1/25/2012 12:02:34 PM - System Checkpoint

RP432: 1/26/2012 3:00:15 AM - Software Distribution Service 3.0

RP433: 1/27/2012 3:19:56 AM - System Checkpoint

RP434: 1/28/2012 4:18:55 AM - System Checkpoint

RP435: 1/29/2012 5:18:59 AM - System Checkpoint

RP436: 1/30/2012 6:18:56 AM - System Checkpoint

RP437: 1/31/2012 7:34:02 AM - System Checkpoint

RP438: 2/1/2012 8:17:55 AM - System Checkpoint

RP439: 2/2/2012 9:13:16 AM - System Checkpoint

RP440: 2/13/2012 2:31:52 PM - System Checkpoint

RP441: 2/14/2012 3:16:41 PM - System Checkpoint

RP442: 2/15/2012 4:16:41 PM - System Checkpoint

RP443: 2/16/2012 3:00:15 AM - Software Distribution Service 3.0

RP444: 2/17/2012 3:27:28 AM - System Checkpoint

RP445: 2/18/2012 4:27:26 AM - System Checkpoint

RP446: 2/19/2012 5:27:26 AM - System Checkpoint

RP447: 2/20/2012 5:40:40 AM - System Checkpoint

RP448: 2/21/2012 6:40:26 AM - System Checkpoint

RP449: 2/22/2012 7:15:11 AM - System Checkpoint

RP450: 2/23/2012 7:19:44 AM - System Checkpoint

RP451: 2/24/2012 8:17:58 AM - System Checkpoint

RP452: 2/25/2012 9:09:19 AM - System Checkpoint

RP453: 2/26/2012 9:44:48 AM - System Checkpoint

RP454: 2/27/2012 10:35:57 AM - System Checkpoint

RP455: 2/28/2012 11:15:03 AM - System Checkpoint

RP456: 2/29/2012 12:15:03 PM - System Checkpoint

RP457: 3/1/2012 1:15:04 PM - System Checkpoint

RP458: 3/2/2012 2:15:04 PM - System Checkpoint

RP459: 3/3/2012 2:55:37 PM - System Checkpoint

RP460: 3/4/2012 3:15:04 PM - System Checkpoint

RP461: 3/5/2012 4:15:04 PM - System Checkpoint

RP462: 3/6/2012 5:13:57 PM - System Checkpoint

RP463: 3/7/2012 5:49:34 PM - System Checkpoint

RP464: 3/8/2012 6:13:58 PM - System Checkpoint

RP465: 3/9/2012 7:15:03 PM - System Checkpoint

RP466: 3/10/2012 8:13:59 PM - System Checkpoint

RP467: 3/11/2012 10:13:58 PM - System Checkpoint

RP468: 3/12/2012 11:13:21 PM - System Checkpoint

RP469: 3/14/2012 12:12:53 AM - System Checkpoint

RP470: 3/14/2012 3:00:16 AM - Software Distribution Service 3.0

RP471: 3/15/2012 3:23:43 AM - System Checkpoint

RP472: 3/19/2012 5:54:54 PM - System Checkpoint

RP473: 3/20/2012 8:03:04 PM - System Checkpoint

RP474: 3/21/2012 8:55:06 PM - System Checkpoint

RP475: 3/22/2012 9:55:09 PM - System Checkpoint

RP476: 3/23/2012 10:54:06 PM - System Checkpoint

RP477: 3/24/2012 11:54:04 PM - System Checkpoint

RP478: 3/26/2012 12:54:04 AM - System Checkpoint

RP479: 3/27/2012 1:42:58 AM - System Checkpoint

RP480: 3/27/2012 8:30:14 PM - Removed Safari

RP481: 3/28/2012 9:19:50 PM - System Checkpoint

RP482: 3/29/2012 9:49:46 PM - System Checkpoint

RP483: 3/30/2012 10:10:48 PM - System Checkpoint

RP484: 3/31/2012 11:10:44 PM - System Checkpoint

RP485: 4/1/2012 11:12:22 PM - System Checkpoint

RP486: 4/3/2012 12:12:21 AM - System Checkpoint

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.2)

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Avery Template - U_0332_01_L

Avira AntiVir Personal - Free Antivirus

Bonjour

Coupon Printer for Windows

Dell ResourceCD

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

HP DeskJet 895C Series (Remove only)

iTunes

Java Auto Updater

Java 6 Update 26

Malwarebytes Anti-Malware version 1.60.1.1000

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office 97, Professional Edition

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Word 2000 SR-1

Microsoft Works 2001 Setup Launcher

Microsoft Works 6.0

Microsoft Works Suite Add-in for Microsoft Word

MobileMe Control Panel

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser (KB973685)

Quicken 2010

QuickTime

Redist

Rhapsody

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

TurboTax 2010

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wnjiper

TurboTax 2010 wrapper

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB898461)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Verizon Media Manager

WebFldrs XP

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Works Suite OS Pack

Works Synchronization

.

==== Event Viewer Messages From Past Week ========

.

4/3/2012 8:04:43 AM, error: Service Control Manager [7023] - The Zebrmdfl service terminated with the following error: The specified module could not be found.

4/3/2012 8:04:43 AM, error: Service Control Manager [7023] - The Vaiomediaplatform-integratedserver-http service terminated with the following error: The specified module could not be found.

4/3/2012 8:04:43 AM, error: Service Control Manager [7023] - The Radclock service terminated with the following error: The specified module could not be found.

4/3/2012 8:04:43 AM, error: Service Control Manager [7023] - The Ozoneinstallerservice service terminated with the following error: The specified module could not be found.

4/3/2012 8:04:43 AM, error: Service Control Manager [7023] - The MaRdPnp service terminated with the following error: The specified module could not be found.

4/3/2012 8:04:43 AM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

4/2/2012 7:41:20 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options)

Post back the report.

MrC

Link to post
Share on other sites

RogueKiller V7.3.2 [03/20/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: Jim [Admin rights]

Mode: Scan -- Date: 04/06/2012 18:09:42

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤

[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[FOLDER] plugs : c:\documents and settings\jim\application data\adobe\plugs --> FOUND

¤¤¤ Driver: [LOADED] ¤¤¤

SSDT[53] : NtCreateThread @ 0x80578803 -> HOOKED (Unknown @ 0xF7EB267C)

SSDT[98] : NtLoadKey @ 0x805AF5C3 -> HOOKED (Unknown @ 0xF7EB269A)

SSDT[193] : NtReplaceKey @ 0x8064FE82 -> HOOKED (Unknown @ 0xF7EB26A4)

SSDT[213] : NtSetContextThread @ 0x8062E33F -> HOOKED (Unknown @ 0xF7EB26DB)

S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0xF7EB26E0)

S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0xF7EB26E5)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST380021A +++++

--- User ---

[MBR] 7f0dbc5d63831c61de6fb18b839e8f33

[bSP] f49cae14d8b91b005dff84b1f6d8852f : Windows XP MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 31 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 64260 | Size: 76277 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Please make sure system restore is running and create a new restore point before continuing.

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

Link to post
Share on other sites

09:53:49.0937 4036 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02

09:53:50.0218 4036 ============================================================

09:53:50.0218 4036 Current date / time: 2012/04/08 09:53:50.0218

09:53:50.0218 4036 SystemInfo:

09:53:50.0218 4036

09:53:50.0218 4036 OS Version: 5.1.2600 ServicePack: 3.0

09:53:50.0218 4036 Product type: Workstation

09:53:50.0218 4036 ComputerName: JIMNANCY

09:53:50.0218 4036 UserName: Jim

09:53:50.0218 4036 Windows directory: C:\WINDOWS

09:53:50.0218 4036 System windows directory: C:\WINDOWS

09:53:50.0218 4036 Processor architecture: Intel x86

09:53:50.0218 4036 Number of processors: 1

09:53:50.0218 4036 Page size: 0x1000

09:53:50.0218 4036 Boot type: Normal boot

09:53:50.0218 4036 ============================================================

09:53:52.0468 4036 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

09:53:52.0468 4036 \Device\Harddisk0\DR0:

09:53:52.0468 4036 MBR used

09:53:52.0468 4036 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x94FAAFC

09:53:52.0625 4036 Initialize success

09:53:52.0625 4036 ============================================================

09:54:36.0718 1420 ============================================================

09:54:36.0718 1420 Scan started

09:54:36.0718 1420 Mode: Manual; SigCheck; TDLFS;

09:54:36.0718 1420 ============================================================

09:54:37.0000 1420 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys

09:54:37.0312 1420 Aavmker4 - ok

09:54:37.0421 1420 Abiosdsk - ok

09:54:37.0453 1420 abp480n5 - ok

09:54:37.0531 1420 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

09:54:38.0406 1420 ACPI - ok

09:54:38.0562 1420 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

09:54:38.0750 1420 ACPIEC - ok

09:54:38.0875 1420 adpu160m - ok

09:54:38.0937 1420 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

09:54:39.0140 1420 aec - ok

09:54:39.0281 1420 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

09:54:39.0328 1420 AFD - ok

09:54:39.0484 1420 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

09:54:39.0687 1420 agp440 - ok

09:54:39.0765 1420 Aha154x - ok

09:54:39.0812 1420 aic78u2 - ok

09:54:39.0843 1420 aic78xx - ok

09:54:39.0906 1420 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

09:54:40.0125 1420 Alerter - ok

09:54:40.0250 1420 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

09:54:40.0343 1420 ALG - ok

09:54:40.0453 1420 AliIde - ok

09:54:40.0500 1420 amsint - ok

09:54:40.0625 1420 AntiVirSchedulerService (b4837fe56d76b2e9ea90e5365cf6a2be) C:\Program Files\Avira\AntiVir Desktop\sched.exe

09:54:40.0656 1420 AntiVirSchedulerService - ok

09:54:40.0687 1420 AntiVirService (df5a3016052755c910a206058b4a1729) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

09:54:40.0734 1420 AntiVirService - ok

09:54:40.0828 1420 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

09:54:40.0859 1420 Apple Mobile Device - ok

09:54:40.0953 1420 AppMgmt - ok

09:54:40.0984 1420 artdhcp - ok

09:54:41.0031 1420 asc - ok

09:54:41.0062 1420 asc3350p - ok

09:54:41.0093 1420 asc3550 - ok

09:54:41.0187 1420 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

09:54:41.0218 1420 aspnet_state - ok

09:54:41.0312 1420 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys

09:54:41.0343 1420 aswFsBlk - ok

09:54:41.0421 1420 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys

09:54:41.0437 1420 aswMon2 - ok

09:54:41.0484 1420 AswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\AswRdr.sys

09:54:41.0500 1420 AswRdr - ok

09:54:41.0609 1420 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys

09:54:41.0703 1420 aswSnx - ok

09:54:41.0843 1420 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys

09:54:41.0921 1420 aswSP - ok

09:54:42.0062 1420 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys

09:54:42.0078 1420 aswTdi - ok

09:54:42.0140 1420 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

09:54:42.0359 1420 AsyncMac - ok

09:54:42.0484 1420 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

09:54:42.0703 1420 atapi - ok

09:54:42.0812 1420 Atdisk - ok

09:54:42.0890 1420 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

09:54:43.0109 1420 Atmarpc - ok

09:54:43.0250 1420 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

09:54:43.0453 1420 AudioSrv - ok

09:54:43.0609 1420 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

09:54:43.0843 1420 audstub - ok

09:54:43.0968 1420 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

09:54:44.0000 1420 avast! Antivirus - ok

09:54:44.0078 1420 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

09:54:44.0093 1420 avgio - ok

09:54:44.0265 1420 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

09:54:44.0281 1420 avgntflt - ok

09:54:44.0375 1420 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

09:54:44.0390 1420 avipbb - ok

09:54:44.0468 1420 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

09:54:44.0687 1420 Beep - ok

09:54:44.0828 1420 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

09:54:45.0125 1420 BITS - ok

09:54:45.0250 1420 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

09:54:45.0312 1420 Bonjour Service - ok

09:54:45.0453 1420 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

09:54:45.0671 1420 Browser - ok

09:54:45.0828 1420 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

09:54:46.0031 1420 cbidf2k - ok

09:54:46.0109 1420 cd20xrnt - ok

09:54:46.0187 1420 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

09:54:46.0390 1420 Cdaudio - ok

09:54:46.0515 1420 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

09:54:46.0734 1420 Cdfs - ok

09:54:46.0875 1420 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

09:54:47.0125 1420 Cdrom - ok

09:54:47.0218 1420 cerc6 - ok

09:54:47.0250 1420 Changer - ok

09:54:47.0328 1420 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

09:54:47.0546 1420 CiSvc - ok

09:54:47.0671 1420 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

09:54:47.0906 1420 ClipSrv - ok

09:54:48.0046 1420 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

09:54:48.0062 1420 clr_optimization_v2.0.50727_32 - ok

09:54:48.0171 1420 CmdIde - ok

09:54:48.0218 1420 COMSysApp - ok

09:54:48.0250 1420 Cpqarray - ok

09:54:48.0328 1420 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

09:54:48.0546 1420 CryptSvc - ok

09:54:48.0656 1420 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys

09:54:48.0890 1420 ctljystk - ok

09:54:48.0984 1420 dac2w2k - ok

09:54:49.0015 1420 dac960nt - ok

09:54:49.0109 1420 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

09:54:49.0203 1420 DcomLaunch - ok

09:54:49.0359 1420 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

09:54:49.0593 1420 Dhcp - ok

09:54:49.0687 1420 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

09:54:49.0937 1420 Disk - ok

09:54:50.0000 1420 dmadmin - ok

09:54:50.0093 1420 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

09:54:50.0390 1420 dmboot - ok

09:54:50.0546 1420 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

09:54:50.0781 1420 dmio - ok

09:54:50.0921 1420 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

09:54:51.0156 1420 dmload - ok

09:54:51.0281 1420 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

09:54:51.0515 1420 dmserver - ok

09:54:51.0578 1420 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

09:54:51.0796 1420 DMusic - ok

09:54:51.0937 1420 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

09:54:52.0000 1420 Dnscache - ok

09:54:52.0140 1420 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

09:54:52.0375 1420 Dot3svc - ok

09:54:52.0484 1420 dpti2o - ok

09:54:52.0562 1420 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

09:54:52.0781 1420 drmkaud - ok

09:54:52.0921 1420 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

09:54:53.0140 1420 EapHost - ok

09:54:53.0296 1420 emu10k (01f83e1b5dce05f5cb7d99113ca9e890) C:\WINDOWS\system32\drivers\emu10k1m.sys

09:54:53.0531 1420 emu10k - ok

09:54:53.0671 1420 emu10k1 (7ffa171cce6a8bfc774862a578ba39a2) C:\WINDOWS\system32\drivers\ctlfacem.sys

09:54:53.0890 1420 emu10k1 - ok

09:54:54.0031 1420 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

09:54:54.0265 1420 ERSvc - ok

09:54:54.0343 1420 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

09:54:54.0390 1420 Eventlog - ok

09:54:54.0546 1420 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

09:54:54.0593 1420 EventSystem - ok

09:54:54.0750 1420 FA312 (aa855fb8a866281aacb393c1feab91ae) C:\WINDOWS\system32\DRIVERS\FA312nd5.sys

09:54:54.0953 1420 FA312 - ok

09:54:55.0078 1420 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

09:54:55.0312 1420 Fastfat - ok

09:54:55.0421 1420 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

09:54:55.0484 1420 FastUserSwitchingCompatibility - ok

09:54:55.0625 1420 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

09:54:55.0843 1420 Fdc - ok

09:54:55.0968 1420 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

09:54:56.0187 1420 Fips - ok

09:54:56.0312 1420 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

09:54:56.0531 1420 Flpydisk - ok

09:54:56.0656 1420 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

09:54:56.0890 1420 FltMgr - ok

09:54:57.0031 1420 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

09:54:57.0046 1420 FontCache3.0.0.0 - ok

09:54:57.0171 1420 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

09:54:57.0406 1420 Fs_Rec - ok

09:54:57.0531 1420 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

09:54:57.0750 1420 Ftdisk - ok

09:54:57.0875 1420 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys

09:54:58.0140 1420 gameenum - ok

09:54:58.0312 1420 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

09:54:58.0328 1420 GEARAspiWDM - ok

09:54:58.0437 1420 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

09:54:58.0656 1420 Gpc - ok

09:54:58.0718 1420 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

09:54:58.0937 1420 helpsvc - ok

09:54:59.0000 1420 HidServ - ok

09:54:59.0046 1420 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

09:54:59.0312 1420 hkmsvc - ok

09:54:59.0453 1420 HPFECP15 (b5802e7642220d5b835d2b5925385a21) C:\WINDOWS\System32\drivers\HPFECP15.SYS

09:54:59.0468 1420 HPFECP15 ( UnsignedFile.Multi.Generic ) - warning

09:54:59.0468 1420 HPFECP15 - detected UnsignedFile.Multi.Generic (1)

09:54:59.0515 1420 hpn - ok

09:54:59.0593 1420 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys

09:54:59.0843 1420 HSFHWBS2 - ok

09:55:00.0031 1420 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys

09:55:00.0390 1420 HSF_DP - ok

09:55:00.0531 1420 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

09:55:00.0593 1420 HTTP - ok

09:55:00.0734 1420 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

09:55:00.0937 1420 HTTPFilter - ok

09:55:01.0015 1420 i2omgmt - ok

09:55:01.0046 1420 i2omp - ok

09:55:01.0125 1420 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

09:55:01.0359 1420 i8042prt - ok

09:55:01.0609 1420 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

09:55:01.0703 1420 idsvc - ok

09:55:01.0843 1420 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

09:55:02.0109 1420 Imapi - ok

09:55:02.0312 1420 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

09:55:02.0531 1420 ImapiService - ok

09:55:02.0640 1420 ini910u - ok

09:55:02.0718 1420 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

09:55:02.0937 1420 IntelIde - ok

09:55:03.0093 1420 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

09:55:03.0312 1420 intelppm - ok

09:55:03.0437 1420 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

09:55:03.0453 1420 IntuitUpdateService - ok

09:55:03.0593 1420 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

09:55:03.0843 1420 Ip6Fw - ok

09:55:03.0984 1420 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

09:55:04.0203 1420 IpFilterDriver - ok

09:55:04.0281 1420 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

09:55:04.0515 1420 IpInIp - ok

09:55:04.0640 1420 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

09:55:04.0859 1420 IpNat - ok

09:55:04.0984 1420 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe

09:55:05.0078 1420 iPod Service - ok

09:55:05.0250 1420 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

09:55:05.0468 1420 IPSec - ok

09:55:05.0578 1420 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

09:55:05.0671 1420 IRENUM - ok

09:55:05.0796 1420 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

09:55:06.0000 1420 isapnp - ok

09:55:06.0187 1420 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe

09:55:06.0203 1420 JavaQuickStarterService - ok

09:55:06.0390 1420 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

09:55:06.0609 1420 Kbdclass - ok

09:55:06.0687 1420 kerbkey - ok

09:55:06.0765 1420 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

09:55:07.0000 1420 kmixer - ok

09:55:07.0140 1420 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

09:55:07.0187 1420 KSecDD - ok

09:55:07.0343 1420 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

09:55:07.0375 1420 LanmanServer - ok

09:55:07.0531 1420 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

09:55:07.0593 1420 lanmanworkstation - ok

09:55:07.0703 1420 lbrtfdc - ok

09:55:07.0765 1420 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

09:55:07.0984 1420 LmHosts - ok

09:55:08.0078 1420 MCSTRM - ok

09:55:08.0140 1420 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

09:55:08.0359 1420 mdmxsdk - ok

09:55:08.0484 1420 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

09:55:08.0734 1420 Messenger - ok

09:55:08.0875 1420 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

09:55:09.0109 1420 mnmdd - ok

09:55:09.0218 1420 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

09:55:09.0453 1420 mnmsrvc - ok

09:55:09.0593 1420 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

09:55:09.0828 1420 Modem - ok

09:55:09.0953 1420 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

09:55:10.0171 1420 MODEMCSA - ok

09:55:10.0296 1420 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

09:55:10.0515 1420 Mouclass - ok

09:55:10.0640 1420 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

09:55:10.0859 1420 MountMgr - ok

09:55:10.0937 1420 mraid35x - ok

09:55:11.0000 1420 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

09:55:11.0234 1420 MRxDAV - ok

09:55:11.0406 1420 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

09:55:11.0515 1420 MRxSmb - ok

09:55:11.0656 1420 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

09:55:11.0875 1420 MSDTC - ok

09:55:11.0968 1420 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

09:55:12.0171 1420 Msfs - ok

09:55:12.0265 1420 MSIServer - ok

09:55:12.0312 1420 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

09:55:12.0578 1420 MSKSSRV - ok

09:55:12.0687 1420 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

09:55:12.0906 1420 MSPCLOCK - ok

09:55:13.0015 1420 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

09:55:13.0265 1420 MSPQM - ok

09:55:13.0406 1420 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

09:55:13.0593 1420 mssmbios - ok

09:55:13.0671 1420 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

09:55:13.0718 1420 Mup - ok

09:55:13.0828 1420 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

09:55:14.0078 1420 napagent - ok

09:55:14.0234 1420 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

09:55:14.0453 1420 NDIS - ok

09:55:14.0609 1420 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

09:55:14.0640 1420 NdisTapi - ok

09:55:14.0765 1420 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

09:55:14.0984 1420 Ndisuio - ok

09:55:15.0140 1420 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

09:55:15.0359 1420 NdisWan - ok

09:55:15.0500 1420 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

09:55:15.0546 1420 NDProxy - ok

09:55:15.0656 1420 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

09:55:15.0890 1420 NetBIOS - ok

09:55:16.0015 1420 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

09:55:16.0250 1420 NetBT - ok

09:55:16.0359 1420 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

09:55:16.0609 1420 NetDDE - ok

09:55:16.0609 1420 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

09:55:16.0828 1420 NetDDEdsdm - ok

09:55:16.0968 1420 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:55:17.0203 1420 Netlogon - ok

09:55:17.0359 1420 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

09:55:17.0578 1420 Netman - ok

09:55:17.0812 1420 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

09:55:17.0843 1420 NetTcpPortSharing - ok

09:55:17.0984 1420 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

09:55:18.0031 1420 Nla - ok

09:55:18.0187 1420 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

09:55:18.0406 1420 Npfs - ok

09:55:18.0546 1420 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

09:55:18.0843 1420 Ntfs - ok

09:55:19.0000 1420 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:55:19.0203 1420 NtLmSsp - ok

09:55:19.0359 1420 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

09:55:19.0625 1420 NtmsSvc - ok

09:55:19.0750 1420 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

09:55:19.0968 1420 Null - ok

09:55:20.0203 1420 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

09:55:20.0625 1420 nv - ok

09:55:20.0750 1420 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

09:55:20.0984 1420 NwlnkFlt - ok

09:55:21.0140 1420 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

09:55:21.0375 1420 NwlnkFwd - ok

09:55:21.0515 1420 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS

09:55:21.0531 1420 OMCI ( UnsignedFile.Multi.Generic ) - warning

09:55:21.0531 1420 OMCI - detected UnsignedFile.Multi.Generic (1)

09:55:21.0687 1420 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

09:55:21.0921 1420 Parport - ok

09:55:22.0046 1420 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

09:55:22.0265 1420 PartMgr - ok

09:55:22.0390 1420 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

09:55:22.0671 1420 ParVdm - ok

09:55:22.0796 1420 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

09:55:23.0046 1420 PCI - ok

09:55:23.0140 1420 PCIDump - ok

09:55:23.0171 1420 PCIIde - ok

09:55:23.0234 1420 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

09:55:23.0453 1420 Pcmcia - ok

09:55:23.0578 1420 PDCOMP - ok

09:55:23.0593 1420 PDFRAME - ok

09:55:23.0625 1420 PDRELI - ok

09:55:23.0640 1420 PDRFRAME - ok

09:55:23.0671 1420 perc2 - ok

09:55:23.0703 1420 perc2hib - ok

09:55:23.0796 1420 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

09:55:23.0828 1420 PlugPlay - ok

09:55:24.0015 1420 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:55:24.0218 1420 PolicyAgent - ok

09:55:24.0375 1420 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

09:55:24.0593 1420 PptpMiniport - ok

09:55:24.0718 1420 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:55:24.0937 1420 ProtectedStorage - ok

09:55:25.0015 1420 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

09:55:25.0250 1420 PSched - ok

09:55:25.0359 1420 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

09:55:25.0593 1420 Ptilink - ok

09:55:25.0671 1420 ql1080 - ok

09:55:25.0703 1420 Ql10wnt - ok

09:55:25.0734 1420 ql12160 - ok

09:55:25.0781 1420 ql1240 - ok

09:55:25.0812 1420 ql1280 - ok

09:55:25.0906 1420 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

09:55:26.0109 1420 RasAcd - ok

09:55:26.0234 1420 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

09:55:26.0453 1420 RasAuto - ok

09:55:26.0609 1420 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

09:55:26.0843 1420 Rasl2tp - ok

09:55:26.0968 1420 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

09:55:27.0203 1420 RasMan - ok

09:55:27.0343 1420 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

09:55:27.0640 1420 RasPppoe - ok

09:55:27.0750 1420 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

09:55:27.0968 1420 Raspti - ok

09:55:28.0093 1420 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

09:55:28.0312 1420 Rdbss - ok

09:55:28.0390 1420 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

09:55:28.0609 1420 RDPCDD - ok

09:55:28.0765 1420 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

09:55:28.0812 1420 RDPWD - ok

09:55:28.0968 1420 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

09:55:29.0218 1420 RDSessMgr - ok

09:55:29.0359 1420 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

09:55:29.0578 1420 redbook - ok

09:55:29.0671 1420 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

09:55:29.0906 1420 RemoteAccess - ok

09:55:30.0000 1420 roxwatch9 - ok

09:55:30.0093 1420 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

09:55:30.0312 1420 RpcLocator - ok

09:55:30.0406 1420 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

09:55:30.0500 1420 RpcSs - ok

09:55:30.0640 1420 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

09:55:30.0859 1420 RSVP - ok

09:55:31.0046 1420 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:55:31.0250 1420 SamSs - ok

09:55:31.0296 1420 SANDRA - ok

09:55:31.0375 1420 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

09:55:31.0609 1420 SCardSvr - ok

09:55:31.0765 1420 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

09:55:31.0984 1420 Schedule - ok

09:55:32.0140 1420 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

09:55:32.0203 1420 Secdrv - ok

09:55:32.0296 1420 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

09:55:32.0500 1420 seclogon - ok

09:55:32.0546 1420 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

09:55:32.0765 1420 SENS - ok

09:55:32.0828 1420 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

09:55:33.0046 1420 serenum - ok

09:55:33.0171 1420 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

09:55:33.0390 1420 Serial - ok

09:55:33.0531 1420 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

09:55:33.0750 1420 Sfloppy - ok

09:55:33.0875 1420 sfman (0b1a5e9cacb5cdd54a2815107bd7c772) C:\WINDOWS\system32\drivers\sfmanm.sys

09:55:34.0125 1420 sfman - ok

09:55:34.0265 1420 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

09:55:34.0531 1420 SharedAccess - ok

09:55:34.0671 1420 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

09:55:34.0718 1420 ShellHWDetection - ok

09:55:34.0828 1420 Simbad - ok

09:55:34.0875 1420 Sparrow - ok

09:55:34.0968 1420 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

09:55:35.0187 1420 splitter - ok

09:55:35.0343 1420 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

09:55:35.0375 1420 Spooler - ok

09:55:35.0531 1420 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

09:55:35.0625 1420 sr - ok

09:55:35.0734 1420 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

09:55:35.0828 1420 srservice - ok

09:55:35.0953 1420 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

09:55:36.0078 1420 Srv - ok

09:55:36.0187 1420 sr_watchdog - ok

09:55:36.0265 1420 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

09:55:36.0390 1420 SSDPSRV - ok

09:55:36.0531 1420 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

09:55:36.0562 1420 ssmdrv - ok

09:55:36.0640 1420 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

09:55:36.0906 1420 stisvc - ok

09:55:37.0031 1420 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

09:55:37.0265 1420 swenum - ok

09:55:37.0390 1420 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

09:55:37.0609 1420 swmidi - ok

09:55:37.0703 1420 SwPrv - ok

09:55:37.0734 1420 symc810 - ok

09:55:37.0765 1420 symc8xx - ok

09:55:37.0796 1420 sym_hi - ok

09:55:37.0843 1420 sym_u3 - ok

09:55:37.0937 1420 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

09:55:38.0171 1420 sysaudio - ok

09:55:38.0296 1420 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

09:55:38.0531 1420 SysmonLog - ok

09:55:38.0687 1420 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

09:55:38.0906 1420 TapiSrv - ok

09:55:39.0000 1420 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

09:55:39.0093 1420 Tcpip - ok

09:55:39.0250 1420 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

09:55:39.0468 1420 TDPIPE - ok

09:55:39.0625 1420 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

09:55:39.0828 1420 TDTCP - ok

09:55:40.0000 1420 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

09:55:40.0203 1420 TermDD - ok

09:55:40.0375 1420 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

09:55:40.0609 1420 TermService - ok

09:55:40.0750 1420 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

09:55:40.0781 1420 Themes - ok

09:55:40.0828 1420 TosIde - ok

09:55:40.0921 1420 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

09:55:41.0140 1420 TrkWks - ok

09:55:41.0296 1420 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

09:55:41.0515 1420 Udfs - ok

09:55:41.0625 1420 ultra - ok

09:55:41.0734 1420 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

09:55:42.0015 1420 Update - ok

09:55:42.0156 1420 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

09:55:42.0250 1420 upnphost - ok

09:55:42.0390 1420 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

09:55:42.0625 1420 UPS - ok

09:55:42.0781 1420 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys

09:55:42.0828 1420 USBAAPL - ok

09:55:43.0000 1420 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

09:55:43.0250 1420 usbhub - ok

09:55:43.0375 1420 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

09:55:43.0593 1420 usbscan - ok

09:55:43.0734 1420 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

09:55:43.0953 1420 USBSTOR - ok

09:55:44.0078 1420 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

09:55:44.0312 1420 usbuhci - ok

09:55:44.0437 1420 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

09:55:44.0640 1420 VgaSave - ok

09:55:44.0718 1420 ViaIde - ok

09:55:44.0812 1420 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

09:55:45.0031 1420 VolSnap - ok

09:55:45.0203 1420 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

09:55:45.0312 1420 VSS - ok

09:55:45.0468 1420 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

09:55:45.0687 1420 W32Time - ok

09:55:45.0843 1420 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

09:55:46.0062 1420 Wanarp - ok

09:55:46.0156 1420 WDICA - ok

09:55:46.0250 1420 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

09:55:46.0484 1420 wdmaud - ok

09:55:46.0625 1420 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

09:55:46.0843 1420 WebClient - ok

09:55:47.0000 1420 winachsf (1225ebea76aac3c84df6c54fe5e5d8be) C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys

09:55:47.0296 1420 winachsf - ok

09:55:47.0437 1420 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

09:55:47.0640 1420 winmgmt - ok

09:55:47.0796 1420 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

09:55:47.0843 1420 WmdmPmSN - ok

09:55:48.0015 1420 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

09:55:48.0250 1420 WmiApSrv - ok

09:55:48.0390 1420 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

09:55:48.0531 1420 WMPNetworkSvc - ok

09:55:48.0703 1420 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

09:55:48.0734 1420 WpdUsb - ok

09:55:48.0843 1420 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

09:55:49.0078 1420 wuauserv - ok

09:55:49.0156 1420 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

09:55:49.0203 1420 WudfPf - ok

09:55:49.0343 1420 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

09:55:49.0375 1420 WudfRd - ok

09:55:49.0500 1420 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

09:55:49.0531 1420 WudfSvc - ok

09:55:49.0703 1420 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

09:55:49.0984 1420 WZCSVC - ok

09:55:50.0125 1420 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

09:55:50.0359 1420 xmlprov - ok

09:55:50.0390 1420 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

09:55:50.0671 1420 \Device\Harddisk0\DR0 - ok

09:55:50.0703 1420 Boot (0x1200) (639270cbb1fd181bb719b6b73e86c8c9) \Device\Harddisk0\DR0\Partition0

09:55:50.0703 1420 \Device\Harddisk0\DR0\Partition0 - ok

09:55:50.0734 1420 ============================================================

09:55:50.0734 1420 Scan finished

09:55:50.0734 1420 ============================================================

09:55:50.0859 3936 Detected object count: 2

09:55:50.0859 3936 Actual detected object count: 2

09:56:35.0875 3936 HPFECP15 ( UnsignedFile.Multi.Generic ) - skipped by user

09:56:35.0875 3936 HPFECP15 ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:56:35.0875 3936 OMCI ( UnsignedFile.Multi.Generic ) - skipped by user

09:56:35.0875 3936 OMCI ( UnsignedFile.Multi.Generic ) - User select action: Skip

Link to post
Share on other sites

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:

If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

ComboFix 12-04-09.01 - Jim 04/09/2012 17:24:47.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.740 [GMT -4:00]

Running from: c:\documents and settings\Jim\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Jim\Application Data\Adobe\AdobeUpdate .exe

c:\documents and settings\Jim\Application Data\Adobe\plugs

c:\documents and settings\Jim\Application Data\PriceGong

c:\documents and settings\Jim\Application Data\PriceGong\Data\1.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\a.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\b.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\c.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\d.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\e.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\f.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\g.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\h.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\i.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\J.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\k.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\l.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\m.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\n.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\o.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\p.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\q.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\r.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\s.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\t.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\u.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\v.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\w.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\x.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\y.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\z.xml

c:\documents and settings\Jim\WINDOWS

c:\windows\offitems.log

c:\windows\system32\dds_trash_log.cmd

.

c:\windows\system32\drivers\usbehci.sys . . . is missing!!

.

.

((((((((((((((((((((((((( Files Created from 2012-03-09 to 2012-04-09 )))))))))))))))))))))))))))))))

.

.

2012-04-03 21:38 . 2012-04-03 21:38 -------- d-----w- C:\c6c28201e038241e6a4fb456dc776e

2012-04-03 13:32 . 2012-04-03 13:38 -------- d-----w- c:\documents and settings\Jim\Local Settings\Application Data\Google

2012-04-03 13:32 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-04-03 13:32 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-04-03 13:32 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-04-03 13:32 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-04-03 13:32 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-04-03 13:32 . 2012-03-06 23:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-04-03 13:32 . 2012-03-06 23:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-04-03 13:32 . 2012-03-06 22:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-04-03 13:31 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr

2012-04-03 13:31 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe

2012-04-03 13:30 . 2012-04-03 13:30 -------- d-----w- c:\program files\AVAST Software

2012-04-03 13:30 . 2012-04-03 13:30 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2012-04-03 13:02 . 2012-04-03 13:02 -------- d-----w- C:\TDSSKiller_Quarantine

2012-03-29 21:42 . 2012-03-29 21:59 -------- d-----w- C:\931fa0e1b60e8a898b01c790

2012-03-28 13:10 . 2012-04-03 16:23 -------- d-----w- c:\windows\system32\MpEngineStore

2012-03-27 13:32 . 2012-03-27 13:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer

2012-03-25 11:10 . 2012-03-25 11:10 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll

2012-03-25 11:10 . 2012-03-25 11:10 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll

2012-03-25 11:10 . 2012-03-25 11:10 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll

2012-03-25 11:10 . 2012-03-25 11:10 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll

2012-03-25 11:10 . 2012-03-25 11:10 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll

2012-03-25 11:10 . 2012-03-25 11:10 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll

2012-03-25 11:10 . 2012-03-25 11:10 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll

2012-03-25 11:10 . 2012-03-25 11:10 -------- d-----w- c:\program files\QuickTime

2012-03-25 11:00 . 2012-03-25 11:00 -------- d-----w- c:\program files\iPod

2012-03-25 11:00 . 2012-03-25 11:01 -------- d-----w- c:\program files\iTunes

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-03 13:10 . 2008-04-14 07:00 64512 ----a-w- c:\windows\system32\drivers\serial.sys

2012-02-21 21:54 . 2011-06-20 22:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-15 15:01 . 2012-01-07 02:09 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-02-15 15:01 . 2012-01-07 02:09 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2012-02-03 09:22 . 2008-04-14 07:00 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-11 19:06 . 2012-02-16 03:04 3072 ------w- c:\windows\system32\iacenc.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2000-08-08 24576]

"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2000-08-08 311350]

"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-08-08 28739]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-7-11 111376]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-8-8 65588]

Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-8-8 24633]

Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-7-11 51984]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Verizon\\Verizon Media Manager\\Release\\Verizon Media Manager.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/3/2012 9:32 AM 612184]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/3/2012 9:32 AM 337880]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/3/2012 9:32 AM 20696]

R2 HPFECP15;HPFECP15;c:\windows\system32\drivers\HPFecp15.sys [2/16/1999 12:28 PM 52800]

S0 cerc6;cerc6; [x]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

NETSVCS REQUIRES REPAIRS - current entries shown

6to4

AppMgmt

AudioSrv

Browser

CryptSvc

DMServer

DHCP

ERSvc

EventSystem

FastUserSwitchingCompatibility

HidServ

Ias

Iprip

Irmon

LanmanServer

LanmanWorkstation

Messenger

Netman

Nla

Ntmssvc

NWCWorkstation

Nwsapagent

Rasauto

atikmdag

symwsc

ccevtmgr

pnrouter

usbohci

WINIO

zpmysql

LRMINIPORT

fah@c:+fah+fah-service+fah502-console.exe

alcaudsl

us30sys

qcdonner

pgpsdkservice

STV672

openvpnservice

gemserv

tosporte

awservice

prevxdriver

atinevxx

Epfwndis

avgcoresvc

fuj02b1

bt3cser

wacomvhid

roxwatch9

SANDRA

artdhcp

ctxcpubal

MA8032U

captureservice

snpstd2

pdlndldl

A88xEnc

NTIDrvr

mskservice

mr2kserv

ssoftservice

RSAFAL

hpzius12

JGOGO

cypresslink

ss_mdm

TPPWRIF

dsproct

npptnt2

SMCB000

WmHidLo

sscdbus

alcxwdm

HssSrv

iaimfp1

db2governor

stylexpservice

SndTDriverV32

NETGEAR_MA111

CSDriver

sskbfd

QWAVEDRV

hcwPP2

SE2Dmdfl

ICM10USB

LUsbFilt

nimcdldu

DSXUSB

smartwiservice

bgmainsvc

snoopfreesvc

hpzid412

tmmbd

cdr4_xp

getPlusHelper

qmofiltr

kerbkey

sr_watchdog

penclass

nwlnkipx

Cinemsup

lvusbsta

hpgate

z525mdm

NVNET

jtagserver

iwebmsg

zebrmdmc

backupexecagentaccelerator

scsiaccess

pae_avs

cfsvcs

USBDeviceService

racsvc

usbbus

co_mon

CoolerXPDriver

AffinegyService

marvinbus

nwcworkstation

vaiomediaplatform-integratedserver-upnp

hdaudaddservice

DCFS2K

Rasman

Remoteaccess

Schedule

Seclogon

SENS

Sharedaccess

SRService

Tapisrv

Themes

TrkWks

W32Time

WZCSVC

Wmi

WmdmPmSp

winmgmt

wscsvc

xmlprov

napagent

hkmsvc

BITS

wuauserv

ShellHWDetection

helpsvc

WmdmPmSN

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-07 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.com/finance#

mStart Page = hxxp://www.yahoo.com

uInternet Settings,ProxyOverride = *.local;<local>

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 192.168.1.1

DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/hsi/vzTCPConfig.CAB

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

SafeBoot-30070709.sys

SafeBoot-38626324.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-09 17:38

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2012-04-09 17:40:40

ComboFix-quarantined-files.txt 2012-04-09 21:40

.

Pre-Run: 62,123,626,496 bytes free

Post-Run: 62,838,611,968 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

.

- - End Of File - - B5C28E5EC2C0777BB0209FDAB52F2289

Link to post
Share on other sites

Please use the default font.

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :Filefind
    usbehci.sys


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

MrC

Link to post
Share on other sites

Once again, please don't use italicized font, it's too hard to read....use the default font!

You are misssing this file:

usbehci.sys

Do you have a XP cd where you can copy it off of or another XP computer where you can get a copy of it?

----------------------------------------

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how it is, MrC

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.11.07

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Jim :: JIMNANCY [administrator]

4/11/2012 7:49:28 PM

mbam-log-2012-04-11 (19-49-28).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 180232

Time elapsed: 5 minute(s), 48 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Good

You have out date Java on the system, older versions are vulnerable to malware.

Please go to your control panels add/remove programs and uninstall these:

Java™ 6 Update 26

Then download and install the latest version Java™ 6 Update 31.

http://www.java.com/...load/manual.jsp <---latest version

http://www.java.com/...d/installed.jsp <---verify your Java

---------------------------------------------

Please Uninstall ComboFix:

Go to start > run and copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.