Jump to content

Mystery Infection


Recommended Posts

Hi. New girlfriend's computer. Lots of infections. The computer started with the Chinese AV products from 360. I removed both 360 products used subsequently used a total of 7 products (avg, avast, avira, spybot, norman malware cleaner, NortonPowerEraser, and of course MWB) individually and in various combinations. Each found and cleaned things. Presently have avira loaded and running, with windows (XP, SP3) firewall. Now we are to the point where nothing finds anything new, except MWB, which shows 4 or 6 items in the middle of the scan (different from attempt to attempt), but then it dies with "error... must close". I removed m-bam with the tool from the website, re-installed, tried again. blah blah blah. Found the instructions to use DDS.com... Attached are both files. (up-loader was a little confusing, hope I did it right) I won't touch a thing till instructed. Thank You Blessings David --- dds.txt --- attach.txt ---

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.5512

Run by hou at 16:10:46 on 2012-04-12

Microsoft Windows XP Professional 5.1.2600.3.936.65.1033.18.2039.1535 [GMT 0:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\WINDOWS\system32\D4Ser_ICBC.exe

C:\WINDOWS\system32\D4MON_ICBC.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\ThpSrv.exe

C:\WINDOWS\system32\TODDSrv.exe

c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

c:\program files\avira\antivir desktop\avcenter.exe

C:\WINDOWS\system32\conime.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uDefault_Page_URL = hxxp://20100623.com

mStart Page = about:blank

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll

BHO: {889D2FEB-5411-4565-8998-1DD2C5261283} - No File

BHO: Windows Live µÇ¼°ïÖú³ÌÐò: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [TOSDCR] TOSDCR.EXE

mRun: [TosHKCW.exe] "c:\program files\toshiba\wireless hotkey\TosHKCW.exe"

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

dRunOnce: [RunNarrator] Narrator.exe

IE: µ¼³öµ½ Microsoft Office Excel(&X) - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone: com.cn\mybank.icbc

Trusted Zone: com.cn\vip.icbc

Trusted Zone: com.cn\www.icbc

Trusted Zone: ctc10000.com\wlan

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} - hxxps://b2c.icbc.com.cn/icbc/newperbank/AxSafeControls.cab

DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} - hxxp://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

LSA: Authentication Packages = msv1_0 nwprovau

.

============= SERVICES / DRIVERS ===============

.

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-4-7 14776]

R0 SMR250;Symantec SMR Utility Service 2.5.0;c:\windows\system32\drivers\SMR250.SYS [2012-4-12 83064]

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2007-3-22 20992]

R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2007-3-9 6528]

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-4-12 36000]

R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [2007-5-30 5888]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-4-12 86224]

R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-4-12 110032]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-4-12 74640]

R2 DCService.exe;DCService.exe;c:\documents and settings\all users\application data\datacardservice\DCService.exe [2009-11-20 212992]

R2 OnKey Service _ICBC;OnKey Service _ICBC;c:\windows\system32\D4Ser_ICBC.exe [2010-5-25 58672]

R2 smihlp;SMI helper driver;c:\program files\protector suite ql\smihlp.sys [2006-5-5 3456]

R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2007-3-26 105856]

R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2007-2-19 134016]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-5-31 35968]

R3 rasuw;ChinaNet WLAN Adapter;c:\windows\system32\drivers\rasuw.sys [2010-1-25 33280]

R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [2007-5-30 435072]

S0 abvx;abvx;c:\windows\system32\drivers\flxnhtt.sys --> c:\windows\system32\drivers\flxnhtt.sys [?]

S2 gupdate;Google ¸üзþÎñ (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-4-7 116648]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-1-31 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-7 253600]

S3 gupdatem;Google ¸üзþÎñ (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-4-7 116648]

S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2010-1-25 100736]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-12 40776]

.

=============== File Associations ===============

.

chm.file="hh.exe" %1

.

=============== Created Last 30 ================

.

2012-04-12 14:00:23 83064 ----a-w- c:\windows\system32\drivers\SMR250.SYS

2012-04-12 12:34:41 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-04-12 02:18:33 -------- d-----w- c:\windows\system32\NtmsData

2012-04-12 02:18:20 -------- d-----w- c:\documents and settings\hou\application data\Avira

2012-04-12 02:12:47 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-04-12 02:12:47 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2012-04-12 02:12:46 -------- d-----w- c:\program files\Avira

2012-04-12 02:12:46 -------- d-----w- c:\documents and settings\all users\application data\Avira

2012-04-12 01:26:28 -------- d-----w- c:\documents and settings\hou\application data\Malwarebytes

2012-04-12 01:26:22 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-04-12 01:26:21 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-12 01:26:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-04-11 13:40:51 -------- d-----w- c:\documents and settings\hou\application data\AVG2012

2012-04-11 13:38:55 -------- d-----w- c:\documents and settings\all users\application data\AVG2012

2012-04-11 13:37:56 -------- d-----w- c:\program files\AVG

2012-04-11 13:32:46 -------- d--h--w- c:\documents and settings\all users\application data\Common Files

2012-04-11 13:32:15 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2012-04-11 13:25:28 -------- d-----w- c:\documents and settings\hou\local settings\application data\NPE

2012-04-11 13:25:28 -------- d-----w- c:\documents and settings\all users\application data\Norton

2012-04-11 08:48:57 169984 ----a-w- c:\windows\system32\msconfig.exe

2012-04-09 08:28:25 -------- d-----w- c:\documents and settings\hou\application data\360mobilemgr

2012-04-08 15:19:38 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-04-08 15:19:38 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2012-04-08 08:08:30 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2012-04-08 08:06:15 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2012-04-08 07:52:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2012-04-08 07:51:56 532480 -c----w- c:\windows\system32\dllcache\mstime.dll

2012-04-08 07:51:56 449536 -c----w- c:\windows\system32\dllcache\mshtmled.dll

2012-04-08 07:51:56 37888 -c----w- c:\windows\system32\dllcache\url.dll

2012-04-08 07:42:58 852480 -c----w- c:\windows\system32\dllcache\vgx.dll

2012-04-08 07:42:41 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2012-04-08 07:42:39 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll

2012-04-08 07:42:39 3072 ------w- c:\windows\system32\iacenc.dll

2012-04-08 07:41:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe

2012-04-08 07:41:41 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys

2012-04-07 22:59:43 -------- d-----w- c:\windows\system32\XPSViewer

2012-04-07 17:21:04 -------- d-----w- c:\program files\AVAST Software

2012-04-07 17:21:04 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software

2012-04-07 16:43:17 -------- d-----w- c:\windows\system32\scripting

2012-04-07 16:43:17 -------- d-----w- c:\windows\system32\en

2012-04-07 16:43:17 -------- d-----w- c:\windows\system32\bits

2012-04-07 16:43:17 -------- d-----w- c:\windows\l2schemas

2012-04-07 16:38:50 -------- d-----w- c:\windows\network diagnostic

2012-04-07 16:28:37 -------- d-----r- c:\program files\Skype

2012-04-07 15:51:42 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

2012-04-07 15:51:20 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2012-04-07 15:51:20 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2012-04-07 15:51:20 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2012-04-07 15:51:20 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2012-04-07 15:51:20 575488 ------w- c:\windows\system32\xpsshhdr.dll

2012-04-07 15:51:20 117760 ------w- c:\windows\system32\prntvpt.dll

2012-04-07 15:51:19 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2012-04-07 15:51:19 1676288 ------w- c:\windows\system32\xpssvcs.dll

2012-04-07 15:11:28 713216 -c----w- c:\windows\system32\dllcache\sxs.dll

2012-04-07 15:11:26 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-07 15:11:26 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-07 15:09:07 -------- d--h--w- c:\windows\system32\GroupPolicy

2012-04-07 15:01:55 44672 ------w- c:\windows\system32\drivers\uagp35.sys

2012-04-07 15:00:53 1897408 ------w- c:\windows\system32\drivers\nv4_mini.sys

2012-04-07 14:59:56 86016 ------w- c:\windows\system32\mdmxsdk.dll

2012-04-07 14:59:56 11868 ------w- c:\windows\system32\drivers\mdmxsdk.sys

2012-04-07 14:59:36 37376 ------w- c:\windows\system32\l2gpstore.dll

2012-04-07 14:59:35 61440 ------w- c:\windows\system32\kmsvc.dll

2012-04-07 14:59:33 6144 ------w- c:\windows\system32\kbdpash.dll

2012-04-07 14:59:33 6144 ------w- c:\windows\system32\kbdnepr.dll

2012-04-07 14:59:31 6144 ------w- c:\windows\system32\kbdiultn.dll

2012-04-07 14:59:31 6144 ------w- c:\windows\system32\kbdbhc.dll

2012-04-07 14:59:09 9728 ------w- c:\windows\system32\rwnh.dll

2012-04-07 14:59:09 10752 ------w- c:\windows\system32\smtpapi.dll

2012-04-07 14:59:03 46592 ------w- c:\windows\system32\drivers\irbus.sys

2012-04-07 14:59:01 9728 ------w- c:\windows\system32\comsdupd.exe

2012-04-07 14:57:59 9728 ------w- c:\windows\system32\ativdaxx.ax

2012-04-07 14:10:50 29016 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2012-04-07 14:10:50 -------- d-----w- c:\documents and settings\hou\application data\IObit

2012-04-07 14:10:48 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

2012-04-07 14:10:43 -------- d-----w- c:\program files\IObit

2012-04-07 09:51:32 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

.

==================== Find3M ====================

.

2012-04-07 09:20:33 262040 ----a-w- c:\windows\system32\JfCheck.dll

2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-28 18:50:30 667136 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 18:50:30 61952 ----a-w- c:\windows\system32\tdc.ocx

2012-02-28 18:50:29 81920 ----a-w- c:\windows\system32\ieencode.dll

2012-02-28 13:50:54 369664 ----a-w- c:\windows\system32\html.iec

2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 16:11:30.50 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 9/9/2009 6:46:34 PM

System Uptime: 4/12/2012 2:01:37 PM (2 hours ago)

.

Motherboard: TOSHIBA | | Portable PC

Processor: Intel® Core2 Duo CPU T7500 @ 2.20GHz | uFC-PGA Socket | 2172/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 19 GiB total, 3.705 GiB free.

D: is FIXED (FAT32) - 10 GiB total, 7.567 GiB free.

E: is FIXED (NTFS) - 46 GiB total, 39.889 GiB free.

F: is FIXED (FAT32) - 37 GiB total, 15.279 GiB free.

G: is CDROM ()

H: is CDROM ()

I: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: ChinaNet WLAN Adapter

Device ID: ROOT\NET\0001

Manufacturer: UTStarcom Inc.

Name: ChinaNet WLAN Adapter #2

PNP Device ID: ROOT\NET\0001

Service: rasuw

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader 9.2 - Chinese Simplified

ALPS Touch Pad Driver

APlayer Codec Lite version 2.0.1.230

Atheros Driver Installation Program

Avira Free Antivirus

Bluetooth Stack for Windows by Toshiba

BootMagic

CD/DVD Drive Acoustic Silencer

CorelDRAW Graphics Suite X3

CPR Configuration

CS

CutePDF Writer 2.1

DynaDoc Reader

EditPlus 2.31 Build 514

Google Chrome

Google Update Helper

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB932716-v2)

Hotfix for Windows XP (KB943232-v2)

Hotfix for Windows XP (KB951830)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB981793)

HTML Help Workshop

Intel® Graphics Media Accelerator Driver

Intel® Matrix Storage Manager

Intel® PRO Network Connections Drivers

InterVideo WinDVD for TOSHIBA

Java SE Runtime Environment 6

Lingoes 2.6.3

Macromedia Flash Player

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft AppLocale

Microsoft Choice Guard

Microsoft Office FrontPage 2003

Microsoft Office Professional Edition 2003

Microsoft Silverlight

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft VC80 Support DLLs

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual FoxPro 6.0 (¼òÌåÖÐÎÄ)

Microsoft Windows Application Compatibility Database

MSN

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB973686)

Protector Suite 5.4

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544521)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647516)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2675157)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB928843)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB943460)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950582)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953155)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371-v2)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974455)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB976325)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982316)

Security Update for Windows XP (KB982381)

Security Update for Windows XP (KB982665)

Segoe UI

Skype? 5.8

Smart Defrag 2

Symantec BootMagic 8.0

Tendyron 193D4_ICBC

Texas Instruments PCIxx21/x515/xx12 drivers.

TIPCI

TOSHIBA Assist

TOSHIBA ConfigFree

TOSHIBA Controls

TOSHIBA Direct Disc Writer

TOSHIBA Disc Creator

TOSHIBA Display Devices Change Utility

TOSHIBA Dual Pointing Device Utility

TOSHIBA HDD Protection

TOSHIBA Hotkey Utility for Display Devices

TOSHIBA Manuals

TOSHIBA Mic Effect

TOSHIBA Mobile Extension3

Toshiba Online Product Information

TOSHIBA Password Utility

TOSHIBA PC Diagnostic Tool

TOSHIBA Power Saver

TOSHIBA SD Memory Boot Utility

TOSHIBA SD Memory Utilities

TOSHIBA Security Assist

TOSHIBA TouchPad On/Off Utility V2.5.1.0

TOSHIBA Utilities

TOSHIBA Wireless Key Logon

TOSHIBA Zooming Utility

Uninstall for TOSHIBA Mobile Extension3

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2641690)

Update for Windows XP (KB946501-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB954920-v2)

Update for Windows XP (KB955704)

Update for Windows XP (KB955759)

Update for Windows XP (KB958752)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update for Windows XP (KB976749)

Update for Windows XP (KB978207)

Update for Windows XP (KB980182)

Update Manager

VBA

WebFldrs XP

Windows Imaging Component

Windows Live Communications Platform

Windows Live Messenger

Windows Live Messenger ±£»¤¶Ü 2.0

Windows Live ÉÏÔع¤¾ß

Windows Live µÇ¼ÖúÊÖ

Windows Live Èí¼þ°ü

Windows Media Format Runtime

Windows Media Player 10

Windows XP Service Pack 3

Winlog 4

Wireless Hotkey

°ÁÓÎä¯ÀÀÆ÷2

΢ÈíHCP©¶´½ô¼±ÆÁ±Î²¹¶¡

ÎÞÏß¿í´ø¿Í»§¶Ë

.

==== Event Viewer Messages From Past Week ========

.

4/9/2012 8:50:38 AM, error: Service Control Manager [7034] - The Ö÷¶¯·ÀÓù service terminated unexpectedly. It has done this 1 time(s).

4/9/2012 8:36:49 AM, error: Service Control Manager [7023] - The XLDoctor Service service terminated with the following error: The specified module could not be found.

4/9/2012 8:26:58 AM, error: Service Control Manager [7034] - The Ö÷¶¯·ÀÓù service terminated unexpectedly. It has done this 1 time(s).

4/8/2012 9:08:51 AM, error: Service Control Manager [7023] - The Server service terminated with the following error: Access is denied.

4/8/2012 9:08:51 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PIPIStartSvr service to connect.

4/8/2012 9:08:51 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the OnKey Service _ICBC service to connect.

4/8/2012 9:08:51 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the DCService.exe service to connect.

4/8/2012 9:08:51 AM, error: Service Control Manager [7001] - The VMware NAT Service service depends on the VMware Network Application Interface service which failed to start because of the following error: Access is denied.

4/8/2012 9:08:51 AM, error: Service Control Manager [7001] - The VMware DHCP Service service depends on the VMware Network Application Interface service which failed to start because of the following error: Access is denied.

4/8/2012 9:08:51 AM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: Access is denied.

4/8/2012 9:08:51 AM, error: Service Control Manager [7000] - The Vstor2 WS60 Virtual Storage Driver service failed to start due to the following error: Access is denied.

4/8/2012 9:08:51 AM, error: Service Control Manager [7000] - The VMware Network Application Interface service failed to start due to the following error: Access is denied.

4/8/2012 9:08:51 AM, error: Service Control Manager [7000] - The PIPIStartSvr service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

4/8/2012 9:08:51 AM, error: Service Control Manager [7000] - The OnKey Service _ICBC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

4/8/2012 9:08:51 AM, error: Service Control Manager [7000] - The Haspnt service failed to start due to the following error: Access is denied.

4/8/2012 9:08:51 AM, error: Service Control Manager [7000] - The DCService.exe service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

4/7/2012 9:19:25 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001F3C09D45E. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

4/7/2012 5:10:20 PM, error: Service Control Manager [7022] - The Windows Firewall/Internet Connection Sharing (ICS) service hung on starting.

4/7/2012 4:29:49 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Type with the following error: Access is denied.

4/7/2012 4:29:46 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the 360 ɱ¶¾ÊµÊ±·À»¤·þÎñ service to connect.

4/7/2012 4:29:46 PM, error: Service Control Manager [7000] - The 360 ɱ¶¾ÊµÊ±·À»¤·þÎñ service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

4/7/2012 4:29:28 PM, error: Service Control Manager [7031] - The 360 ɱ¶¾ÊµÊ±·À»¤·þÎñ service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

4/7/2012 4:19:04 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

4/7/2012 3:50:50 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.

4/7/2012 3:50:50 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Description with the following error: Access is denied.

4/7/2012 3:48:04 PM, error: Service Control Manager [7034] - The Ö÷¶¯·ÀÓù service terminated unexpectedly. It has done this 1 time(s).

.

==== End Of File ===========================

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Looks like you're running 2 anti-virus programs.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously!

The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time.

Also because more than one Antivirus and Firewall installed are not compatible with each other, it can cause system performance problems and a serious system slowdown.

Please do not delete anything unless instructed to.

1.Click Start > Settings > Control Panel.

2.Next, open Add/Remove Programs and remove either:

AVG

Avira

Next:

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Link to post
Share on other sites

Hi Larry

Thanks for your help, I appreciate it.

Computer behavior, now, prior to attempting to follow your instructions, is mostly normal, except for two things 1) there is a longer than I usually see pause in the boot process And 2) M-BAM dies in the middle of its scan, while showing a count of either 4 or 6 things found. Just FYI, I have 4 other computers, 2 of which are much older/slower than this lap-top. The two older ones -- one is running AVG and one is running Avast, and they don't have such a long pause. Just FYI.

On this, the computer in question, when booting, Three icons show up very quicklky in the system tray, and then there is a long pause (approx a full minute). If I try to launch any user programs during the pause, they don't launch right away. Eventually the last icon appears in the system tray, and at that time, the trying-to-launch program(s) will open.

I cannot comply with all your instructions, because I did in-fact-and-deed previously (attempt to) uninstall AVG with add/remove programs, prior to installing Avira -- Avira insisted on this prior to installing itself (and also obligated me to remove spybot). At that time AVG was no longer listed in add/remove programs and was also not showing in the system tray. Only Avira showed these two places. Although, according to DDS there apparently is some remnant of AVG left behind -- just one more thing that is odd about this computer.

So, now, I am attempting to follow your instructsion as best I can. I removed Avira, since it is the only one I can remove. So, for the moment, as near as I can tell, I am not running any AV. The removal of Avira required a reboot. The reboot was almost instantainious, the usual delay was gone.

I launched the already-installed copy of m-bam, updated it, unplugged my network cable, and ran an m-bam scan. 1 min and 31 seconds into the scan it died. I relauched m-bam, clicked on the logs tab. There is no log for the current/failed attempt. The last log listed is from 4 days ago. Please let me know if you might want that one.

I then plugged in my network cable, and reinstalled AVG (sorry, I did somthing you did not tell me to do, but I don't believe you wanted me to have no AV at all). Since AVG is the one that did not (appear to) remove properly, it seemed like the best choice. I updated it (signatures), changed the configuration to scan inside archives, and to do thorough scanning, and ran a scan. It found and removed "one potentially dangerous threat":

"D:\Program Files\DynaComware\DynaDoc\Wdl.exe";"May be infected by unknown virus Win32/DH.FF82006B{00000001-00200000-01000000-00000004}"

I rebooted, just on principle.

Again with the long delay. The first three icons to appear in the system tray are the graphics driver, AVG, and volume conrol, and they come in almost instantly. I attempted to lauch M-BAM right away, but again it delayed. In the middle of the delay, the AVG icon momentarilly had the little yellow triangle, and then went back to the plain icon. This is all normal (from what I have seen before), except the delay is longer than expected. M-BAM finally opened, and at the same time the 4th and final icon showed in the system tray (which is the disconnected wireless icon (since I am using a cable)).

I launched and update m-bam again, another signature update was already available. I ran a full scan, selecting all 4 partitions. During the scan, it showed 6 objects detected. At about 45 minutes it died. Relaunched, clicke on logs, no new log.

I await any further instructions.

Thanks again for all your help.

Blessings

David

Link to post
Share on other sites

Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Link to post
Share on other sites

No malicious, only suspicious.

20:32:14.0578 3524 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05

20:32:16.0078 3524 ============================================================

20:32:16.0078 3524 Current date / time: 2012/04/16 20:32:16.0078

20:32:16.0078 3524 SystemInfo:

20:32:16.0078 3524

20:32:16.0078 3524 OS Version: 5.1.2600 ServicePack: 3.0

20:32:16.0078 3524 Product type: Workstation

20:32:16.0078 3524 ComputerName: HELEN-LAPTOP

20:32:16.0078 3524 UserName: hou

20:32:16.0078 3524 Windows directory: C:\WINDOWS

20:32:16.0078 3524 System windows directory: C:\WINDOWS

20:32:16.0078 3524 Processor architecture: Intel x86

20:32:16.0078 3524 Number of processors: 2

20:32:16.0078 3524 Page size: 0x1000

20:32:16.0078 3524 Boot type: Normal boot

20:32:16.0078 3524 ============================================================

20:32:17.0546 3524 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

20:32:17.0546 3524 \Device\Harddisk0\DR0:

20:32:17.0546 3524 MBR used

20:32:17.0546 3524 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542941

20:32:17.0562 3524 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x25429BF, BlocksNum 0x1388AFC

20:32:17.0562 3524 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38CB4FA, BlocksNum 0x5C3F106

20:32:17.0593 3524 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xB, StartLBA 0x950A63F, BlocksNum 0x4A89182

20:32:17.0656 3524 Initialize success

20:32:17.0656 3524 ============================================================

20:32:25.0062 1828 ============================================================

20:32:25.0062 1828 Scan started

20:32:25.0062 1828 Mode: Manual; SigCheck; TDLFS;

20:32:25.0062 1828 ============================================================

20:32:25.0515 1828 Abiosdsk - ok

20:32:25.0531 1828 abp480n5 - ok

20:32:25.0546 1828 abvx - ok

20:32:25.0609 1828 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

20:32:26.0156 1828 ACPI - ok

20:32:26.0281 1828 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

20:32:26.0375 1828 ACPIEC - ok

20:32:26.0437 1828 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

20:32:26.0453 1828 AdobeFlashPlayerUpdateSvc - ok

20:32:26.0468 1828 adpu160m - ok

20:32:26.0515 1828 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

20:32:26.0625 1828 aec - ok

20:32:26.0656 1828 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

20:32:26.0687 1828 AFD - ok

20:32:26.0765 1828 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\WINDOWS\system32\agrsmsvc.exe

20:32:26.0781 1828 AgereModemAudio - ok

20:32:26.0890 1828 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

20:32:26.0937 1828 AgereSoftModem - ok

20:32:27.0015 1828 Aha154x - ok

20:32:27.0031 1828 aic78u2 - ok

20:32:27.0046 1828 aic78xx - ok

20:32:27.0109 1828 akshasp (4ed4ce78a42070cb041c208ca53ed70a) C:\WINDOWS\system32\DRIVERS\akshasp.sys

20:32:27.0156 1828 akshasp - ok

20:32:27.0203 1828 aksusb (2fa8cbcbd795014267be5f60bb8474c0) C:\WINDOWS\system32\DRIVERS\aksusb.sys

20:32:27.0234 1828 aksusb - ok

20:32:27.0281 1828 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

20:32:27.0468 1828 Alerter - ok

20:32:27.0578 1828 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

20:32:27.0656 1828 ALG - ok

20:32:27.0671 1828 AliIde - ok

20:32:27.0687 1828 amsint - ok

20:32:27.0734 1828 ApfiltrService (3ed81e8b4709d13e5a38db2d8e792b28) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

20:32:27.0765 1828 ApfiltrService - ok

20:32:27.0796 1828 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

20:32:27.0875 1828 AppMgmt - ok

20:32:27.0984 1828 AR5211 (78e15866befe8b940046c36ba92f9eb6) C:\WINDOWS\system32\DRIVERS\ar5211.sys

20:32:28.0015 1828 AR5211 - ok

20:32:28.0062 1828 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

20:32:28.0203 1828 Arp1394 - ok

20:32:28.0218 1828 asc - ok

20:32:28.0234 1828 asc3350p - ok

20:32:28.0250 1828 asc3550 - ok

20:32:28.0343 1828 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

20:32:28.0359 1828 aspnet_state - ok

20:32:28.0437 1828 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

20:32:28.0531 1828 AsyncMac - ok

20:32:28.0562 1828 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

20:32:28.0656 1828 atapi - ok

20:32:28.0671 1828 Atdisk - ok

20:32:28.0703 1828 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

20:32:28.0812 1828 Atmarpc - ok

20:32:28.0859 1828 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

20:32:29.0015 1828 AudioSrv - ok

20:32:29.0109 1828 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

20:32:29.0203 1828 audstub - ok

20:32:29.0640 1828 AVGIDSAgent (f5689fba4360be50839999882e0a9d99) C:\Program Files\AVG\AVG2012\avgidsagent.exe

20:32:29.0921 1828 AVGIDSAgent - ok

20:32:30.0125 1828 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys

20:32:30.0203 1828 AVGIDSDriver - ok

20:32:30.0234 1828 AVGIDSEH (f4050c31e6a83cf1e4cdc80d165f7f08) C:\WINDOWS\system32\DRIVERS\avgidsehx.sys

20:32:30.0250 1828 AVGIDSEH - ok

20:32:30.0281 1828 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys

20:32:30.0296 1828 AVGIDSFilter - ok

20:32:30.0312 1828 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys

20:32:30.0343 1828 AVGIDSShim - ok

20:32:30.0390 1828 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

20:32:30.0421 1828 Avgldx86 - ok

20:32:30.0437 1828 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

20:32:30.0468 1828 Avgmfx86 - ok

20:32:30.0609 1828 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

20:32:30.0625 1828 Avgrkx86 - ok

20:32:30.0671 1828 Avgtdix (b2fc9d4de6a2e57a4dfb5a11440c5b85) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

20:32:30.0703 1828 Avgtdix - ok

20:32:30.0828 1828 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe

20:32:30.0859 1828 avgwd - ok

20:32:30.0968 1828 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

20:32:31.0171 1828 Beep - ok

20:32:31.0218 1828 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

20:32:31.0343 1828 BITS - ok

20:32:31.0468 1828 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys

20:32:31.0546 1828 Bridge - ok

20:32:31.0562 1828 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys

20:32:31.0640 1828 BridgeMP - ok

20:32:31.0656 1828 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

20:32:31.0750 1828 Browser - ok

20:32:31.0812 1828 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

20:32:31.0937 1828 cbidf2k - ok

20:32:31.0968 1828 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

20:32:32.0093 1828 CCDECODE - ok

20:32:32.0140 1828 cd20xrnt - ok

20:32:32.0234 1828 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

20:32:32.0359 1828 Cdaudio - ok

20:32:32.0390 1828 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

20:32:32.0515 1828 Cdfs - ok

20:32:32.0609 1828 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

20:32:32.0640 1828 Cdrom - ok

20:32:32.0765 1828 CFSvcs (3cb0cc8879956c187e87e18634ee5164) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

20:32:32.0781 1828 CFSvcs ( UnsignedFile.Multi.Generic ) - warning

20:32:32.0781 1828 CFSvcs - detected UnsignedFile.Multi.Generic (1)

20:32:32.0890 1828 Changer - ok

20:32:32.0937 1828 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

20:32:33.0062 1828 CiSvc - ok

20:32:33.0156 1828 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

20:32:33.0343 1828 ClipSrv - ok

20:32:33.0468 1828 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:32:33.0468 1828 clr_optimization_v2.0.50727_32 - ok

20:32:33.0562 1828 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

20:32:33.0656 1828 CmBatt - ok

20:32:33.0703 1828 CmdIde - ok

20:32:33.0750 1828 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

20:32:33.0828 1828 Compbatt - ok

20:32:33.0843 1828 COMSysApp - ok

20:32:33.0859 1828 Cpqarray - ok

20:32:33.0906 1828 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

20:32:34.0031 1828 CryptSvc - ok

20:32:34.0093 1828 dac2w2k - ok

20:32:34.0156 1828 dac960nt - ok

20:32:34.0203 1828 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

20:32:34.0250 1828 DcomLaunch - ok

20:32:34.0375 1828 DCService.exe (c95c40ea2c4b28ab24f5e5cd068a3c15) C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe

20:32:34.0390 1828 DCService.exe ( UnsignedFile.Multi.Generic ) - warning

20:32:34.0390 1828 DCService.exe - detected UnsignedFile.Multi.Generic (1)

20:32:34.0453 1828 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

20:32:34.0531 1828 Dhcp - ok

20:32:34.0640 1828 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

20:32:34.0812 1828 Disk - ok

20:32:34.0906 1828 dmadmin - ok

20:32:35.0000 1828 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

20:32:35.0093 1828 dmboot - ok

20:32:35.0187 1828 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

20:32:35.0265 1828 dmio - ok

20:32:35.0343 1828 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

20:32:35.0500 1828 dmload - ok

20:32:35.0515 1828 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

20:32:35.0609 1828 dmserver - ok

20:32:35.0656 1828 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

20:32:35.0750 1828 DMusic - ok

20:32:35.0812 1828 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

20:32:35.0828 1828 Dnscache - ok

20:32:35.0906 1828 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

20:32:35.0984 1828 Dot3svc - ok

20:32:36.0046 1828 dpti2o - ok

20:32:36.0125 1828 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

20:32:36.0265 1828 drmkaud - ok

20:32:36.0312 1828 e1express (ed91f1042071a36f54e7c430e130e4cd) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

20:32:36.0328 1828 e1express - ok

20:32:36.0343 1828 EagleNT - ok

20:32:36.0390 1828 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

20:32:36.0531 1828 EapHost - ok

20:32:36.0609 1828 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

20:32:36.0703 1828 ERSvc - ok

20:32:36.0734 1828 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

20:32:36.0765 1828 Eventlog - ok

20:32:36.0828 1828 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

20:32:36.0843 1828 EventSystem - ok

20:32:36.0906 1828 exFat (3ef58f2eae3aecab45d682152db2f67d) C:\WINDOWS\system32\drivers\exFat.sys

20:32:36.0937 1828 exFat - ok

20:32:37.0046 1828 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

20:32:37.0250 1828 Fastfat - ok

20:32:37.0343 1828 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

20:32:37.0359 1828 FastUserSwitchingCompatibility - ok

20:32:37.0468 1828 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

20:32:37.0546 1828 Fdc - ok

20:32:37.0593 1828 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

20:32:37.0687 1828 Fips - ok

20:32:37.0718 1828 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

20:32:37.0812 1828 Flpydisk - ok

20:32:37.0859 1828 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

20:32:37.0968 1828 FltMgr - ok

20:32:38.0062 1828 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

20:32:38.0078 1828 FontCache3.0.0.0 - ok

20:32:38.0187 1828 FsVga (455f778ee14368468560bd7cb8c854d0) C:\WINDOWS\system32\DRIVERS\fsvga.sys

20:32:38.0312 1828 FsVga - ok

20:32:38.0359 1828 Fs_Rec (c865b83411d7347627a4beec22543fb1) C:\WINDOWS\system32\drivers\Fs_Rec.sys

20:32:38.0390 1828 Fs_Rec - ok

20:32:38.0406 1828 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

20:32:38.0531 1828 Ftdisk - ok

20:32:38.0562 1828 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

20:32:38.0703 1828 Gpc - ok

20:32:38.0796 1828 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe

20:32:38.0812 1828 gupdate - ok

20:32:38.0812 1828 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe

20:32:38.0828 1828 gupdatem - ok

20:32:38.0968 1828 Hardlock (ed32d389f8b0e74e400932e020bcfbdf) C:\WINDOWS\system32\drivers\hardlock.sys

20:32:39.0000 1828 Hardlock - ok

20:32:39.0078 1828 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys

20:32:39.0093 1828 Haspnt ( UnsignedFile.Multi.Generic ) - warning

20:32:39.0093 1828 Haspnt - detected UnsignedFile.Multi.Generic (1)

20:32:39.0187 1828 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

20:32:39.0281 1828 HDAudBus - ok

20:32:39.0375 1828 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

20:32:39.0453 1828 helpsvc - ok

20:32:39.0468 1828 HidServ - ok

20:32:39.0515 1828 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

20:32:39.0609 1828 HidUsb - ok

20:32:39.0687 1828 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

20:32:39.0765 1828 hkmsvc - ok

20:32:39.0828 1828 hpn - ok

20:32:39.0921 1828 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

20:32:39.0968 1828 HTTP - ok

20:32:40.0031 1828 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

20:32:40.0234 1828 HTTPFilter - ok

20:32:40.0343 1828 hwdatacard (20330198554b7ddb44403af21d6ae179) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys

20:32:40.0375 1828 hwdatacard - ok

20:32:40.0437 1828 hwusbdev (922065957563d851b5a68b95aadac6ad) C:\WINDOWS\system32\DRIVERS\ewusbdev.sys

20:32:40.0453 1828 hwusbdev - ok

20:32:40.0468 1828 i2omgmt - ok

20:32:40.0484 1828 i2omp - ok

20:32:40.0515 1828 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

20:32:40.0593 1828 i8042prt - ok

20:32:40.0687 1828 IAANTMON (582f2d900a3ac34c98fbdc2c0abef6b9) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

20:32:40.0703 1828 IAANTMON - ok

20:32:41.0031 1828 ialm (e8c7cc369c2fb657e0792af70df529e6) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

20:32:41.0250 1828 ialm - ok

20:32:41.0390 1828 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\drivers\iaStor.sys

20:32:41.0406 1828 iaStor - ok

20:32:41.0468 1828 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

20:32:41.0484 1828 IDriverT ( UnsignedFile.Multi.Generic ) - warning

20:32:41.0484 1828 IDriverT - detected UnsignedFile.Multi.Generic (1)

20:32:41.0593 1828 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

20:32:41.0609 1828 idsvc - ok

20:32:41.0734 1828 IFXTPM (0b556e950404d90d097c687e65238730) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS

20:32:41.0765 1828 IFXTPM - ok

20:32:41.0812 1828 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

20:32:41.0906 1828 Imapi - ok

20:32:41.0937 1828 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

20:32:42.0031 1828 ImapiService - ok

20:32:42.0140 1828 ini910u - ok

20:32:42.0328 1828 IntcAzAudAddService (474d59c18652c8ef0151a9efae9ee619) C:\WINDOWS\system32\drivers\RtkHDAud.sys

20:32:42.0500 1828 IntcAzAudAddService - ok

20:32:42.0593 1828 IntelIde - ok

20:32:42.0656 1828 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

20:32:42.0734 1828 intelppm - ok

20:32:42.0796 1828 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

20:32:42.0890 1828 Ip6Fw - ok

20:32:42.0921 1828 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

20:32:43.0015 1828 IpFilterDriver - ok

20:32:43.0062 1828 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

20:32:43.0140 1828 IpInIp - ok

20:32:43.0203 1828 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

20:32:43.0296 1828 IpNat - ok

20:32:43.0359 1828 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

20:32:43.0437 1828 IPSec - ok

20:32:43.0484 1828 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

20:32:43.0546 1828 IRENUM - ok

20:32:43.0593 1828 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

20:32:43.0671 1828 isapnp - ok

20:32:43.0765 1828 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

20:32:43.0843 1828 Kbdclass - ok

20:32:43.0890 1828 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

20:32:43.0984 1828 kmixer - ok

20:32:44.0015 1828 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

20:32:44.0031 1828 KSecDD - ok

20:32:44.0062 1828 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

20:32:44.0093 1828 lanmanserver - ok

20:32:44.0203 1828 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

20:32:44.0203 1828 lanmanworkstation - ok

20:32:44.0250 1828 lbrtfdc - ok

20:32:44.0359 1828 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

20:32:44.0453 1828 LmHosts - ok

20:32:44.0468 1828 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

20:32:44.0562 1828 Messenger - ok

20:32:44.0593 1828 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

20:32:44.0687 1828 mnmdd - ok

20:32:44.0718 1828 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

20:32:44.0796 1828 mnmsrvc - ok

20:32:44.0921 1828 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

20:32:45.0000 1828 Modem - ok

20:32:45.0031 1828 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

20:32:45.0109 1828 Mouclass - ok

20:32:45.0156 1828 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

20:32:45.0250 1828 mouhid - ok

20:32:45.0281 1828 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

20:32:45.0375 1828 MountMgr - ok

20:32:45.0484 1828 mraid35x - ok

20:32:45.0546 1828 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

20:32:45.0625 1828 MRxDAV - ok

20:32:45.0734 1828 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

20:32:45.0781 1828 MRxSmb - ok

20:32:45.0859 1828 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

20:32:45.0937 1828 MSDTC - ok

20:32:46.0031 1828 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

20:32:46.0171 1828 Msfs - ok

20:32:46.0218 1828 MSIServer - ok

20:32:46.0328 1828 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

20:32:46.0421 1828 MSKSSRV - ok

20:32:46.0468 1828 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

20:32:46.0546 1828 MSPCLOCK - ok

20:32:46.0578 1828 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

20:32:46.0671 1828 MSPQM - ok

20:32:46.0750 1828 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

20:32:46.0921 1828 mssmbios - ok

20:32:46.0984 1828 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

20:32:47.0078 1828 MSTEE - ok

20:32:47.0156 1828 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

20:32:47.0187 1828 Mup - ok

20:32:47.0218 1828 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

20:32:47.0312 1828 NABTSFEC - ok

20:32:47.0359 1828 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

20:32:47.0437 1828 napagent - ok

20:32:47.0562 1828 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

20:32:47.0687 1828 NDIS - ok

20:32:47.0718 1828 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

20:32:47.0828 1828 NdisIP - ok

20:32:47.0859 1828 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

20:32:47.0890 1828 NdisTapi - ok

20:32:47.0906 1828 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

20:32:48.0015 1828 Ndisuio - ok

20:32:48.0156 1828 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

20:32:48.0234 1828 NdisWan - ok

20:32:48.0281 1828 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

20:32:48.0296 1828 NDProxy - ok

20:32:48.0328 1828 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

20:32:48.0406 1828 NetBIOS - ok

20:32:48.0437 1828 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

20:32:48.0515 1828 NetBT - ok

20:32:48.0640 1828 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

20:32:48.0796 1828 NetDDE - ok

20:32:48.0796 1828 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

20:32:48.0937 1828 NetDDEdsdm - ok

20:32:49.0000 1828 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys

20:32:49.0015 1828 Netdevio ( UnsignedFile.Multi.Generic ) - warning

20:32:49.0015 1828 Netdevio - detected UnsignedFile.Multi.Generic (1)

20:32:49.0140 1828 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

20:32:49.0281 1828 Netlogon - ok

20:32:49.0343 1828 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

20:32:49.0500 1828 Netman - ok

20:32:49.0593 1828 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

20:32:49.0625 1828 NetTcpPortSharing - ok

20:32:49.0796 1828 NETw4x32 (12b0d99865434387f784268b70e23360) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys

20:32:49.0906 1828 NETw4x32 - ok

20:32:50.0031 1828 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

20:32:50.0234 1828 NIC1394 - ok

20:32:50.0265 1828 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

20:32:50.0296 1828 Nla - ok

20:32:50.0359 1828 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys

20:32:50.0453 1828 nm - ok

20:32:50.0531 1828 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

20:32:50.0625 1828 Npfs - ok

20:32:50.0734 1828 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

20:32:50.0890 1828 Ntfs - ok

20:32:50.0953 1828 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

20:32:51.0093 1828 NtLmSsp - ok

20:32:51.0171 1828 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

20:32:51.0281 1828 NtmsSvc - ok

20:32:51.0375 1828 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

20:32:51.0453 1828 Null - ok

20:32:51.0515 1828 NWCWorkstation (2c2fd0e6b0180f94c260dd26706aa5f4) C:\WINDOWS\System32\nwwks.dll

20:32:51.0593 1828 NWCWorkstation - ok

20:32:51.0687 1828 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

20:32:51.0906 1828 NwlnkFlt - ok

20:32:52.0031 1828 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

20:32:52.0109 1828 NwlnkFwd - ok

20:32:52.0140 1828 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys

20:32:52.0234 1828 NwlnkIpx - ok

20:32:52.0250 1828 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys

20:32:52.0343 1828 NwlnkNb - ok

20:32:52.0437 1828 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys

20:32:52.0546 1828 NwlnkSpx - ok

20:32:52.0625 1828 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys

20:32:52.0718 1828 NWRDR - ok

20:32:52.0750 1828 NwSapAgent (4b83fcbbe72af5f99d109798653e8b78) C:\WINDOWS\System32\ipxsap.dll

20:32:52.0843 1828 NwSapAgent - ok

20:32:52.0921 1828 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

20:32:53.0015 1828 ohci1394 - ok

20:32:53.0093 1828 OnKey Service _ICBC (bcfba82eb6d3f91e53e1383fabe06cd2) C:\WINDOWS\system32\D4Ser_ICBC.exe

20:32:53.0093 1828 OnKey Service _ICBC - ok

20:32:53.0203 1828 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

20:32:53.0218 1828 ose - ok

20:32:53.0296 1828 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

20:32:53.0421 1828 Parport - ok

20:32:53.0484 1828 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

20:32:53.0609 1828 PartMgr - ok

20:32:53.0671 1828 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

20:32:53.0765 1828 ParVdm - ok

20:32:53.0796 1828 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

20:32:53.0875 1828 PCI - ok

20:32:53.0921 1828 PCIDump - ok

20:32:54.0000 1828 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

20:32:54.0078 1828 PCIIde - ok

20:32:54.0125 1828 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

20:32:54.0281 1828 Pcmcia - ok

20:32:54.0296 1828 PDCOMP - ok

20:32:54.0312 1828 PDFRAME - ok

20:32:54.0328 1828 PDRELI - ok

20:32:54.0343 1828 PDRFRAME - ok

20:32:54.0359 1828 perc2 - ok

20:32:54.0375 1828 perc2hib - ok

20:32:54.0421 1828 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

20:32:54.0453 1828 PlugPlay - ok

20:32:54.0562 1828 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

20:32:54.0703 1828 PolicyAgent - ok

20:32:54.0750 1828 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

20:32:54.0906 1828 PptpMiniport - ok

20:32:54.0984 1828 Profos - ok

20:32:55.0015 1828 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

20:32:55.0156 1828 ProtectedStorage - ok

20:32:55.0171 1828 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

20:32:55.0328 1828 PSched - ok

20:32:55.0437 1828 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

20:32:55.0593 1828 Ptilink - ok

20:32:55.0625 1828 ql1080 - ok

20:32:55.0640 1828 Ql10wnt - ok

20:32:55.0656 1828 ql12160 - ok

20:32:55.0671 1828 ql1240 - ok

20:32:55.0687 1828 ql1280 - ok

20:32:55.0703 1828 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

20:32:55.0781 1828 RasAcd - ok

20:32:55.0828 1828 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

20:32:55.0921 1828 RasAuto - ok

20:32:56.0031 1828 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

20:32:56.0109 1828 Rasl2tp - ok

20:32:56.0156 1828 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

20:32:56.0234 1828 RasMan - ok

20:32:56.0343 1828 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

20:32:56.0421 1828 RasPppoe - ok

20:32:56.0468 1828 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

20:32:56.0546 1828 Raspti - ok

20:32:56.0593 1828 rasuw (a6ea4a8a59d575417756a3afae5d9036) C:\WINDOWS\system32\DRIVERS\rasuw.sys

20:32:56.0593 1828 rasuw ( UnsignedFile.Multi.Generic ) - warning

20:32:56.0593 1828 rasuw - detected UnsignedFile.Multi.Generic (1)

20:32:56.0625 1828 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

20:32:56.0703 1828 Rdbss - ok

20:32:56.0828 1828 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

20:32:56.0921 1828 RDPCDD - ok

20:32:56.0968 1828 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

20:32:57.0062 1828 rdpdr - ok

20:32:57.0109 1828 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

20:32:57.0140 1828 RDPWD - ok

20:32:57.0234 1828 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

20:32:57.0312 1828 RDSessMgr - ok

20:32:57.0375 1828 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

20:32:57.0453 1828 redbook - ok

20:32:57.0546 1828 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

20:32:57.0656 1828 RemoteAccess - ok

20:32:57.0718 1828 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

20:32:57.0796 1828 RemoteRegistry - ok

20:32:57.0906 1828 ROCKEYNT (7b9921a14be8d230148b87322cf1917a) C:\WINDOWS\system32\DRIVERS\Rockey4.sys

20:32:57.0937 1828 ROCKEYNT - ok

20:32:57.0968 1828 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

20:32:58.0062 1828 ROOTMODEM - ok

20:32:58.0093 1828 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

20:32:58.0171 1828 RpcLocator - ok

20:32:58.0250 1828 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

20:32:58.0281 1828 RpcSs - ok

20:32:58.0359 1828 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

20:32:58.0453 1828 RSVP - ok

20:32:58.0531 1828 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

20:32:58.0609 1828 SamSs - ok

20:32:58.0671 1828 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

20:32:58.0781 1828 SCardSvr - ok

20:32:58.0843 1828 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

20:32:58.0937 1828 Schedule - ok

20:32:59.0046 1828 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

20:32:59.0125 1828 sdbus - ok

20:32:59.0203 1828 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

20:32:59.0296 1828 Secdrv - ok

20:32:59.0359 1828 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

20:32:59.0453 1828 seclogon - ok

20:32:59.0515 1828 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

20:32:59.0593 1828 SENS - ok

20:32:59.0703 1828 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

20:32:59.0796 1828 serenum - ok

20:32:59.0843 1828 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

20:32:59.0937 1828 Serial - ok

20:33:00.0015 1828 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

20:33:00.0093 1828 Sfloppy - ok

20:33:00.0156 1828 SharedAccess (a43f36201f68c96da6cb7b1b0b788c60) C:\WINDOWS\System32\ipnathlp.dll

20:33:00.0187 1828 SharedAccess - ok

20:33:00.0281 1828 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

20:33:00.0296 1828 ShellHWDetection - ok

20:33:00.0375 1828 Simbad - ok

20:33:00.0437 1828 SkypeUpdate (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files\Skype\Updater\Updater.exe

20:33:00.0453 1828 SkypeUpdate - ok

20:33:00.0546 1828 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

20:33:00.0640 1828 SLIP - ok

20:33:00.0703 1828 SmartDefragDriver (14bb60a4f1c5291217a05d5728c403e6) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys

20:33:00.0718 1828 SmartDefragDriver - ok

20:33:00.0796 1828 smihlp (94eede27fd7d46707be49127922695a7) C:\Program Files\Protector Suite QL\smihlp.sys

20:33:00.0812 1828 smihlp ( UnsignedFile.Multi.Generic ) - warning

20:33:00.0812 1828 smihlp - detected UnsignedFile.Multi.Generic (1)

20:33:00.0890 1828 Sparrow - ok

20:33:01.0015 1828 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

20:33:01.0093 1828 splitter - ok

20:33:01.0156 1828 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

20:33:01.0187 1828 Spooler - ok

20:33:01.0296 1828 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys

20:33:01.0296 1828 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9

20:33:01.0296 1828 sptd ( LockedFile.Multi.Generic ) - warning

20:33:01.0296 1828 sptd - detected LockedFile.Multi.Generic (1)

20:33:01.0375 1828 SQLWriter (9263c8898732e2b890f7e954e7729ab7) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

20:33:01.0375 1828 SQLWriter - ok

20:33:01.0500 1828 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

20:33:01.0578 1828 sr - ok

20:33:01.0625 1828 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

20:33:01.0703 1828 srservice - ok

20:33:01.0781 1828 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

20:33:01.0796 1828 Srv - ok

20:33:01.0875 1828 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

20:33:01.0968 1828 SSDPSRV - ok

20:33:02.0046 1828 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

20:33:02.0140 1828 stisvc - ok

20:33:02.0234 1828 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

20:33:02.0328 1828 streamip - ok

20:33:02.0375 1828 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

20:33:02.0468 1828 swenum - ok

20:33:02.0484 1828 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

20:33:02.0578 1828 swmidi - ok

20:33:02.0593 1828 SwPrv - ok

20:33:02.0609 1828 symc810 - ok

20:33:02.0625 1828 symc8xx - ok

20:33:02.0640 1828 sym_hi - ok

20:33:02.0656 1828 sym_u3 - ok

20:33:02.0671 1828 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

20:33:02.0765 1828 sysaudio - ok

20:33:02.0843 1828 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

20:33:02.0921 1828 SysmonLog - ok

20:33:02.0984 1828 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

20:33:03.0093 1828 TapiSrv - ok

20:33:03.0187 1828 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

20:33:03.0218 1828 Tcpip - ok

20:33:03.0296 1828 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys

20:33:03.0312 1828 TcUsb - ok

20:33:03.0343 1828 tdcmdpst (2f8bfbdb5824c71f672779b4b8cf8b01) C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys

20:33:03.0359 1828 tdcmdpst - ok

20:33:03.0390 1828 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

20:33:03.0484 1828 TDPIPE - ok

20:33:03.0578 1828 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

20:33:03.0656 1828 TDTCP - ok

20:33:03.0750 1828 tdudf (f56a9327c58ff985616c5e197472932c) C:\WINDOWS\system32\DRIVERS\tdudf.sys

20:33:03.0765 1828 tdudf - ok

20:33:03.0796 1828 TEchoCan (65855534483d0c1330703100b31cac00) C:\WINDOWS\system32\DRIVERS\TEchoCan.sys

20:33:03.0812 1828 TEchoCan - ok

20:33:03.0859 1828 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

20:33:03.0937 1828 TermDD - ok

20:33:04.0000 1828 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

20:33:04.0078 1828 TermService - ok

20:33:04.0156 1828 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

20:33:04.0171 1828 Themes - ok

20:33:04.0265 1828 Thpdrv (557cfdb7869499d357da1877ed93043f) C:\WINDOWS\system32\DRIVERS\thpdrv.sys

20:33:04.0296 1828 Thpdrv - ok

20:33:04.0359 1828 Thpevm (681b0132a9e0ec12e674c2b2ae75e201) C:\WINDOWS\system32\DRIVERS\Thpevm.SYS

20:33:04.0375 1828 Thpevm - ok

20:33:04.0437 1828 Thpsrv (e6ddaa96d0b63eb6b16a4776d786d5c9) C:\WINDOWS\system32\ThpSrv.exe

20:33:04.0453 1828 Thpsrv - ok

20:33:04.0562 1828 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\WINDOWS\system32\drivers\tifm21.sys

20:33:04.0593 1828 tifm21 - ok

20:33:04.0671 1828 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

20:33:04.0765 1828 TlntSvr - ok

20:33:04.0875 1828 TMEI3E (684bfb1e9abb05d3f48c53f3cd16a3e6) C:\WINDOWS\system32\Drivers\TMEI3E.SYS

20:33:04.0875 1828 TMEI3E ( UnsignedFile.Multi.Generic ) - warning

20:33:04.0875 1828 TMEI3E - detected UnsignedFile.Multi.Generic (1)

20:33:04.0968 1828 TODDSrv (d540858e65bfa6fded41ad2495ece344) C:\WINDOWS\system32\TODDSrv.exe

20:33:04.0968 1828 TODDSrv ( UnsignedFile.Multi.Generic ) - warning

20:33:04.0968 1828 TODDSrv - detected UnsignedFile.Multi.Generic (1)

20:33:05.0046 1828 TOSHIBA Bluetooth Service (87843b2da99051bc66e2d6c211e3d6a4) c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

20:33:05.0062 1828 TOSHIBA Bluetooth Service - ok

20:33:05.0125 1828 TosIde - ok

20:33:05.0234 1828 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys

20:33:05.0250 1828 tosporte - ok

20:33:05.0312 1828 tosrfbd (266df087a8c24da34ff40cf3df86ccfb) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys

20:33:05.0343 1828 tosrfbd - ok

20:33:05.0375 1828 tosrfbnp (90c8525bc578aaffe87c2d0ed4379e9e) C:\WINDOWS\system32\Drivers\tosrfbnp.sys

20:33:05.0406 1828 tosrfbnp - ok

20:33:05.0500 1828 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys

20:33:05.0515 1828 Tosrfcom - ok

20:33:05.0562 1828 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\WINDOWS\system32\DRIVERS\tosrfec.sys

20:33:05.0562 1828 tosrfec - ok

20:33:05.0593 1828 Tosrfhid (7c807ba9660e2995cc0217a14a24094c) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys

20:33:05.0625 1828 Tosrfhid - ok

20:33:05.0640 1828 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys

20:33:05.0671 1828 tosrfnds - ok

20:33:05.0703 1828 TosRfSnd (a4ce9572bc4ac8d329455059b43c5bea) C:\WINDOWS\system32\drivers\tosrfsnd.sys

20:33:05.0718 1828 TosRfSnd - ok

20:33:05.0828 1828 tosrfusb (602818649c84eb774d6971da65f79cc8) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys

20:33:05.0843 1828 tosrfusb - ok

20:33:05.0890 1828 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

20:33:05.0984 1828 TrkWks - ok

20:33:06.0078 1828 trudf (3f9ba8878aa26d0831116733f9bc53ff) C:\WINDOWS\system32\DRIVERS\trudf.sys

20:33:06.0093 1828 trudf - ok

20:33:06.0171 1828 Trufos - ok

20:33:06.0218 1828 TVALZ (73d3312955f805054e32fabdca5230b1) C:\WINDOWS\system32\DRIVERS\TVALZ.SYS

20:33:06.0234 1828 TVALZ - ok

20:33:06.0265 1828 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

20:33:06.0343 1828 Udfs - ok

20:33:06.0406 1828 ultra - ok

20:33:06.0468 1828 UMWdf (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe

20:33:06.0500 1828 UMWdf - ok

20:33:06.0562 1828 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

20:33:06.0656 1828 Update - ok

20:33:06.0734 1828 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

20:33:06.0812 1828 upnphost - ok

20:33:06.0890 1828 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

20:33:06.0984 1828 UPS - ok

20:33:07.0046 1828 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

20:33:07.0125 1828 usbccgp - ok

20:33:07.0203 1828 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

20:33:07.0281 1828 usbehci - ok

20:33:07.0359 1828 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

20:33:07.0437 1828 usbhub - ok

20:33:07.0484 1828 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

20:33:07.0562 1828 usbscan - ok

20:33:07.0625 1828 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

20:33:07.0718 1828 USBSTOR - ok

20:33:07.0843 1828 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

20:33:07.0937 1828 usbuhci - ok

20:33:07.0984 1828 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

20:33:08.0078 1828 usbvideo - ok

20:33:08.0093 1828 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

20:33:08.0171 1828 VgaSave - ok

20:33:08.0187 1828 ViaIde - ok

20:33:08.0203 1828 VMnetAdapter - ok

20:33:08.0234 1828 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

20:33:08.0312 1828 VolSnap - ok

20:33:08.0437 1828 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

20:33:08.0531 1828 VSS - ok

20:33:08.0562 1828 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

20:33:08.0656 1828 W32Time - ok

20:33:08.0703 1828 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

20:33:08.0828 1828 Wanarp - ok

20:33:08.0937 1828 WDICA - ok

20:33:09.0000 1828 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

20:33:09.0109 1828 wdmaud - ok

20:33:09.0187 1828 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

20:33:09.0296 1828 WebClient - ok

20:33:09.0406 1828 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

20:33:09.0546 1828 winmgmt - ok

20:33:09.0640 1828 WmdmPmSN (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\MsPMSNSv.dll

20:33:09.0656 1828 WmdmPmSN - ok

20:33:09.0750 1828 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

20:33:09.0796 1828 Wmi - ok

20:33:09.0937 1828 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

20:33:10.0093 1828 WmiApSrv - ok

20:33:10.0156 1828 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

20:33:10.0250 1828 WS2IFSL - ok

20:33:10.0359 1828 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

20:33:10.0437 1828 wscsvc - ok

20:33:10.0500 1828 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

20:33:10.0593 1828 WSTCODEC - ok

20:33:10.0671 1828 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

20:33:10.0750 1828 wuauserv - ok

20:33:10.0828 1828 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

20:33:10.0906 1828 WZCSVC - ok

20:33:10.0968 1828 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

20:33:11.0062 1828 xmlprov - ok

20:33:11.0093 1828 MBR (0x1B8) (bd58f6a1fe22e7d1550df0c62ade9830) \Device\Harddisk0\DR0

20:33:11.0703 1828 \Device\Harddisk0\DR0 - ok

20:33:11.0703 1828 Boot (0x1200) (0ce67aad003390a206964fd7468c74e5) \Device\Harddisk0\DR0\Partition0

20:33:11.0703 1828 \Device\Harddisk0\DR0\Partition0 - ok

20:33:11.0718 1828 Boot (0x1200) (41dd903b9fc30958a3f53948417b4527) \Device\Harddisk0\DR0\Partition1

20:33:11.0718 1828 \Device\Harddisk0\DR0\Partition1 - ok

20:33:11.0734 1828 Boot (0x1200) (04cf0e6419a6c144615361ca1980a485) \Device\Harddisk0\DR0\Partition2

20:33:11.0734 1828 \Device\Harddisk0\DR0\Partition2 - ok

20:33:11.0750 1828 Boot (0x1200) (e6b715426395e7b6dca623fab40e854b) \Device\Harddisk0\DR0\Partition3

20:33:11.0750 1828 \Device\Harddisk0\DR0\Partition3 - ok

20:33:11.0750 1828 ============================================================

20:33:11.0750 1828 Scan finished

20:33:11.0750 1828 ============================================================

20:33:11.0859 2572 Detected object count: 10

20:33:11.0859 2572 Actual detected object count: 10

Link to post
Share on other sites

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

ComboFix results listed below.

I will asses system behavior and post that shortly.

ComboFix 12-04-18.02 - hou 8/2012 Wed 7:13.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.2039.1256 [GMT 0:00]

执行位置: c:\documents and settings\hou\My Documents\Downloads\ComboFix\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

Error: Cfiles.dat

.

((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\360Downloads

C:\360Rec

c:\360rec\20091106\Bak2E.vir

c:\360rec\20100731\17015.vir

c:\360rec\20110504\18146.vir

c:\360rec\20110504\2241F.vir

c:\360rec\20110504\22420.vir

c:\360rec\20110504\22421.vir

c:\360rec\20110504\22422.vir

c:\360rec\20110504\22423.vir

c:\360rec\20110504\22424.vir

c:\360rec\20110504\22425.vir

c:\360rec\20110504\22426.vir

c:\360rec\20110504\22427.vir

c:\360rec\20110504\22428.vir

c:\360rec\20110504\22429.vir

c:\360rec\20110605\20310.vir

c:\documents and settings\hou\Application Data\360SE

c:\documents and settings\hou\Application Data\360SE\360se.ini

c:\documents and settings\hou\Application Data\360SE\pd\pd.ini

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_1112hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_11615hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_11617hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_11642hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_11644hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_11645hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_11646hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_11648hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_12572hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_12573hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_12752hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_12753hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_12754hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_12755hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_12756hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_12872hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_12873hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_12904hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_12905hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_12907hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_13232hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_13292hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_13444hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_13473hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_13474hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_13475hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_13654hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_13656hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_13657hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_13658hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_13659hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_13992hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_13993hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_13995hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_14112hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_14113hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_14114hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_14121hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_14132hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_14133hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_14152hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_14153hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_14161hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_14172hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_14174hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_14192hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_14255hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_14452hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_14453hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_14553hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_14554hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_15323hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_2915hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_2917hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_2919hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_2920hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_333hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_334hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_336hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_338hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_339hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_341hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_342hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_343hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_359hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_361hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_362hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_364hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_365hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_370hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_371hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_398hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_400hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_9239hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_9240hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_9242hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_9243hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_9244hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_9246hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_9247hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_9249hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_9250hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_9251hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_9253hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_9254hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_9256hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_9257hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_9261hhb.jpg

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_9262hhb.jpg.tmp

c:\documents and settings\hou\Local Settings\Temporary Internet Files\xlfx_video_9515hhb.jpg

c:\program files\StormII

c:\program files\StormII\kcheck2.tmp

c:\windows\apppatch\AppLoc.exe

c:\windows\msxml4-KB973688-enu.LOG

c:\windows\msxml6-KB973686-enu-x86.LOG

c:\windows\system32\_000006_.tmp.dll

c:\windows\system32\_000007_.tmp.dll

c:\windows\system32\_000008_.tmp.dll

c:\windows\system32\_000009_.tmp.dll

c:\windows\system32\_000010_.tmp.dll

c:\windows\system32\_000011_.tmp.dll

c:\windows\system32\_000012_.tmp.dll

c:\windows\system32\_000013_.tmp.dll

c:\windows\system32\_000014_.tmp.dll

c:\windows\system32\_000016_.tmp.dll

c:\windows\system32\_000023_.tmp.dll

c:\windows\system32\_000024_.tmp.dll

c:\windows\system32\_000025_.tmp.dll

c:\windows\system32\_000026_.tmp.dll

c:\windows\system32\SET32A.tmp

c:\windows\system32\SET32E.tmp

c:\windows\system32\SET32F.tmp

c:\windows\system32\SET336.tmp

c:\windows\system32\SET337.tmp

c:\windows\system32\SET33E.tmp

c:\windows\system32\SET33F.tmp

c:\windows\system32\SET345.tmp

c:\windows\system32\SET346.tmp

c:\windows\system32\SET34C.tmp

c:\windows\system32\SET34F.tmp

c:\windows\system32\SET3B3.tmp

c:\windows\system32\SET3B6.tmp

c:\windows\system32\SET3C2.tmp

c:\windows\system32\SET3C7.tmp

c:\windows\system32\SET3CC.tmp

c:\windows\system32\SET3D3.tmp

c:\windows\system32\SET3DA.tmp

c:\windows\system32\SET3DC.tmp

c:\windows\system32\SET3E5.tmp

c:\windows\system32\SET3E7.tmp

c:\windows\system32\SET3F0.tmp

c:\windows\system32\SET3F3.tmp

c:\windows\system32\SET40A.tmp

c:\windows\system32\SET425.tmp

c:\windows\system32\SET426.tmp

c:\windows\system32\SET428.tmp

c:\windows\system32\SET429.tmp

c:\windows\system32\SET42D.tmp

c:\windows\system32\SET42F.tmp

c:\windows\system32\SET472.tmp

c:\windows\system32\SET475.tmp

c:\windows\system32\SET483.tmp

c:\windows\system32\SET484.tmp

c:\windows\system32\SET487.tmp

c:\windows\system32\SET488.tmp

c:\windows\system32\SET48A.tmp

c:\windows\system32\SET48B.tmp

c:\windows\system32\SET490.tmp

c:\windows\system32\SET491.tmp

c:\windows\system32\SET4D0.tmp

c:\windows\system32\SET4D3.tmp

c:\windows\system32\SET4D9.tmp

c:\windows\system32\SET4DC.tmp

c:\windows\system32\SET4EF.tmp

c:\windows\system32\SET4F0.tmp

c:\windows\system32\SET4F1.tmp

c:\windows\system32\SET508.tmp

c:\windows\system32\SET509.tmp

c:\windows\system32\SET50A.tmp

c:\windows\system32\SET517.tmp

c:\windows\system32\SET51C.tmp

c:\windows\system32\SET51E.tmp

c:\windows\system32\SET522.tmp

c:\windows\system32\SET525.tmp

c:\windows\system32\SET52B.tmp

c:\windows\system32\SET539.tmp

c:\windows\system32\SET53A.tmp

c:\windows\system32\SET546.tmp

c:\windows\system32\SET547.tmp

c:\windows\system32\SET563.tmp

c:\windows\system32\SET568.tmp

c:\windows\system32\SET58B.tmp

c:\windows\system32\SET590.tmp

c:\windows\system32\SET59F.tmp

c:\windows\system32\SET5C2.tmp

c:\windows\system32\SET5D2.tmp

c:\windows\system32\SET5E5.tmp

c:\windows\system32\SET5E8.tmp

c:\windows\system32\SET603.tmp

c:\windows\system32\SET610.tmp

c:\windows\system32\SET647.tmp

c:\windows\system32\SET650.tmp

c:\windows\system32\SET655.tmp

c:\windows\system32\SET65B.tmp

c:\windows\system32\SET664.tmp

c:\windows\system32\SET66C.tmp

c:\windows\system32\SET66D.tmp

c:\windows\system32\SET673.tmp

c:\windows\system32\SET674.tmp

c:\windows\system32\SET696.tmp

c:\windows\system32\SET697.tmp

c:\windows\system32\SET698.tmp

c:\windows\system32\SET699.tmp

c:\windows\system32\SET69A.tmp

c:\windows\system32\SET6B8.tmp

c:\windows\system32\SET6B9.tmp

c:\windows\system32\SET6BA.tmp

c:\windows\system32\SET6BB.tmp

c:\windows\system32\SET6BC.tmp

c:\windows\system32\SET6C9.tmp

c:\windows\system32\SET6CD.tmp

c:\windows\system32\SET6DB.tmp

c:\windows\system32\SET6E0.tmp

c:\windows\system32\SET6F8.tmp

c:\windows\system32\SET6F9.tmp

c:\windows\system32\SET6FA.tmp

c:\windows\system32\SET6FB.tmp

c:\windows\system32\SET6FC.tmp

c:\windows\system32\SET6FD.tmp

c:\windows\system32\SET6FE.tmp

c:\windows\system32\SET6FF.tmp

c:\windows\system32\SET700.tmp

c:\windows\system32\SET701.tmp

c:\windows\system32\SET702.tmp

c:\windows\system32\SET703.tmp

c:\windows\system32\SET704.tmp

c:\windows\system32\SET705.tmp

c:\windows\system32\SET706.tmp

c:\windows\system32\SET72B.tmp

c:\windows\system32\SET72C.tmp

c:\windows\system32\SET72D.tmp

c:\windows\system32\SET72E.tmp

c:\windows\system32\SET72F.tmp

c:\windows\system32\SET730.tmp

c:\windows\system32\SET731.tmp

c:\windows\system32\SET732.tmp

c:\windows\system32\SET733.tmp

c:\windows\system32\SET734.tmp

c:\windows\system32\SET735.tmp

c:\windows\system32\SET736.tmp

c:\windows\system32\SET737.tmp

c:\windows\system32\SET738.tmp

c:\windows\system32\SET739.tmp

c:\windows\system32\SET763.tmp

c:\windows\system32\SET764.tmp

c:\windows\system32\SET76E.tmp

c:\windows\system32\SET76F.tmp

c:\windows\system32\SET771.tmp

c:\windows\system32\SET774.tmp

c:\windows\system32\SET77D.tmp

c:\windows\system32\SET77F.tmp

c:\windows\system32\SET7B9.tmp

c:\windows\system32\SET7BA.tmp

c:\windows\system32\SET7BB.tmp

c:\windows\system32\SET7BC.tmp

c:\windows\system32\SET7BD.tmp

c:\windows\system32\SET7C0.tmp

c:\windows\system32\SET7C1.tmp

c:\windows\system32\SET7C4.tmp

c:\windows\system32\SET7C5.tmp

c:\windows\system32\SET7C6.tmp

c:\windows\system32\SET7C9.tmp

c:\windows\system32\SET7CB.tmp

c:\windows\system32\SET7F0.tmp

c:\windows\system32\SET7F3.tmp

c:\windows\system32\SET7F4.tmp

c:\windows\system32\SET7F8.tmp

c:\windows\system32\SET7FB.tmp

c:\windows\system32\SET7FC.tmp

c:\windows\system32\SET7FF.tmp

c:\windows\system32\SET800.tmp

c:\windows\system32\SET801.tmp

c:\windows\system32\SET802.tmp

c:\windows\system32\SET803.tmp

c:\windows\system32\SET804.tmp

c:\windows\system32\SET814.tmp

c:\windows\system32\SET819.tmp

c:\windows\system32\SET836.tmp

c:\windows\system32\SET83C.tmp

c:\windows\system32\SET842.tmp

c:\windows\system32\SET847.tmp

c:\windows\system32\SET84D.tmp

c:\windows\system32\SET84E.tmp

c:\windows\system32\SET84F.tmp

c:\windows\system32\SET850.tmp

c:\windows\system32\SET851.tmp

c:\windows\system32\SET875.tmp

c:\windows\system32\SET88F.tmp

c:\windows\system32\SET895.tmp

c:\windows\system32\SET89A.tmp

c:\windows\system32\SET89E.tmp

c:\windows\system32\SET8A6.tmp

c:\windows\system32\SET8A7.tmp

c:\windows\system32\SET8A8.tmp

c:\windows\system32\SET8A9.tmp

c:\windows\system32\SET8AA.tmp

c:\windows\system32\SET8AB.tmp

c:\windows\system32\SET8AC.tmp

c:\windows\system32\SET8AD.tmp

c:\windows\system32\SET8AE.tmp

c:\windows\system32\SET8AF.tmp

c:\windows\system32\SET8B0.tmp

c:\windows\system32\SET8B1.tmp

c:\windows\system32\SET8B2.tmp

c:\windows\system32\SET8B3.tmp

c:\windows\system32\SET8B4.tmp

c:\windows\system32\SET8DC.tmp

c:\windows\system32\SET907.tmp

c:\windows\system32\SET908.tmp

c:\windows\system32\SET919.tmp

c:\windows\system32\SET91A.tmp

c:\windows\system32\SET91B.tmp

c:\windows\system32\SET9B6.tmp

c:\windows\system32\SET9BD.tmp

c:\windows\system32\SET9CF.tmp

c:\windows\system32\SET9D8.tmp

c:\windows\system32\SETA10.tmp

c:\windows\system32\SETA3E.tmp

c:\windows\system32\SETA46.tmp

c:\windows\system32\SETA47.tmp

c:\windows\system32\SETA48.tmp

c:\windows\system32\SETA49.tmp

c:\windows\system32\SETA4E.tmp

c:\windows\system32\SETA58.tmp

c:\windows\system32\SETA84.tmp

c:\windows\system32\SETA8F.tmp

c:\windows\system32\uninst0.tmp

.

.

((((((((((((((((((((((((((((((((((((((( 驱动/服务 )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_KINGSOFT_ANTIVIRUS_WEBSHIELD_SERVICE

.

.

((((((((((((((((((((((((( 2012-03-18 至 2012-04-18 的新的档案 )))))))))))))))))))))))))))))))

.

.

2012-04-16 08:37 . 2012-04-17 17:04 -------- d-----w- c:\windows\system32\drivers\AVG

2012-04-16 08:37 . 2012-04-16 08:37 -------- d-----w- C:\$AVG

2012-04-12 02:18 . 2012-04-12 09:31 -------- d-----w- c:\windows\system32\NtmsData

2012-04-12 01:26 . 2012-04-12 01:26 -------- d-----w- c:\documents and settings\hou\Application Data\Malwarebytes

2012-04-12 01:26 . 2012-04-12 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-04-12 01:26 . 2012-04-12 01:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-04-12 01:26 . 2012-04-04 15:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-11 13:40 . 2012-04-11 13:40 -------- d-----w- c:\documents and settings\hou\Application Data\AVG2012

2012-04-11 13:38 . 2012-04-16 08:38 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012

2012-04-11 13:37 . 2012-04-11 13:37 -------- d-----w- c:\program files\AVG

2012-04-11 13:32 . 2012-04-11 13:32 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2012-04-11 13:32 . 2012-04-17 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2012-04-11 13:25 . 2012-04-12 16:08 -------- d-----w- c:\documents and settings\hou\Local Settings\Application Data\NPE

2012-04-11 13:25 . 2012-04-11 13:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2012-04-11 08:48 . 2008-04-14 00:12 169984 ----a-w- c:\windows\system32\msconfig.exe

2012-04-09 08:28 . 2012-04-09 08:28 -------- d-----w- c:\documents and settings\hou\Application Data\360mobilemgr

2012-04-08 15:19 . 2012-04-12 02:02 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-04-08 15:19 . 2012-04-12 02:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2012-04-08 08:08 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2012-04-08 08:06 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2012-04-08 07:52 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2012-04-08 07:51 . 2012-02-28 18:50 532480 -c----w- c:\windows\system32\dllcache\mstime.dll

2012-04-08 07:51 . 2012-02-28 18:50 449536 -c----w- c:\windows\system32\dllcache\mshtmled.dll

2012-04-08 07:51 . 2012-02-28 18:50 37888 -c----w- c:\windows\system32\dllcache\url.dll

2012-04-08 07:42 . 2011-04-29 19:07 852480 -c----w- c:\windows\system32\dllcache\vgx.dll

2012-04-08 07:42 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2012-04-08 07:42 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll

2012-04-08 07:42 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll

2012-04-08 07:41 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe

2012-04-08 07:41 . 2012-01-09 16:20 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys

2012-04-07 22:59 . 2012-04-07 22:59 -------- d-----w- c:\windows\system32\XPSViewer

2012-04-07 22:59 . 2012-04-07 22:59 -------- d-----w- c:\program files\MSBuild

2012-04-07 22:59 . 2012-04-07 22:59 -------- d-----w- c:\program files\Reference Assemblies

2012-04-07 17:21 . 2012-04-12 01:34 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2012-04-07 17:21 . 2012-04-08 09:46 -------- d-----w- c:\program files\AVAST Software

2012-04-07 16:43 . 2012-04-07 16:43 -------- d-----w- c:\windows\system32\scripting

2012-04-07 16:43 . 2012-04-07 16:43 -------- d-----w- c:\windows\system32\en

2012-04-07 16:43 . 2012-04-07 16:43 -------- d-----w- c:\windows\system32\bits

2012-04-07 16:43 . 2012-04-07 16:43 -------- d-----w- c:\windows\l2schemas

2012-04-07 16:28 . 2012-04-09 12:17 -------- d-----w- c:\documents and settings\hou\Application Data\Skype

2012-04-07 16:28 . 2012-04-07 16:28 -------- d-----w- c:\program files\Common Files\Skype

2012-04-07 16:28 . 2012-04-07 17:40 -------- d-----r- c:\program files\Skype

2012-04-07 16:09 . 2012-04-07 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2012-04-07 15:51 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2012-04-07 15:51 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2012-04-07 15:51 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2012-04-07 15:51 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2012-04-07 15:51 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2012-04-07 15:51 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2012-04-07 15:51 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2012-04-07 15:51 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2012-04-07 15:51 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2012-04-07 15:11 . 2008-10-23 13:39 713216 -c----w- c:\windows\system32\dllcache\sxs.dll

2012-04-07 15:11 . 2012-04-07 15:11 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-07 15:11 . 2012-04-07 15:11 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-07 15:09 . 2012-04-07 15:09 -------- d--h--w- c:\windows\system32\GroupPolicy

2012-04-07 15:01 . 2008-04-13 18:36 44672 ------w- c:\windows\system32\drivers\uagp35.sys

2012-04-07 15:00 . 2004-08-03 22:29 1897408 ------w- c:\windows\system32\drivers\nv4_mini.sys

2012-04-07 14:59 . 2008-04-14 00:11 86016 ------w- c:\windows\system32\mdmxsdk.dll

2012-04-07 14:59 . 2004-08-03 22:41 11868 ------w- c:\windows\system32\drivers\mdmxsdk.sys

2012-04-07 14:59 . 2008-04-14 00:11 37376 ------w- c:\windows\system32\l2gpstore.dll

2012-04-07 14:59 . 2008-04-14 00:11 61440 ------w- c:\windows\system32\kmsvc.dll

2012-04-07 14:59 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdpash.dll

2012-04-07 14:59 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdnepr.dll

2012-04-07 14:59 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdiultn.dll

2012-04-07 14:59 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdbhc.dll

2012-04-07 14:59 . 2008-04-14 00:12 10752 ------w- c:\windows\system32\smtpapi.dll

2012-04-07 14:59 . 2008-04-14 00:12 9728 ------w- c:\windows\system32\rwnh.dll

2012-04-07 14:59 . 2008-04-13 18:45 46592 ------w- c:\windows\system32\drivers\irbus.sys

2012-04-07 14:59 . 2008-04-13 18:43 9728 ------w- c:\windows\system32\comsdupd.exe

2012-04-07 14:57 . 2008-04-14 00:12 9728 ------w- c:\windows\system32\ativdaxx.ax

2012-04-07 14:10 . 2012-04-07 14:10 -------- d-----w- c:\documents and settings\hou\Application Data\IObit

2012-04-07 14:10 . 2011-12-16 17:21 29016 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2012-04-07 14:10 . 2010-11-26 18:02 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

2012-04-07 14:10 . 2012-04-07 14:10 -------- d-----w- c:\program files\IObit

2012-04-07 09:51 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-07 09:20 . 2011-05-10 00:54 262040 ----a-w- c:\windows\system32\JfCheck.dll

2012-02-29 14:10 . 2007-05-30 08:13 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10 . 2007-05-30 08:13 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-28 18:50 . 2007-05-30 08:13 667136 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 18:50 . 2007-05-30 08:13 61952 ----a-w- c:\windows\system32\tdc.ocx

2012-02-28 18:50 . 2007-05-30 08:13 81920 ----a-w- c:\windows\system32\ieencode.dll

2012-02-28 13:50 . 2007-05-30 08:13 369664 ----a-w- c:\windows\system32\html.iec

2012-02-22 05:25 . 2012-02-22 05:25 299472 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2012-02-22 05:25 . 2012-02-22 05:25 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2012-02-03 09:22 . 2009-11-06 17:22 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-31 04:46 . 2012-01-31 04:46 31952 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

.

.

((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*注意* 空白与合法缺省登录将不会被显示

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CKu6Service]

@="{A198C5A5-7CB6-4A2F-A96F-5C127E6A919F}"

[HKEY_CLASSES_ROOT\CLSID\{A198C5A5-7CB6-4A2F-A96F-5C127E6A919F}]

2010-06-21 06:34 325232 ----a-w- c:\windows\Ku6Kss.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-09 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-09 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-09 138008]

"RTHDCPL"="RTHDCPL.EXE" [2007-03-13 16125440]

"TOSDCR"="TOSDCR.EXE" [2005-12-12 57344]

"TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 49152]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-02-16 2575712]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk

backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\000StTHK]

2001-06-23 03:28 24576 ----a-w- c:\windows\system32\000StTHK.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]

2004-03-24 05:40 196608 ----a-w- c:\program files\Apoint2K\Apoint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D4Svr_ICBC.exe]

2010-05-25 02:35 62768 ----a-w- c:\windows\system32\D4Svr_ICBC.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFNF5]

2006-04-11 01:14 622592 ----a-w- c:\windows\system32\TFNF5.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\小工具\\飞鸽传书.exe"=

"d:\\Program Files\\飞鸽传书.EXE"=

"d:\\Program Files\\浩方电竞平台5.3.3\\GameClient.exe"=

"d:\\万能播放器\\Storm.exe"=

"d:\\万能播放器\\StormUpdate.dll"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"d:\\安装程序\\酷6网\\极速酷6\\Ku6SpeedUpper.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

"c:\\Program Files\\D?1¤??\\·é??′?êé.exe"=

"d:\\Program Files\\·é??′?êé.EXE"=

"d:\\Program Files\\o?·?μ??o??ì¨5.3.3\\GameClient.exe"=

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\avgidsehx.sys [12/23/2011 1:32 PM 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/31/2012 4:46 AM 31952]

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [4/7/2012 2:10 PM 14776]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/9/2009 1:33 PM 721904]

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [3/22/2007 12:07 PM 20992]

R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [3/9/2007 2:23 PM 6528]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/22/2012 5:25 AM 235216]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/22/2012 5:25 AM 299472]

R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [5/30/2007 3:23 PM 5888]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]

R2 DCService.exe;DCService.exe;c:\documents and settings\All Users\Application Data\DatacardService\DCService.exe [11/20/2009 8:41 AM 212992]

R2 OnKey Service _ICBC;OnKey Service _ICBC;c:\windows\system32\D4Ser_ICBC.exe [5/25/2010 2:35 AM 58672]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/31/2012 3:09 PM 158856]

R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [5/5/2006 4:33 PM 3456]

R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [3/26/2007 11:22 AM 105856]

R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2/19/2007 11:15 AM 134016]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [5/31/2007 3:10 PM 35968]

R3 rasuw;ChinaNet WLAN Adapter;c:\windows\system32\drivers\rasuw.sys [1/25/2010 5:29 PM 33280]

R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [5/30/2007 3:26 PM 435072]

S0 abvx;abvx;c:\windows\system32\drivers\flxnhtt.sys --> c:\windows\system32\drivers\flxnhtt.sys [?]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2/14/2012 4:52 AM 5104992]

S2 gupdate;Google 更新服务 (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/7/2012 9:38 AM 116648]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/7/2012 3:11 PM 253600]

S3 gupdatem;Google 更新服务 (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/7/2012 9:38 AM 116648]

S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [1/25/2010 5:29 PM 100736]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

DoctorService REG_MULTI_SZ XLDoctor Service

.

‘计划任务’ 文件夹 里的内容

.

2012-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 15:11]

.

2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-07 09:38]

.

2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-07 09:38]

.

.

------- 而外的扫描 -------

.

uStart Page = about:blank

mStart Page = about:blank

IE: 导出到 Microsoft Office Excel(&X) - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: com.cn\mybank.icbc

Trusted Zone: com.cn\vip.icbc

Trusted Zone: com.cn\www.icbc

Trusted Zone: ctc10000.com\wlan

TCP: DhcpNameServer = 202.106.0.20 202.106.46.151

DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} - hxxps://b2c.icbc.com.cn/icbc/newperbank/AxSafeControls.cab

DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} - hxxp://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-StormCodec_Helper - c:\program files\Ringz Studio\Storm Codec\StormSet.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-18 07:22

Windows 5.1.2600 Service Pack 3 NTFS

.

扫描被隐藏的进程 。。。

.

扫描被隐藏的启动组 。。。

.

扫描被隐藏的文件 。。。

.

扫描完成

被隐藏的档案: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1409082233-1214440339-682003330-500_Classes\Applications\\錧wQ.*l*n*k*\shell\open\command]

@="\"c:\\Documents and Settings\\hou\\Desktop\\Tools\\小工具.lnk\" %1"

.

[HKEY_LOCAL_MACHINE\software\Classes\M*S*C*A*L*.*錯哠\CLSID]

@="{8E27C92B-1264-101C-8A2F-040224009C02}"

.

[HKEY_LOCAL_MACHINE\software\Classes\M*S*C*A*L*.*錯哠\CurVer]

@="MSCAL.日历.7"

.

--------------------- 运行进程下的动态链接库 ---------------------

.

- - - - - - - > 'explorer.exe'(2676)

c:\windows\Ku6Kss.dll

c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

c:\windows\system32\igfxpph.dll

c:\windows\system32\hccutils.DLL

c:\windows\system32\igfxres.dll

c:\windows\system32\igfxress.dll

c:\windows\system32\igfxsrvc.dll

.

------------------------ 其他运行进程 ------------------------

.

c:\windows\system32\conime.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\igfxsrvc.exe

c:\windows\system32\agrsmsvc.exe

c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe

c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

c:\windows\system32\D4MON_ICBC.exe

c:\windows\system32\ThpSrv.exe

c:\windows\system32\TODDSrv.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\rundll32.exe

.

**************************************************************************

.

完成时间: 2012-04-18 07:23:55 - 电脑已重新启动

ComboFix-quarantined-files.txt 2012-04-18 07:23

.

Pre-Run: 3,688,710,144 bytes free

Post-Run: 5,178,945,536 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-CHS.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /forceresetreg

.

- - End Of File - - 17FE6F98754DCB9A46A268C7BF551D85

Link to post
Share on other sites

Although purchased in the US, with a US version of XP, this machine lives in China, and belongs to a Chinese lady. Maybe I should have mentioned it earlier, the language bar is malfunctioning, has been since I got here (to china) and started trying to clean up this machine. I can give you details about the language bar if you like.

In case it matters, I disabled AVG for the combofix scan, but the PC booted in the middle, after installing the console. Combofix restarted early after the reboot, and it took a couple minutes before I could turn AVG off again, for the remainder of the scan.

M-bam still crashes, how quickly is inconsistent, anywhere from a couple minutes to over 40. M-BAM always show 4 or 6 objects when it crashes, variable from attempt to attempt.

I actually timed the delay in the middle of booting, just a few seconds over 2 minutes. This is not a beefy laptop, but that seems too long to me (longer than I expect, base on other machines I have), does that strike you as too long? I would be happy to switch back to |Avast (current AVG), if you like.

I ran m-bam right after combofix finished, it crashed. I am running it one more time, now, just to see. The only other thing I did was fuss with the language bar again. Opps, just crashed again.

Thanks again for all your help, I've done a lot of PC work over the years, but you are beyond my level of expertise, I really appreciate it.

Link to post
Share on other sites

<p>Hey</p>

<p>Well, I went maverick -- I removed m-bam with mbam-clean.  I re-downloaded the install file, from file hippo (not cnet) this time (same version came down).  Ran (and updated) m-mam.  It completed, 6 things.  See log.</p>

<p> </p>

<p> </p>

<div>Malwarebytes Anti-Malware 1.61.0.1400</div>

<div>www.malwarebytes.org</div>

<div> </div>

<div>Database version: v2012.04.18.07</div>

<div> </div>

<div>Windows XP Service Pack 3 x86 NTFS</div>

<div>Internet Explorer 6.0.2900.5512</div>

<div>hou :: HELEN-LAPTOP [administrator]</div>

<div> </div>

<div>4/18/2012 9:35:35 AM</div>

<div>mbam-log-2012-04-18 (09-35-35).txt</div>

<div> </div>

<div>Scan type: Full scan</div>

<div>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P</div>

<div>Scan options disabled: </div>

<div>Objects scanned: 266689</div>

<div>Time elapsed: 35 minute(s), 50 second(s)</div>

<div> </div>

<div>Memory Processes Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Memory Modules Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Registry Keys Detected: 1</div>

<div>HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB360000 (Trojan.Agent) -> Quarantined and deleted successfully.</div>

<div> </div>

<div>Registry Values Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Registry Data Items Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Folders Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Files Detected: 5</div>

<div>C:\Program Files\360\360safe\makereport.exe (Backdoor.Wuca) -> Quarantined and deleted successfully.</div>

<div>C:\Program Files\360\360safe\360rpt.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.</div>

<div>C:\Program Files\360\360safe\repairleakdll.dll (Trojan.Agent) -> Quarantined and deleted successfully.</div>

<div>C:\Program Files\360\360safe\LeakCheck.dll (Trojan.Agent) -> Quarantined and deleted successfully.</div>

<div>C:\WINDOWS\$NtUninstallKB360000$\hcphotfixer2.exe (Trojan.Agent) -> Quarantined and deleted successfully.</div>

<div> </div>

<div>(end)</div>

<div> </div>

Link to post
Share on other sites

C:\Program Files\360\360safe\makereport.exe (Backdoor.Wuca) -> Quarantined and deleted successfully

That's not good.

Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps
  • Removing this infection can also disable the ability to connect to the internet.

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

Please post back to let me know how you wish to proceed.

Link to post
Share on other sites

Hey

I would be more than happy to rebuild this machine, but I don't have the install media. My "bag of tricks" is back in the US. The owner of the PC says she can get an install disk but I have 2 concerns about that.

1) it will probably be the Chinese version of XP, which I assume won't match to key on the bottom of the machine. Can you confirm (or refute) my suspicion that the product key is quite specific, and if I have the wrong version of XP pro, it won't work....

And 2) I assume I need a bookable CD. If I boot from this (infected) PC and then install over the top of the existing OS, I assume the infection will be active in memory, and will simply infect the new install. Can you confirm this for me, please?

I was also wondering if I take the disk out of the PC and put it in one of those USB enclosures, and then scan it from a different PC, if that would work. Three issues: A) I don't have such an enclosure in China (but probably can get one). B) Might cleaning in this way damage the OS files so it won't boot. and C) Would scanning in this manner check the boot sector?

Helen will check what kind of disk she can get. We probably won't know for a few days (everything happens slowly in China).

I am open to trying to clean it in the meanwhile.

Would you prefer to wait and see if I can get a

Bootable

XP Pro

US/English

for Toshiba Techra (would that be called the OEM version)?

or start cleaning? I'm game.

Thanks

Blessings

David

Link to post
Share on other sites

Actually

The more I read about trying to get a bootable install disk, the more reluctant I get. I am reading that any "street" version of a disk (especially here in China) is highly suspect at best, and could easily install who-knows-what. Starting to think a cleaning effort is a better first choice. Your thoughts?

Link to post
Share on other sites

At this point I don't think we have much to lose.

Make sure you have saved / backed up anything important.

Please download RogueKiller.exe and save it to your desktop.

Save it to the Desktop.

Once the program is on the Desktop, close all open programs.

For Vista/Windows 7, right click the file and select: Run as Administrator

For XP, double-click RogueKiller.exe

Note: If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

When the program runs, a screen with the following choices appears:

1 Scan

2 Delete

3 Hosts Fix

4 Proxy Fix

5 DNS Fix

6 Shortcuts HJ Fix

0 Exit

When prompted, type 1 and hit Enter.

When done, an RKreport.txt and an RK Quarantine folder appear on the Desktop.

(Note: If the program is blocked, do not hesitate to try several times.

If it really does not work (it could happen), rename it to winlogon.exe)

Please post the contents of the >RKreport.txt< in your reply.

Link to post
Share on other sites

AVG complained, but I said "go ahead".

It looks like it did run OK, but some weirdness happened:

A) two copies launched (maybe I clicked it too many times)

B) I did not enter 1 can hit enter, I clicked on "scan"

C) It complained that we did not fix anything when I tried to exit.

D) it locked up and I had to shut down from task manager

Report was there when I rebooted, copied below.

RogueKiller V7.3.2 [03/20/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: hou [Admin rights]

Mode: Scan -- Date: 04/20/2012 14:49:43

¤¤¤ Bad processes: 4 ¤¤¤

[sUSP PATH] Ku6Kss.dll -- C:\WINDOWS\Ku6Kss.dll -> UNLOADED

[sUSP PATH] Ku6Kss.dll -- C:\WINDOWS\Ku6Kss.dll -> KILLED [TermProc]

[sUSP PATH] DCService.exe -- C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe -> KILLED [TermProc]

[sUSP PATH] Ku6Kss.dll -- C:\WINDOWS\Ku6Kss.dll -> UNLOADED

¤¤¤ Registry Entries: 1 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[FAKED] nwlnknb.sys : c:\windows\system32\drivers\nwlnknb.sys --> CANNOT FIX

¤¤¤ Driver: [LOADED] ¤¤¤

SSDT[111] : NtNotifyChangeKey @ 0x806262DE -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0xA24BE004)

SSDT[112] : NtNotifyChangeMultipleKeys @ 0x80624F12 -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0xA24BE0D4)

SSDT[122] : NtOpenProcess @ 0x805CB440 -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0xA24BDD76)

SSDT[257] : NtTerminateProcess @ 0x805D29E2 -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0xA24BDE1E)

SSDT[258] : NtTerminateThread @ 0x805D2BDC -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0xA24BDEBA)

SSDT[277] : NtWriteVirtualMemory @ 0x805B43CC -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0xA24BDF56)

S_SSDT[383] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0xA24BE59E)

S_SSDT[414] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0xA24BE50A)

S_SSDT[416] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0xA24BE54A)

S_SSDT[549] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0xA24BE49C)

IRP[iRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9DDDB40)

IRP[iRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9DDDB40)

IRP[iRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9DDDB40)

IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9DDDB40)

IRP[iRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9DDDB40)

IRP[iRP_MJ_DEVICE_CHANGE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9DDDB40)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS541612J9SA00 +++++

--- User ---

[MBR] e782d16944a7eb7a9f9b4f2d798a9122

[bSP] 9535cee6238259816d6124e557cef244 : MBR Code unknown

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 19077 Mo

1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 39070080 | Size: 95393 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

See combo fix results below. I noticed that during the combofix run, the language bar was working properly. Once it was done, the L-bar was broken again. I would guess that some of the l-bar files are involved with the infection.

ComboFix 12-04-18.02 - hou 04/21/2012 7:42.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1510 [GMT 0:00]

Running from: c:\documents and settings\hou\My Documents\Downloads\Cleaning tools\ComboFix\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb

c:\windows\repair3.html

c:\windows\system32\config\mcckmplayervod.ini

c:\windows\system32\msconfig.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-03-21 to 2012-04-21 )))))))))))))))))))))))))))))))

.

.

2012-04-18 11:45 . 2012-04-20 15:05 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-04-18 11:45 . 2012-04-18 11:45 -------- d-----w- c:\documents and settings\hou\Application Data\Malwarebytes

2012-04-18 11:45 . 2012-04-18 11:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-04-18 11:45 . 2012-04-18 11:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-04-18 11:45 . 2012-04-04 15:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-16 08:37 . 2012-04-20 14:42 -------- d-----w- c:\windows\system32\drivers\AVG

2012-04-16 08:37 . 2012-04-16 08:37 -------- d-----w- C:\$AVG

2012-04-12 02:18 . 2012-04-12 09:31 -------- d-----w- c:\windows\system32\NtmsData

2012-04-11 13:40 . 2012-04-11 13:40 -------- d-----w- c:\documents and settings\hou\Application Data\AVG2012

2012-04-11 13:38 . 2012-04-16 08:38 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012

2012-04-11 13:37 . 2012-04-11 13:37 -------- d-----w- c:\program files\AVG

2012-04-11 13:32 . 2012-04-11 13:32 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2012-04-11 13:32 . 2012-04-20 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2012-04-11 13:25 . 2012-04-12 16:08 -------- d-----w- c:\documents and settings\hou\Local Settings\Application Data\NPE

2012-04-11 13:25 . 2012-04-11 13:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2012-04-09 08:28 . 2012-04-09 08:28 -------- d-----w- c:\documents and settings\hou\Application Data\360mobilemgr

2012-04-08 15:19 . 2012-04-18 09:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2012-04-08 15:19 . 2012-04-18 09:40 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-04-08 08:08 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2012-04-08 08:06 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2012-04-08 07:52 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2012-04-08 07:51 . 2012-02-28 18:50 532480 -c----w- c:\windows\system32\dllcache\mstime.dll

2012-04-08 07:51 . 2012-02-28 18:50 449536 -c----w- c:\windows\system32\dllcache\mshtmled.dll

2012-04-08 07:51 . 2012-02-28 18:50 37888 -c----w- c:\windows\system32\dllcache\url.dll

2012-04-08 07:42 . 2011-04-29 19:07 852480 -c----w- c:\windows\system32\dllcache\vgx.dll

2012-04-08 07:42 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2012-04-08 07:42 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll

2012-04-08 07:42 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll

2012-04-08 07:41 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe

2012-04-08 07:41 . 2012-01-09 16:20 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys

2012-04-07 22:59 . 2012-04-07 22:59 -------- d-----w- c:\windows\system32\XPSViewer

2012-04-07 22:59 . 2012-04-07 22:59 -------- d-----w- c:\program files\MSBuild

2012-04-07 22:59 . 2012-04-07 22:59 -------- d-----w- c:\program files\Reference Assemblies

2012-04-07 17:21 . 2012-04-12 01:34 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2012-04-07 17:21 . 2012-04-08 09:46 -------- d-----w- c:\program files\AVAST Software

2012-04-07 16:43 . 2012-04-07 16:43 -------- d-----w- c:\windows\system32\scripting

2012-04-07 16:43 . 2012-04-07 16:43 -------- d-----w- c:\windows\system32\en

2012-04-07 16:43 . 2012-04-07 16:43 -------- d-----w- c:\windows\system32\bits

2012-04-07 16:43 . 2012-04-07 16:43 -------- d-----w- c:\windows\l2schemas

2012-04-07 16:28 . 2012-04-09 12:17 -------- d-----w- c:\documents and settings\hou\Application Data\Skype

2012-04-07 16:28 . 2012-04-07 16:28 -------- d-----w- c:\program files\Common Files\Skype

2012-04-07 16:28 . 2012-04-07 17:40 -------- d-----r- c:\program files\Skype

2012-04-07 16:09 . 2012-04-07 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2012-04-07 15:51 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2012-04-07 15:51 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2012-04-07 15:51 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2012-04-07 15:51 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2012-04-07 15:51 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2012-04-07 15:51 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2012-04-07 15:51 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2012-04-07 15:51 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2012-04-07 15:51 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2012-04-07 15:11 . 2008-10-23 13:39 713216 -c----w- c:\windows\system32\dllcache\sxs.dll

2012-04-07 15:11 . 2012-04-07 15:11 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-07 15:11 . 2012-04-07 15:11 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-07 15:09 . 2012-04-07 15:09 -------- d--h--w- c:\windows\system32\GroupPolicy

2012-04-07 15:01 . 2008-04-13 18:36 44672 ------w- c:\windows\system32\drivers\uagp35.sys

2012-04-07 15:00 . 2004-08-03 22:29 1897408 ------w- c:\windows\system32\drivers\nv4_mini.sys

2012-04-07 14:59 . 2008-04-14 00:11 86016 ------w- c:\windows\system32\mdmxsdk.dll

2012-04-07 14:59 . 2004-08-03 22:41 11868 ------w- c:\windows\system32\drivers\mdmxsdk.sys

2012-04-07 14:59 . 2008-04-14 00:11 37376 ------w- c:\windows\system32\l2gpstore.dll

2012-04-07 14:59 . 2008-04-14 00:11 61440 ------w- c:\windows\system32\kmsvc.dll

2012-04-07 14:59 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdpash.dll

2012-04-07 14:59 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdnepr.dll

2012-04-07 14:59 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdiultn.dll

2012-04-07 14:59 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdbhc.dll

2012-04-07 14:59 . 2008-04-14 00:12 10752 ------w- c:\windows\system32\smtpapi.dll

2012-04-07 14:59 . 2008-04-14 00:12 9728 ------w- c:\windows\system32\rwnh.dll

2012-04-07 14:59 . 2008-04-13 18:45 46592 ------w- c:\windows\system32\drivers\irbus.sys

2012-04-07 14:59 . 2008-04-13 18:43 9728 ------w- c:\windows\system32\comsdupd.exe

2012-04-07 14:57 . 2008-04-14 00:12 9728 ------w- c:\windows\system32\ativdaxx.ax

2012-04-07 14:10 . 2012-04-07 14:10 -------- d-----w- c:\documents and settings\hou\Application Data\IObit

2012-04-07 14:10 . 2011-12-16 17:21 29016 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2012-04-07 14:10 . 2010-11-26 18:02 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

2012-04-07 14:10 . 2012-04-07 14:10 -------- d-----w- c:\program files\IObit

2012-04-07 09:51 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-07 09:20 . 2011-05-10 00:54 262040 ----a-w- c:\windows\system32\JfCheck.dll

2012-02-29 14:10 . 2007-05-30 08:13 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10 . 2007-05-30 08:13 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-28 18:50 . 2007-05-30 08:13 667136 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 18:50 . 2007-05-30 08:13 61952 ----a-w- c:\windows\system32\tdc.ocx

2012-02-28 18:50 . 2007-05-30 08:13 81920 ----a-w- c:\windows\system32\ieencode.dll

2012-02-28 13:50 . 2007-05-30 08:13 369664 ----a-w- c:\windows\system32\html.iec

2012-02-22 05:25 . 2012-02-22 05:25 299472 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2012-02-22 05:25 . 2012-02-22 05:25 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2012-02-03 09:22 . 2009-11-06 17:22 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-31 04:46 . 2012-01-31 04:46 31952 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-04-18_07.20.03 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-05-30 10:18 . 2012-04-18 09:08 294072 c:\windows\system32\FNTCACHE.DAT

- 2007-05-30 10:18 . 2012-04-08 08:49 294072 c:\windows\system32\FNTCACHE.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CKu6Service]

@="{A198C5A5-7CB6-4A2F-A96F-5C127E6A919F}"

[HKEY_CLASSES_ROOT\CLSID\{A198C5A5-7CB6-4A2F-A96F-5C127E6A919F}]

2010-06-21 06:34 325232 ----a-w- c:\windows\Ku6Kss.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-09 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-09 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-09 138008]

"RTHDCPL"="RTHDCPL.EXE" [2007-03-13 16125440]

"TOSDCR"="TOSDCR.EXE" [2005-12-12 57344]

"TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 49152]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-02-16 2575712]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk

backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\000StTHK]

2001-06-23 03:28 24576 ----a-w- c:\windows\system32\000StTHK.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]

2004-03-24 05:40 196608 ----a-w- c:\program files\Apoint2K\Apoint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D4Svr_ICBC.exe]

2010-05-25 02:35 62768 ----a-w- c:\windows\system32\D4Svr_ICBC.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFNF5]

2006-04-11 01:14 622592 ----a-w- c:\windows\system32\TFNF5.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\???\\????.exe"=

"d:\\Program Files\\????.EXE"=

"d:\\Program Files\\??????5.3.3\\GameClient.exe"=

"d:\\?????\\Storm.exe"=

"d:\\?????\\StormUpdate.dll"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"d:\\????\\?6?\\???6\\Ku6SpeedUpper.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

"c:\program files\???\????.exe"=

"d:\program files\????.EXE"=

"d:\program files\??????5.3.3\GameClient.exe"=

"d:\?????\Storm.exe"=

"d:\?????\StormUpdate.dll"=

"d:\????\?6?\???6\Ku6SpeedUpper.exe"=

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\avgidsehx.sys [12/23/2011 1:32 PM 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/31/2012 4:46 AM 31952]

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [4/7/2012 2:10 PM 14776]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/9/2009 1:33 PM 721904]

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [3/22/2007 12:07 PM 20992]

R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [3/9/2007 2:23 PM 6528]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/22/2012 5:25 AM 235216]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/22/2012 5:25 AM 299472]

R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [5/30/2007 3:23 PM 5888]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]

R2 OnKey Service _ICBC;OnKey Service _ICBC;c:\windows\system32\D4Ser_ICBC.exe [5/25/2010 2:35 AM 58672]

R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [5/5/2006 4:33 PM 3456]

R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [3/26/2007 11:22 AM 105856]

R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2/19/2007 11:15 AM 134016]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [5/31/2007 3:10 PM 35968]

R3 rasuw;ChinaNet WLAN Adapter;c:\windows\system32\drivers\rasuw.sys [1/25/2010 5:29 PM 33280]

R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [5/30/2007 3:26 PM 435072]

S0 abvx;abvx;c:\windows\system32\drivers\flxnhtt.sys --> c:\windows\system32\drivers\flxnhtt.sys [?]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2/14/2012 4:52 AM 5104992]

S2 DCService.exe;DCService.exe;c:\documents and settings\All Users\Application Data\DatacardService\DCService.exe [11/20/2009 8:41 AM 212992]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/31/2012 3:09 PM 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/7/2012 3:11 PM 253600]

S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [1/25/2010 5:29 PM 100736]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [4/18/2012 11:45 AM 40776]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

DoctorService REG_MULTI_SZ XLDoctor Service

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-21 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 15:11]

.

2012-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-07 09:38]

.

2012-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-07 09:38]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

mStart Page = about:blank

IE: ??? Microsoft Office Excel(&X) - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: com.cn\mybank.icbc

Trusted Zone: com.cn\vip.icbc

Trusted Zone: com.cn\www.icbc

Trusted Zone: ctc10000.com\wlan

DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} - hxxps://b2c.icbc.com.cn/icbc/newperbank/AxSafeControls.cab

DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} - hxxp://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-21 07:46

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1409082233-1214440339-682003330-500_Classes\Applications\\å]wQ.*l*n*k*\shell\open\command]

@="\"c:\\Documents and Settings\\hou\\Desktop\\Tools\\???.lnk\" %1"

.

[HKEY_LOCAL_MACHINE\software\Classes\M*S*C*A*L*.*åe†S\CLSID]

@="{8E27C92B-1264-101C-8A2F-040224009C02}"

.

[HKEY_LOCAL_MACHINE\software\Classes\M*S*C*A*L*.*åe†S\CurVer]

@="MSCAL.??.7"

.

Completion time: 2012-04-21 07:47:25

ComboFix-quarantined-files.txt 2012-04-21 07:47

ComboFix2.txt 2012-04-18 07:23

.

Pre-Run: 5,047,365,632 bytes free

Post-Run: 5,027,672,064 bytes free

.

- - End Of File - - 938C4337CF90559E07B5302E1859D72D

Link to post
Share on other sites

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

File::
c:\windows\system32\drivers\flxnhtt.sys

ClearJavaCache::

Driver::
abvx

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Boot is slightly quicker, but still a delay of almost 2 minutes. Language bar is still broken. MWB (existing install) still dies.

ComboFix 12-04-18.02 - hou 04/22/2012 8:00.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1409 [GMT 0:00]

Running from: c:\documents and settings\hou\My Documents\Downloads\Cleaning tools\ComboFix\ComboFix.exe

Command switches used :: c:\documents and settings\hou\My Documents\Downloads\Cleaning tools\ComboFix\CFScript

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

* Created a new restore point

.

FILE ::

"c:\windows\system32\drivers\flxnhtt.sys"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_abvx

.

.

((((((((((((((((((((((((( Files Created from 2012-03-22 to 2012-04-22 )))))))))))))))))))))))))))))))

.

.

2012-04-18 11:45 . 2012-04-21 07:52 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-04-18 11:45 . 2012-04-18 11:45 -------- d-----w- c:\documents and settings\hou\Application Data\Malwarebytes

2012-04-18 11:45 . 2012-04-18 11:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-04-18 11:45 . 2012-04-18 11:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-04-18 11:45 . 2012-04-04 15:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-16 08:37 . 2012-04-22 07:57 -------- d-----w- c:\windows\system32\drivers\AVG

2012-04-16 08:37 . 2012-04-16 08:37 -------- d-----w- C:\$AVG

2012-04-12 02:18 . 2012-04-12 09:31 -------- d-----w- c:\windows\system32\NtmsData

2012-04-11 13:40 . 2012-04-11 13:40 -------- d-----w- c:\documents and settings\hou\Application Data\AVG2012

2012-04-11 13:38 . 2012-04-16 08:38 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012

2012-04-11 13:37 . 2012-04-11 13:37 -------- d-----w- c:\program files\AVG

2012-04-11 13:32 . 2012-04-11 13:32 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2012-04-11 13:32 . 2012-04-22 07:57 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2012-04-11 13:25 . 2012-04-12 16:08 -------- d-----w- c:\documents and settings\hou\Local Settings\Application Data\NPE

2012-04-11 13:25 . 2012-04-11 13:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2012-04-09 08:28 . 2012-04-09 08:28 -------- d-----w- c:\documents and settings\hou\Application Data\360mobilemgr

2012-04-08 15:19 . 2012-04-18 09:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2012-04-08 15:19 . 2012-04-18 09:40 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-04-08 08:08 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2012-04-08 08:06 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2012-04-08 07:52 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2012-04-08 07:51 . 2012-02-28 18:50 532480 -c----w- c:\windows\system32\dllcache\mstime.dll

2012-04-08 07:51 . 2012-02-28 18:50 449536 -c----w- c:\windows\system32\dllcache\mshtmled.dll

2012-04-08 07:51 . 2012-02-28 18:50 37888 -c----w- c:\windows\system32\dllcache\url.dll

2012-04-08 07:42 . 2011-04-29 19:07 852480 -c----w- c:\windows\system32\dllcache\vgx.dll

2012-04-08 07:42 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2012-04-08 07:42 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll

2012-04-08 07:42 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll

2012-04-08 07:41 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe

2012-04-08 07:41 . 2012-01-09 16:20 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys

2012-04-07 22:59 . 2012-04-07 22:59 -------- d-----w- c:\windows\system32\XPSViewer

2012-04-07 22:59 . 2012-04-07 22:59 -------- d-----w- c:\program files\MSBuild

2012-04-07 22:59 . 2012-04-07 22:59 -------- d-----w- c:\program files\Reference Assemblies

2012-04-07 17:21 . 2012-04-12 01:34 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2012-04-07 17:21 . 2012-04-08 09:46 -------- d-----w- c:\program files\AVAST Software

2012-04-07 16:43 . 2012-04-07 16:43 -------- d-----w- c:\windows\system32\scripting

2012-04-07 16:43 . 2012-04-07 16:43 -------- d-----w- c:\windows\system32\en

2012-04-07 16:43 . 2012-04-07 16:43 -------- d-----w- c:\windows\system32\bits

2012-04-07 16:43 . 2012-04-07 16:43 -------- d-----w- c:\windows\l2schemas

2012-04-07 16:28 . 2012-04-09 12:17 -------- d-----w- c:\documents and settings\hou\Application Data\Skype

2012-04-07 16:28 . 2012-04-07 16:28 -------- d-----w- c:\program files\Common Files\Skype

2012-04-07 16:28 . 2012-04-07 17:40 -------- d-----r- c:\program files\Skype

2012-04-07 16:09 . 2012-04-07 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2012-04-07 15:51 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2012-04-07 15:51 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2012-04-07 15:51 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2012-04-07 15:51 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2012-04-07 15:51 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2012-04-07 15:51 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2012-04-07 15:51 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2012-04-07 15:51 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2012-04-07 15:51 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2012-04-07 15:11 . 2008-10-23 13:39 713216 -c----w- c:\windows\system32\dllcache\sxs.dll

2012-04-07 15:11 . 2012-04-07 15:11 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-07 15:11 . 2012-04-07 15:11 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-07 15:09 . 2012-04-07 15:09 -------- d--h--w- c:\windows\system32\GroupPolicy

2012-04-07 15:01 . 2008-04-13 18:36 44672 ------w- c:\windows\system32\drivers\uagp35.sys

2012-04-07 15:00 . 2004-08-03 22:29 1897408 ------w- c:\windows\system32\drivers\nv4_mini.sys

2012-04-07 14:59 . 2008-04-14 00:11 86016 ------w- c:\windows\system32\mdmxsdk.dll

2012-04-07 14:59 . 2004-08-03 22:41 11868 ------w- c:\windows\system32\drivers\mdmxsdk.sys

2012-04-07 14:59 . 2008-04-14 00:11 37376 ------w- c:\windows\system32\l2gpstore.dll

2012-04-07 14:59 . 2008-04-14 00:11 61440 ------w- c:\windows\system32\kmsvc.dll

2012-04-07 14:59 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdpash.dll

2012-04-07 14:59 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdnepr.dll

2012-04-07 14:59 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdiultn.dll

2012-04-07 14:59 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdbhc.dll

2012-04-07 14:59 . 2008-04-14 00:12 10752 ------w- c:\windows\system32\smtpapi.dll

2012-04-07 14:59 . 2008-04-14 00:12 9728 ------w- c:\windows\system32\rwnh.dll

2012-04-07 14:59 . 2008-04-13 18:45 46592 ------w- c:\windows\system32\drivers\irbus.sys

2012-04-07 14:59 . 2008-04-13 18:43 9728 ------w- c:\windows\system32\comsdupd.exe

2012-04-07 14:57 . 2008-04-14 00:12 9728 ------w- c:\windows\system32\ativdaxx.ax

2012-04-07 14:10 . 2012-04-07 14:10 -------- d-----w- c:\documents and settings\hou\Application Data\IObit

2012-04-07 14:10 . 2011-12-16 17:21 29016 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2012-04-07 14:10 . 2010-11-26 18:02 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

2012-04-07 14:10 . 2012-04-07 14:10 -------- d-----w- c:\program files\IObit

2012-04-07 09:51 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-07 09:20 . 2011-05-10 00:54 262040 ----a-w- c:\windows\system32\JfCheck.dll

2012-02-29 14:10 . 2007-05-30 08:13 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10 . 2007-05-30 08:13 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-28 18:50 . 2007-05-30 08:13 667136 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 18:50 . 2007-05-30 08:13 61952 ----a-w- c:\windows\system32\tdc.ocx

2012-02-28 18:50 . 2007-05-30 08:13 81920 ----a-w- c:\windows\system32\ieencode.dll

2012-02-28 13:50 . 2007-05-30 08:13 369664 ----a-w- c:\windows\system32\html.iec

2012-02-22 05:25 . 2012-02-22 05:25 299472 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2012-02-22 05:25 . 2012-02-22 05:25 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2012-02-03 09:22 . 2009-11-06 17:22 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-31 04:46 . 2012-01-31 04:46 31952 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

Cryptography Services Error !!

.

((((((((((((((((((((((((((((( SnapShot@2012-04-18_07.20.03 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-05-30 10:18 . 2012-04-18 09:08 294072 c:\windows\system32\FNTCACHE.DAT

- 2007-05-30 10:18 . 2012-04-08 08:49 294072 c:\windows\system32\FNTCACHE.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CKu6Service]

@="{A198C5A5-7CB6-4A2F-A96F-5C127E6A919F}"

[HKEY_CLASSES_ROOT\CLSID\{A198C5A5-7CB6-4A2F-A96F-5C127E6A919F}]

2010-06-21 06:34 325232 ----a-w- c:\windows\Ku6Kss.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-09 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-09 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-09 138008]

"RTHDCPL"="RTHDCPL.EXE" [2007-03-13 16125440]

"TOSDCR"="TOSDCR.EXE" [2005-12-12 57344]

"TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 49152]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-02-16 2575712]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk

backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\000StTHK]

2001-06-23 03:28 24576 ----a-w- c:\windows\system32\000StTHK.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]

2004-03-24 05:40 196608 ----a-w- c:\program files\Apoint2K\Apoint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D4Svr_ICBC.exe]

2010-05-25 02:35 62768 ----a-w- c:\windows\system32\D4Svr_ICBC.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFNF5]

2006-04-11 01:14 622592 ----a-w- c:\windows\system32\TFNF5.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\???\\????.exe"=

"d:\\Program Files\\????.EXE"=

"d:\\Program Files\\??????5.3.3\\GameClient.exe"=

"d:\\?????\\Storm.exe"=

"d:\\?????\\StormUpdate.dll"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"d:\\????\\?6?\\???6\\Ku6SpeedUpper.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

"c:\program files\???\????.exe"=

"d:\program files\????.EXE"=

"d:\program files\??????5.3.3\GameClient.exe"=

"d:\?????\Storm.exe"=

"d:\?????\StormUpdate.dll"=

"d:\????\?6?\???6\Ku6SpeedUpper.exe"=

.

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2012-02-14 5104992]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]

R2 DCService.exe;DCService.exe;c:\documents and settings\All Users\Application Data\DatacardService\DCService.exe [2009-11-20 212992]

R2 gupdate;Google ???? (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-04-07 116648]

R2 OnKey Service _ICBC;OnKey Service _ICBC;c:\windows\system32\D4Ser_ICBC.exe [2010-05-25 58672]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-01-31 158856]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 253600]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2011-12-23 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]

R3 gupdatem;Google ???? (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-04-07 116648]

R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 100736]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-04-21 40776]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\avgidsehx.sys [2011-12-23 22992]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 14776]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-09 721904]

S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2007-03-22 20992]

S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2007-03-09 6528]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2012-02-22 235216]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2012-02-22 299472]

S1 TMEI3E;TMEI3E;c:\windows\system32\Drivers\TMEI3E.SYS [2004-06-16 5888]

S2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [2006-05-05 3456]

S2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\DRIVERS\tdudf.sys [2007-03-26 105856]

S2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\DRIVERS\trudf.sys [2007-02-19 134016]

S3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2005-06-10 35968]

S3 rasuw;ChinaNet WLAN Adapter;c:\windows\system32\DRIVERS\rasuw.sys [2009-10-12 33280]

S3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\DRIVERS\TEchoCan.sys [2007-02-21 435072]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

DoctorService REG_MULTI_SZ XLDoctor Service

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-21 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 15:11]

.

2012-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-07 09:38]

.

2012-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-07 09:38]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

mStart Page = about:blank

IE: ??? Microsoft Office Excel(&X) - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: com.cn\mybank.icbc

Trusted Zone: com.cn\vip.icbc

Trusted Zone: com.cn\www.icbc

Trusted Zone: ctc10000.com\wlan

TCP: DhcpNameServer = 202.106.0.20 202.106.46.151

DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} - hxxps://b2c.icbc.com.cn/icbc/newperbank/AxSafeControls.cab

DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} - hxxp://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-22 08:07

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1409082233-1214440339-682003330-500_Classes\Applications\\å]wQ.*l*n*k*\shell\open\command]

@="\"c:\\Documents and Settings\\hou\\Desktop\\Tools\\???.lnk\" %1"

.

[HKEY_LOCAL_MACHINE\software\Classes\M*S*C*A*L*.*åe†S\CLSID]

@="{8E27C92B-1264-101C-8A2F-040224009C02}"

.

[HKEY_LOCAL_MACHINE\software\Classes\M*S*C*A*L*.*åe†S\CurVer]

@="MSCAL.??.7"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(1680)

c:\windows\Ku6Kss.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\RTHDCPL.EXE

c:\windows\system32\igfxsrvc.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\agrsmsvc.exe

c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe

c:\program files\AVG\AVG2012\avgnsx.exe

c:\program files\AVG\AVG2012\avgemcx.exe

c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

c:\windows\system32\D4MON_ICBC.exe

c:\windows\system32\ThpSrv.exe

c:\windows\system32\TODDSrv.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

c:\program files\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

.

**************************************************************************

.

Completion time: 2012-04-22 08:08:37 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-22 08:08

ComboFix2.txt 2012-04-21 07:47

ComboFix3.txt 2012-04-18 07:23

.

Pre-Run: 5,007,728,640 bytes free

Post-Run: 4,989,681,664 bytes free

.

- - End Of File - - 15E223ED39C88D72381EF468222E215F

Link to post
Share on other sites

Windows XP

This might not be exactly what you want but you can add/remove/changes settings

1.In the Windows XP standard Start menu, click Start, and then click Control Panel.

In the Windows XP classic Start menu, click Start, click Settings, and then click Control Panel.

2.Double-click Regional and Language Options.

3.Click the Languages tab, and then click Details under "Text Services and Input Languages".

4.Click Add under "Installed Services", and then click the language you want to add and the keyboard layout you want to use for that language.

5.To configure the settings for the Language bar, click Language Bar under "Preferences".

Link to post
Share on other sites

Hey

FYI, the "broken" language bar is this: Through control-panel, region-language I added 2 kinds of Chinese and English. Normally one would see the little blue square indicating which language is active, but the blue square is absent. If I enter language bar settings from the task bar, all three languages are listed, but I can pick only English. If I add a 4th, say German, then the blue square appears, and I can select between English and German, like normal. But the 2 versions of Chinese, although listed, can never be picked.

Before we started our efforts, in control panel, the check box for east Asian language was selected, but grayed out. At some point in our cleaning efforts, it became un-grayed-out. I thought about un-selecting the "east Asian language" support, and then re-installing it, but I don't have the disk. Reading the net says you have to have the disk....

What I noticed *during* one of our cleaning efforts was that the little blue square with "en" became visible. I clicked on it, and it offered me both of the versions of Chines. I did not change anything (in the middle of the scan) but I noticed all of this. However at the end of the scan, and after re-booting, the language bar was again "broken".

In summary, 3 languages are defined, but two cannot be selected, and since the bar "thinks" it only has one language to choose from, it does not display the blue square, and I cannot activate language selection (get the menu to activate) from the task bar, to choose the Chinese.

The only reason I mention all this is because the one scan we did affected it (temporarily fixed it (at first glance)). This all suggests that some of the files related to the east-Asian/Chinese language are involved in the infection.

Thanks once again, for all your help.

I really do appreciate it.

Blessings

David

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.