Jump to content

Recommended Posts

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:59:17 PM, on 20/05/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Application Updater\ApplicationUpdater.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Splashtop\Splashtop Connect\BackService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe

C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe

C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe

C:\Program Files\PCPitstop\Info Center\InfoCenter.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Real\RealPlayer\update\realsched.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files\Splashtop\Splashtop Connect IE\STCHelper.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgmfapx.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\MsiExec.exe

C:\Documents and Settings\Greg\Desktop\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bom.gov.au/nsw/forecasts/sydney.shtml

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.7\pdfforgeToolbarIE.dll

R3 - URLSearchHook: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\5.7\youtubedownloaderToolbarIE.dll

R3 - URLSearchHook: Splashtop Connect SearchHook - {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files\Splashtop\Splashtop Connect IE\AddressBarSearch.dll

O2 - BHO: Splashtop Connect VisualBookmark - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files\Splashtop\Splashtop Connect IE\STC.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll

O2 - BHO: wxDfast - {58655839-E2C3-33ED-C4FF-4C6F19F6D324} - C:\Documents and Settings\All Users\Application Data\wxDfast\bhoclass.dll

O2 - BHO: ALOT Appbar Helper - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files\alotappbar\bin\BHO\ALOTHelperBHO.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.7\pdfforgeToolbarIE.dll

O2 - BHO: Complitly - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Documents and Settings\Greg\Application Data\ComplitlyEngine\ComplitlyEngine.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\5.7\youtubedownloaderToolbarIE.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: ALOT Appbar - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files\alotappbar\bin\ALOTHelper.dll

O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.7\pdfforgeToolbarIE.dll

O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\5.7\youtubedownloaderToolbarIE.dll

O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun

O4 - HKLM\..\Run: [3170 Scan2PC] "C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe"

O4 - HKLM\..\Run: [info Center] C:\Program Files\PCPitstop\Info Center\InfoCenter.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [searchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [sTCAgent] "C:\Program Files\Splashtop\Splashtop Connect IE\STCAgent.exe"

O4 - HKLM\..\Run: [ZyngaGamesAgent] "C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s

O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

O4 - HKCU\..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

O8 - Extra context menu item: Download all by YouTube Robot - C:\Program Files\YouTubeRobot\downall.htm

O8 - Extra context menu item: Download by YouTube Robot - C:\Program Files\YouTubeRobot\downlink.htm

O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html

O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WebCapture.dll2.htm

O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm

O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WebCapture.dll.htm

O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra 'Tools' menuitem: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra button: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra 'Tools' menuitem: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra button: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra 'Tools' menuitem: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra button: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra 'Tools' menuitem: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://biz.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Yahtzee/Images/stg_drm.ocx

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184287642343

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab

O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Yahtzee/Images/armhelper.ocx

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - http://imikimi.com/download/imikimi_plugin_0.5.1.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AppleChargerSrv - Unknown owner - C:\WINDOWS\system32\AppleChargerSrv.exe

O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe

O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Splashtop Connect Service (SCBackService) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Connect\BackService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: Splashtop Connect Firefox Software Updater Service (WCUService_STC_FF) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe

O23 - Service: Splashtop Connect IE Software Updater Service (WCUService_STC_IE) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe

O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

--

End of file - 16987 bytes

Link to post
Share on other sites

Hello and :welcome:

Please include a detailed description of the problem(s) you are experiencing.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Link to post
Share on other sites

"text enhance" window opens on false link text all over web pages. unable to update virus programs or MBAM (although I did eventually force them by many attempts all at once). AV installations being blocked I think. Other users of this computer (wife and son) cannot browse internet. IE just shuts down.

attach.txt

dds.txt

Link to post
Share on other sites

Hi, lets also run an additional rootkit scan.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

TDSS found no threats.

Report :

07:18:05.0046 8168 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57

07:18:06.0625 8168 ============================================================

07:18:06.0625 8168 Current date / time: 2012/05/21 07:18:06.0625

07:18:06.0625 8168 SystemInfo:

07:18:06.0625 8168

07:18:06.0625 8168 OS Version: 5.1.2600 ServicePack: 3.0

07:18:06.0625 8168 Product type: Workstation

07:18:06.0625 8168 ComputerName: NEWPC

07:18:06.0625 8168 UserName: Greg

07:18:06.0625 8168 Windows directory: C:\WINDOWS

07:18:06.0625 8168 System windows directory: C:\WINDOWS

07:18:06.0625 8168 Processor architecture: Intel x86

07:18:06.0625 8168 Number of processors: 2

07:18:06.0625 8168 Page size: 0x1000

07:18:06.0625 8168 Boot type: Normal boot

07:18:06.0625 8168 ============================================================

07:18:09.0875 8168 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

07:18:09.0875 8168 ============================================================

07:18:09.0875 8168 \Device\Harddisk0\DR0:

07:18:09.0875 8168 MBR partitions:

07:18:09.0875 8168 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x124F6BF3

07:18:09.0890 8168 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x124F6C71, BlocksNum 0x22E6D4E2

07:18:09.0906 8168 ============================================================

07:18:09.0937 8168 C: <-> \Device\Harddisk0\DR0\Partition0

07:18:10.0000 8168 E: <-> \Device\Harddisk0\DR0\Partition1

07:18:10.0078 8168 ============================================================

07:18:10.0078 8168 Initialize success

07:18:10.0078 8168 ============================================================

07:18:14.0515 8172 ============================================================

07:18:14.0515 8172 Scan started

07:18:14.0515 8172 Mode: Manual;

07:18:14.0515 8172 ============================================================

07:18:15.0515 8172 Abiosdsk - ok

07:18:15.0515 8172 abp480n5 - ok

07:18:15.0546 8172 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

07:18:15.0546 8172 ACPI - ok

07:18:15.0578 8172 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

07:18:15.0578 8172 ACPIEC - ok

07:18:15.0640 8172 AcrSch2Svc (265bfe7167df7f0a1186777ac9ddc7c0) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

07:18:15.0781 8172 AcrSch2Svc - ok

07:18:15.0781 8172 adpu160m - ok

07:18:15.0812 8172 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

07:18:15.0828 8172 aec - ok

07:18:15.0843 8172 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

07:18:15.0843 8172 AFD - ok

07:18:15.0843 8172 Aha154x - ok

07:18:15.0859 8172 aic78u2 - ok

07:18:15.0859 8172 aic78xx - ok

07:18:15.0968 8172 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

07:18:16.0000 8172 ALCXWDM - ok

07:18:16.0093 8172 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

07:18:16.0093 8172 Alerter - ok

07:18:16.0109 8172 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

07:18:16.0109 8172 ALG - ok

07:18:16.0125 8172 AliIde - ok

07:18:16.0203 8172 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys

07:18:16.0218 8172 Ambfilt - ok

07:18:16.0250 8172 amsint - ok

07:18:16.0281 8172 AnyDVD (e46a9b554026fe7852bf2aeea98dc2f5) C:\WINDOWS\system32\Drivers\AnyDVD.sys

07:18:16.0390 8172 AnyDVD - ok

07:18:16.0468 8172 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

07:18:16.0468 8172 Apple Mobile Device - ok

07:18:16.0484 8172 AppleCharger (e592751036c1d0a74ec3e57302a03745) C:\WINDOWS\system32\DRIVERS\AppleCharger.sys

07:18:16.0625 8172 AppleCharger - ok

07:18:16.0656 8172 AppleChargerSrv (95ef7247c50c7241fdae39a9b3aff4ae) C:\WINDOWS\system32\AppleChargerSrv.exe

07:18:16.0656 8172 AppleChargerSrv - ok

07:18:16.0796 8172 Application Updater (e9638d3e3b85de683a0a1b795b3ff6ef) C:\Program Files\Application Updater\ApplicationUpdater.exe

07:18:17.0140 8172 Application Updater - ok

07:18:17.0203 8172 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

07:18:17.0203 8172 AppMgmt - ok

07:18:17.0234 8172 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

07:18:17.0234 8172 Arp1394 - ok

07:18:17.0234 8172 asc - ok

07:18:17.0250 8172 asc3350p - ok

07:18:17.0250 8172 asc3550 - ok

07:18:17.0328 8172 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

07:18:17.0328 8172 aspnet_state - ok

07:18:17.0343 8172 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

07:18:17.0343 8172 AsyncMac - ok

07:18:17.0359 8172 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

07:18:17.0375 8172 atapi - ok

07:18:17.0375 8172 Atdisk - ok

07:18:17.0390 8172 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

07:18:17.0390 8172 Atmarpc - ok

07:18:17.0421 8172 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

07:18:17.0421 8172 AudioSrv - ok

07:18:17.0437 8172 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

07:18:17.0437 8172 audstub - ok

07:18:18.0078 8172 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\avgidsagent.exe

07:18:18.0500 8172 AVGIDSAgent - ok

07:18:18.0609 8172 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys

07:18:18.0609 8172 AVGIDSDriver - ok

07:18:18.0625 8172 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys

07:18:18.0625 8172 AVGIDSFilter - ok

07:18:18.0640 8172 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys

07:18:18.0640 8172 AVGIDSHX - ok

07:18:18.0656 8172 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys

07:18:18.0656 8172 AVGIDSShim - ok

07:18:18.0671 8172 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

07:18:18.0671 8172 Avgldx86 - ok

07:18:18.0687 8172 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

07:18:18.0687 8172 Avgmfx86 - ok

07:18:18.0703 8172 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

07:18:18.0718 8172 Avgrkx86 - ok

07:18:18.0734 8172 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

07:18:18.0734 8172 Avgtdix - ok

07:18:18.0812 8172 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe

07:18:18.0812 8172 avgwd - ok

07:18:18.0828 8172 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

07:18:18.0828 8172 Beep - ok

07:18:18.0875 8172 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

07:18:18.0875 8172 BITS - ok

07:18:18.0921 8172 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

07:18:18.0921 8172 Bonjour Service - ok

07:18:18.0937 8172 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

07:18:18.0937 8172 Browser - ok

07:18:18.0953 8172 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

07:18:18.0953 8172 cbidf2k - ok

07:18:18.0953 8172 cd20xrnt - ok

07:18:18.0968 8172 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

07:18:18.0968 8172 Cdaudio - ok

07:18:18.0984 8172 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

07:18:18.0984 8172 Cdfs - ok

07:18:19.0000 8172 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

07:18:19.0000 8172 Cdrom - ok

07:18:19.0000 8172 Changer - ok

07:18:19.0015 8172 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

07:18:19.0015 8172 CiSvc - ok

07:18:19.0031 8172 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

07:18:19.0031 8172 ClipSrv - ok

07:18:19.0093 8172 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

07:18:19.0093 8172 clr_optimization_v2.0.50727_32 - ok

07:18:19.0140 8172 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

07:18:19.0156 8172 clr_optimization_v4.0.30319_32 - ok

07:18:19.0156 8172 CmdIde - ok

07:18:19.0156 8172 COMSysApp - ok

07:18:19.0156 8172 Cpqarray - ok

07:18:19.0203 8172 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys

07:18:19.0203 8172 cpudrv - ok

07:18:19.0296 8172 cpuz132 - ok

07:18:19.0312 8172 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

07:18:19.0312 8172 CryptSvc - ok

07:18:19.0312 8172 dac2w2k - ok

07:18:19.0312 8172 dac960nt - ok

07:18:19.0359 8172 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

07:18:19.0359 8172 DcomLaunch - ok

07:18:19.0390 8172 dgderdrv (6216fd7fd227de454238a702b218cec7) C:\WINDOWS\system32\drivers\dgderdrv.sys

07:18:19.0390 8172 dgderdrv - ok

07:18:19.0406 8172 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\WINDOWS\system32\Drivers\DgiVecp.sys

07:18:19.0562 8172 DgiVecp - ok

07:18:19.0593 8172 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

07:18:19.0593 8172 Dhcp - ok

07:18:19.0625 8172 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

07:18:19.0625 8172 Disk - ok

07:18:19.0625 8172 dmadmin - ok

07:18:19.0671 8172 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

07:18:19.0687 8172 dmboot - ok

07:18:19.0703 8172 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

07:18:19.0703 8172 dmio - ok

07:18:19.0703 8172 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

07:18:19.0703 8172 dmload - ok

07:18:19.0734 8172 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

07:18:19.0734 8172 dmserver - ok

07:18:19.0750 8172 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

07:18:19.0750 8172 DMusic - ok

07:18:19.0781 8172 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

07:18:19.0781 8172 Dnscache - ok

07:18:19.0812 8172 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

07:18:19.0812 8172 Dot3svc - ok

07:18:19.0843 8172 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys

07:18:19.0843 8172 Dot4 - ok

07:18:19.0859 8172 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys

07:18:19.0875 8172 Dot4Print - ok

07:18:19.0875 8172 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys

07:18:19.0875 8172 dot4usb - ok

07:18:19.0875 8172 dpti2o - ok

07:18:19.0875 8172 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

07:18:19.0875 8172 drmkaud - ok

07:18:19.0921 8172 DrvAgent32 (651554e483712b708ede864d0ca1aa73) C:\WINDOWS\system32\Drivers\DrvAgent32.sys

07:18:20.0093 8172 DrvAgent32 - ok

07:18:20.0109 8172 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

07:18:20.0109 8172 EapHost - ok

07:18:20.0140 8172 ElbyCDIO (cd35088d84a17ca694658a3cb0ebd13c) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys

07:18:20.0250 8172 ElbyCDIO - ok

07:18:20.0281 8172 ElbyDelay (8d35affbeed58fd66e9fad223de33718) C:\WINDOWS\system32\Drivers\ElbyDelay.sys

07:18:20.0390 8172 ElbyDelay - ok

07:18:20.0406 8172 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

07:18:20.0406 8172 ERSvc - ok

07:18:20.0437 8172 EtronHub3 (e081bb3c49cb4266ab2fe3978974a335) C:\WINDOWS\system32\Drivers\EtronHub3.sys

07:18:20.0437 8172 EtronHub3 - ok

07:18:20.0437 8172 EtronXHCI (502332b8af9ba3b7137a09ebc36bb9c9) C:\WINDOWS\system32\Drivers\EtronXHCI.sys

07:18:20.0453 8172 EtronXHCI - ok

07:18:20.0484 8172 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

07:18:20.0484 8172 Eventlog - ok

07:18:20.0687 8172 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

07:18:20.0703 8172 EventSystem - ok

07:18:20.0734 8172 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

07:18:20.0734 8172 Fastfat - ok

07:18:20.0765 8172 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

07:18:20.0765 8172 FastUserSwitchingCompatibility - ok

07:18:20.0781 8172 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

07:18:20.0781 8172 Fdc - ok

07:18:20.0796 8172 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

07:18:20.0796 8172 Fips - ok

07:18:20.0812 8172 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

07:18:20.0812 8172 Flpydisk - ok

07:18:20.0843 8172 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

07:18:20.0843 8172 FltMgr - ok

07:18:20.0921 8172 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

07:18:20.0921 8172 FontCache3.0.0.0 - ok

07:18:20.0937 8172 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys

07:18:20.0937 8172 fssfltr - ok

07:18:21.0031 8172 fsssvc (206ad9a89bf05dfa1621f1fc7b82592d) C:\Program Files\Windows Live\Family Safety\fsssvc.exe

07:18:21.0046 8172 fsssvc - ok

07:18:21.0062 8172 FsUsbExDisk (cbe5f69a5e5b918225f420ba748f3742) C:\WINDOWS\system32\FsUsbExDisk.SYS

07:18:21.0187 8172 FsUsbExDisk - ok

07:18:21.0203 8172 FsUsbExService (15ab846886c225fff0376f3cef21188f) C:\WINDOWS\system32\FsUsbExService.Exe

07:18:21.0328 8172 FsUsbExService - ok

07:18:21.0343 8172 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

07:18:21.0343 8172 Fs_Rec - ok

07:18:21.0359 8172 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

07:18:21.0359 8172 Ftdisk - ok

07:18:21.0375 8172 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys

07:18:21.0375 8172 gagp30kx - ok

07:18:21.0406 8172 gdrv (d556cb79967e92b5cc69686d16c1d846) C:\WINDOWS\gdrv.sys

07:18:21.0578 8172 gdrv - ok

07:18:21.0593 8172 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

07:18:21.0593 8172 GEARAspiWDM - ok

07:18:21.0671 8172 GEST Service (07670c1a220bbe5a134a423295e66ed1) C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe

07:18:21.0671 8172 GEST Service - ok

07:18:21.0703 8172 getPlus® Helper (35a1f815962f3552066c6be4c969d297) C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

07:18:21.0703 8172 getPlus® Helper - ok

07:18:21.0703 8172 GMSIPCI - ok

07:18:21.0734 8172 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

07:18:21.0750 8172 Gpc - ok

07:18:21.0781 8172 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

07:18:21.0781 8172 gupdate - ok

07:18:21.0781 8172 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

07:18:21.0781 8172 gupdatem - ok

07:18:21.0796 8172 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

07:18:21.0796 8172 HDAudBus - ok

07:18:21.0843 8172 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

07:18:21.0843 8172 helpsvc - ok

07:18:21.0875 8172 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

07:18:21.0875 8172 HidServ - ok

07:18:21.0906 8172 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

07:18:21.0906 8172 hidusb - ok

07:18:21.0921 8172 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

07:18:21.0921 8172 hkmsvc - ok

07:18:21.0921 8172 hpn - ok

07:18:21.0968 8172 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

07:18:21.0968 8172 HTTP - ok

07:18:22.0000 8172 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

07:18:22.0000 8172 HTTPFilter - ok

07:18:22.0000 8172 i2omgmt - ok

07:18:22.0000 8172 i2omp - ok

07:18:22.0031 8172 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

07:18:22.0031 8172 i8042prt - ok

07:18:22.0125 8172 ialm (c5db546f9028cd00e64335091860d8f3) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

07:18:22.0140 8172 ialm - ok

07:18:22.0421 8172 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

07:18:22.0437 8172 idsvc - ok

07:18:22.0515 8172 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

07:18:22.0515 8172 Imapi - ok

07:18:22.0546 8172 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

07:18:22.0546 8172 ImapiService - ok

07:18:22.0578 8172 InCDfs (d8a77fc386f9297ce4b692fc83b4ba02) C:\WINDOWS\system32\drivers\InCDfs.sys

07:18:22.0578 8172 InCDfs - ok

07:18:22.0609 8172 InCDPass (433bb499bcea1c88b55aa67d1b3ef1dc) C:\WINDOWS\system32\DRIVERS\InCDPass.sys

07:18:22.0828 8172 InCDPass - ok

07:18:22.0843 8172 InCDrec (12dbb035cd2ed0313fab864470f31c23) C:\WINDOWS\system32\drivers\InCDrec.sys

07:18:22.0953 8172 InCDrec - ok

07:18:22.0984 8172 incdrm (9d1adfe6ce5c2e2a42f3b8aa57821d87) C:\WINDOWS\system32\drivers\incdrm.sys

07:18:23.0125 8172 incdrm - ok

07:18:23.0218 8172 InCDsrv (394bf2329ac168f253c74e1eead15fac) C:\Program Files\Ahead\InCD\InCDsrv.exe

07:18:23.0375 8172 InCDsrv - ok

07:18:23.0375 8172 ini910u - ok

07:18:23.0625 8172 IntcAzAudAddService (3ae23620660e008150a18bbb6d035f7c) C:\WINDOWS\system32\drivers\RtkHDAud.sys

07:18:23.0718 8172 IntcAzAudAddService - ok

07:18:23.0812 8172 IntelIde - ok

07:18:23.0828 8172 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

07:18:23.0828 8172 intelppm - ok

07:18:23.0843 8172 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

07:18:23.0843 8172 Ip6Fw - ok

07:18:23.0859 8172 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

07:18:23.0859 8172 IpFilterDriver - ok

07:18:23.0875 8172 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

07:18:23.0875 8172 IpInIp - ok

07:18:23.0890 8172 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

07:18:23.0906 8172 IpNat - ok

07:18:23.0968 8172 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe

07:18:23.0984 8172 iPod Service - ok

07:18:23.0984 8172 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

07:18:23.0984 8172 IPSec - ok

07:18:24.0000 8172 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

07:18:24.0000 8172 IRENUM - ok

07:18:24.0031 8172 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

07:18:24.0031 8172 isapnp - ok

07:18:24.0046 8172 itchfltr (936123d83e80c1cb3ea042d7fb98da25) C:\WINDOWS\system32\DRIVERS\itchfltr.sys

07:18:24.0046 8172 itchfltr - ok

07:18:24.0109 8172 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe

07:18:24.0109 8172 JavaQuickStarterService - ok

07:18:24.0140 8172 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\WINDOWS\system32\DRIVERS\JGOGO.sys

07:18:24.0140 8172 JGOGO - ok

07:18:24.0140 8172 JRAID (dac317a5efd8fe13fe7ec8e2b2e1d549) C:\WINDOWS\system32\DRIVERS\jraid.sys

07:18:24.0140 8172 JRAID - ok

07:18:24.0156 8172 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

07:18:24.0156 8172 Kbdclass - ok

07:18:24.0171 8172 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

07:18:24.0171 8172 kbdhid - ok

07:18:24.0187 8172 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

07:18:24.0187 8172 kmixer - ok

07:18:24.0203 8172 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

07:18:24.0203 8172 KSecDD - ok

07:18:24.0218 8172 L8042pr2 (733ececf4371ac99410ee0f00bfd51e7) C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys

07:18:24.0218 8172 L8042pr2 - ok

07:18:24.0265 8172 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

07:18:24.0265 8172 lanmanserver - ok

07:18:24.0296 8172 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

07:18:24.0296 8172 lanmanworkstation - ok

07:18:24.0296 8172 lbrtfdc - ok

07:18:24.0437 8172 LiveUpdate (fb3a35318ca7f6a10fa3c3826a69affe) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

07:18:24.0468 8172 LiveUpdate - ok

07:18:24.0562 8172 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

07:18:24.0562 8172 LmHosts - ok

07:18:24.0578 8172 LMouFlt2 (128f0b4cd156872d440ae77202923a32) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys

07:18:24.0593 8172 LMouFlt2 - ok

07:18:24.0609 8172 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

07:18:24.0609 8172 Messenger - ok

07:18:24.0625 8172 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

07:18:24.0640 8172 mnmdd - ok

07:18:24.0656 8172 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

07:18:24.0656 8172 mnmsrvc - ok

07:18:24.0671 8172 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

07:18:24.0671 8172 Modem - ok

07:18:24.0750 8172 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys

07:18:24.0765 8172 Monfilt - ok

07:18:24.0796 8172 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

07:18:24.0796 8172 Mouclass - ok

07:18:24.0812 8172 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

07:18:24.0812 8172 mouhid - ok

07:18:24.0828 8172 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

07:18:24.0828 8172 MountMgr - ok

07:18:24.0828 8172 mraid35x - ok

07:18:24.0828 8172 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

07:18:24.0843 8172 MRxDAV - ok

07:18:24.0875 8172 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

07:18:24.0875 8172 MRxSmb - ok

07:18:24.0906 8172 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

07:18:24.0906 8172 MSDTC - ok

07:18:24.0906 8172 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

07:18:24.0906 8172 Msfs - ok

07:18:24.0906 8172 MSIServer - ok

07:18:24.0921 8172 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

07:18:24.0921 8172 MSKSSRV - ok

07:18:24.0937 8172 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

07:18:24.0937 8172 MSPCLOCK - ok

07:18:24.0937 8172 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

07:18:24.0937 8172 MSPQM - ok

07:18:24.0953 8172 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

07:18:24.0953 8172 mssmbios - ok

07:18:24.0984 8172 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

07:18:24.0984 8172 Mup - ok

07:18:25.0000 8172 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

07:18:25.0015 8172 napagent - ok

07:18:25.0031 8172 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

07:18:25.0031 8172 NDIS - ok

07:18:25.0046 8172 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

07:18:25.0046 8172 NdisTapi - ok

07:18:25.0062 8172 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

07:18:25.0062 8172 Ndisuio - ok

07:18:25.0093 8172 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

07:18:25.0093 8172 NdisWan - ok

07:18:25.0109 8172 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

07:18:25.0109 8172 NDProxy - ok

07:18:25.0109 8172 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

07:18:25.0109 8172 NetBIOS - ok

07:18:25.0125 8172 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

07:18:25.0140 8172 NetBT - ok

07:18:25.0156 8172 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

07:18:25.0171 8172 NetDDE - ok

07:18:25.0171 8172 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

07:18:25.0171 8172 NetDDEdsdm - ok

07:18:25.0187 8172 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

07:18:25.0187 8172 Netlogon - ok

07:18:25.0203 8172 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

07:18:25.0203 8172 Netman - ok

07:18:25.0281 8172 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

07:18:25.0281 8172 NetTcpPortSharing - ok

07:18:25.0296 8172 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

07:18:25.0296 8172 NIC1394 - ok

07:18:25.0328 8172 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

07:18:25.0343 8172 Nla - ok

07:18:25.0359 8172 nmwcd (b0a67de1a128389aea4d42c5a56215fd) C:\WINDOWS\system32\drivers\ccdcmb.sys

07:18:25.0359 8172 nmwcd - ok

07:18:25.0390 8172 nmwcdc (025c54f9f8c8bc1894ea38529c742c54) C:\WINDOWS\system32\drivers\ccdcmbo.sys

07:18:25.0390 8172 nmwcdc - ok

07:18:25.0453 8172 nosGetPlusHelper (25d6b2eb0a1fc4ab413afe7ec4793ec1) C:\Program Files\NOS\bin\getPlus_Helper_3004.dll

07:18:25.0453 8172 nosGetPlusHelper - ok

07:18:25.0484 8172 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

07:18:25.0484 8172 Npfs - ok

07:18:25.0515 8172 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

07:18:25.0515 8172 Ntfs - ok

07:18:25.0546 8172 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

07:18:25.0546 8172 NtLmSsp - ok

07:18:25.0578 8172 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

07:18:25.0593 8172 NtmsSvc - ok

07:18:25.0609 8172 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

07:18:25.0609 8172 Null - ok

07:18:25.0890 8172 nv (a42c6ba17a5776aace3bae0ffa2fa8d1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

07:18:26.0093 8172 nv - ok

07:18:26.0203 8172 NVSvc (c6945488764bcae75d5ac6c3ea088c1e) C:\WINDOWS\system32\nvsvc32.exe

07:18:26.0406 8172 NVSvc - ok

07:18:26.0437 8172 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

07:18:26.0437 8172 NwlnkFlt - ok

07:18:26.0453 8172 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

07:18:26.0453 8172 NwlnkFwd - ok

07:18:26.0484 8172 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

07:18:26.0484 8172 ohci1394 - ok

07:18:26.0531 8172 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

07:18:26.0531 8172 ose - ok

07:18:26.0562 8172 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

07:18:26.0562 8172 Parport - ok

07:18:26.0578 8172 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

07:18:26.0578 8172 PartMgr - ok

07:18:26.0593 8172 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

07:18:26.0593 8172 ParVdm - ok

07:18:26.0625 8172 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys

07:18:26.0625 8172 pccsmcfd - ok

07:18:26.0640 8172 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

07:18:26.0640 8172 PCI - ok

07:18:26.0656 8172 PCIDump - ok

07:18:26.0671 8172 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

07:18:26.0671 8172 PCIIde - ok

07:18:26.0703 8172 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

07:18:26.0703 8172 Pcmcia - ok

07:18:26.0718 8172 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys

07:18:26.0843 8172 pcouffin - ok

07:18:26.0843 8172 PDCOMP - ok

07:18:26.0843 8172 PDFRAME - ok

07:18:26.0859 8172 PDRELI - ok

07:18:26.0859 8172 PDRFRAME - ok

07:18:26.0859 8172 perc2 - ok

07:18:26.0859 8172 perc2hib - ok

07:18:26.0890 8172 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys

07:18:27.0000 8172 pfc - ok

07:18:27.0046 8172 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

07:18:27.0046 8172 PlugPlay - ok

07:18:27.0078 8172 Pml Driver HPZ12 (9d84376931440f3679beef2a414fa493) C:\WINDOWS\system32\HPZipm12.exe

07:18:27.0078 8172 Pml Driver HPZ12 - ok

07:18:27.0109 8172 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

07:18:27.0109 8172 PolicyAgent - ok

07:18:27.0125 8172 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

07:18:27.0125 8172 PptpMiniport - ok

07:18:27.0140 8172 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

07:18:27.0140 8172 Processor - ok

07:18:27.0140 8172 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

07:18:27.0140 8172 ProtectedStorage - ok

07:18:27.0171 8172 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys

07:18:27.0171 8172 Ps2 - ok

07:18:27.0187 8172 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

07:18:27.0187 8172 PSched - ok

07:18:27.0218 8172 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

07:18:27.0218 8172 Ptilink - ok

07:18:27.0250 8172 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

07:18:27.0250 8172 PxHelp20 - ok

07:18:27.0250 8172 ql1080 - ok

07:18:27.0250 8172 Ql10wnt - ok

07:18:27.0250 8172 ql12160 - ok

07:18:27.0265 8172 ql1240 - ok

07:18:27.0265 8172 ql1280 - ok

07:18:27.0265 8172 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

07:18:27.0265 8172 RasAcd - ok

07:18:27.0296 8172 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

07:18:27.0296 8172 RasAuto - ok

07:18:27.0296 8172 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

07:18:27.0312 8172 Rasl2tp - ok

07:18:27.0343 8172 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

07:18:27.0343 8172 RasMan - ok

07:18:27.0343 8172 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

07:18:27.0343 8172 RasPppoe - ok

07:18:27.0343 8172 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

07:18:27.0343 8172 Raspti - ok

07:18:27.0375 8172 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

07:18:27.0390 8172 Rdbss - ok

07:18:27.0390 8172 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

07:18:27.0390 8172 RDPCDD - ok

07:18:27.0421 8172 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

07:18:27.0421 8172 rdpdr - ok

07:18:27.0453 8172 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

07:18:27.0453 8172 RDPWD - ok

07:18:27.0468 8172 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

07:18:27.0468 8172 RDSessMgr - ok

07:18:27.0484 8172 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

07:18:27.0484 8172 redbook - ok

07:18:27.0515 8172 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

07:18:27.0515 8172 RemoteAccess - ok

07:18:27.0531 8172 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

07:18:27.0531 8172 RemoteRegistry - ok

07:18:27.0546 8172 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

07:18:27.0546 8172 RpcLocator - ok

07:18:27.0593 8172 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll

07:18:27.0593 8172 RpcSs - ok

07:18:27.0609 8172 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

07:18:27.0625 8172 RSVP - ok

07:18:27.0656 8172 RTLE8023xp (1323ba3ca4e8d863eb00cd81c0aaf356) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

07:18:27.0656 8172 RTLE8023xp - ok

07:18:27.0687 8172 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

07:18:27.0687 8172 SamSs - ok

07:18:27.0703 8172 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

07:18:27.0703 8172 SCardSvr - ok

07:18:27.0781 8172 SCBackService (8475e746eb72d04f1015e6f091f50e09) C:\Program Files\Splashtop\Splashtop Connect\BackService.exe

07:18:27.0796 8172 SCBackService - ok

07:18:27.0828 8172 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

07:18:27.0828 8172 Schedule - ok

07:18:27.0843 8172 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

07:18:27.0843 8172 Secdrv - ok

07:18:27.0859 8172 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

07:18:27.0859 8172 seclogon - ok

07:18:27.0875 8172 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

07:18:27.0875 8172 SENS - ok

07:18:27.0906 8172 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

07:18:27.0906 8172 serenum - ok

07:18:27.0906 8172 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

07:18:27.0906 8172 Serial - ok

07:18:27.0968 8172 ServiceLayer (6ad303a3529b7aef99391de19f5b400b) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

07:18:28.0343 8172 ServiceLayer - ok

07:18:28.0375 8172 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

07:18:28.0375 8172 Sfloppy - ok

07:18:28.0406 8172 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

07:18:28.0406 8172 SharedAccess - ok

07:18:28.0453 8172 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

07:18:28.0453 8172 ShellHWDetection - ok

07:18:28.0453 8172 Simbad - ok

07:18:28.0468 8172 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys

07:18:28.0484 8172 SISNIC - ok

07:18:28.0515 8172 snapman (5052dbafc8f4e4507e6ad0d467dd3529) C:\WINDOWS\system32\DRIVERS\snapman.sys

07:18:28.0515 8172 snapman - ok

07:18:28.0531 8172 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

07:18:28.0531 8172 SONYPVU1 - ok

07:18:28.0531 8172 Sparrow - ok

07:18:28.0562 8172 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

07:18:28.0562 8172 splitter - ok

07:18:28.0593 8172 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

07:18:28.0593 8172 Spooler - ok

07:18:28.0671 8172 SPTISRV (755edb55d50c9556e15139956eecb9c8) C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

07:18:28.0843 8172 SPTISRV - ok

07:18:28.0875 8172 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

07:18:28.0875 8172 sr - ok

07:18:28.0906 8172 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

07:18:28.0906 8172 srservice - ok

07:18:28.0937 8172 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

07:18:28.0937 8172 Srv - ok

07:18:28.0968 8172 sscebus (b2063ce662af3ab20045121a5b716df6) C:\WINDOWS\system32\DRIVERS\sscebus.sys

07:18:28.0968 8172 sscebus - ok

07:18:28.0984 8172 sscemdfl (66799dc0afe3dcaf8368cae17394a762) C:\WINDOWS\system32\DRIVERS\sscemdfl.sys

07:18:28.0984 8172 sscemdfl - ok

07:18:29.0000 8172 sscemdm (cbf03ffc08f8db547bab2f79aa663d16) C:\WINDOWS\system32\DRIVERS\sscemdm.sys

07:18:29.0000 8172 sscemdm - ok

07:18:29.0015 8172 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

07:18:29.0031 8172 SSDPSRV - ok

07:18:29.0031 8172 SSPORT - ok

07:18:29.0046 8172 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys

07:18:29.0046 8172 StarOpen - ok

07:18:29.0078 8172 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

07:18:29.0078 8172 StillCam - ok

07:18:29.0125 8172 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

07:18:29.0125 8172 stisvc - ok

07:18:29.0125 8172 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

07:18:29.0125 8172 swenum - ok

07:18:29.0140 8172 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

07:18:29.0140 8172 swmidi - ok

07:18:29.0140 8172 SwPrv - ok

07:18:29.0156 8172 symc810 - ok

07:18:29.0156 8172 symc8xx - ok

07:18:29.0156 8172 sym_hi - ok

07:18:29.0156 8172 sym_u3 - ok

07:18:29.0187 8172 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

07:18:29.0187 8172 sysaudio - ok

07:18:29.0203 8172 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

07:18:29.0218 8172 SysmonLog - ok

07:18:29.0234 8172 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

07:18:29.0234 8172 TapiSrv - ok

07:18:29.0281 8172 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

07:18:29.0281 8172 Tcpip - ok

07:18:29.0312 8172 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

07:18:29.0312 8172 TDPIPE - ok

07:18:29.0312 8172 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

07:18:29.0312 8172 TDTCP - ok

07:18:29.0328 8172 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

07:18:29.0343 8172 TermDD - ok

07:18:29.0359 8172 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

07:18:29.0359 8172 TermService - ok

07:18:29.0406 8172 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

07:18:29.0406 8172 Themes - ok

07:18:29.0437 8172 tifsfilter (fd03a8ff9d4573246bd8e6d5371969e4) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys

07:18:29.0437 8172 tifsfilter - ok

07:18:29.0453 8172 timounter (8061ee6fe61a27d6024da5e2d06a0418) C:\WINDOWS\system32\DRIVERS\timntr.sys

07:18:29.0453 8172 timounter - ok

07:18:29.0484 8172 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

07:18:29.0500 8172 TlntSvr - ok

07:18:29.0546 8172 TomTomHOMEService (747e60b773e95f6c93d5621b550d6865) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

07:18:29.0546 8172 TomTomHOMEService - ok

07:18:29.0546 8172 TosIde - ok

07:18:29.0562 8172 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

07:18:29.0562 8172 TrkWks - ok

07:18:29.0593 8172 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

07:18:29.0593 8172 Udfs - ok

07:18:29.0593 8172 ultra - ok

07:18:29.0625 8172 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

07:18:29.0640 8172 Update - ok

07:18:29.0656 8172 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

07:18:29.0656 8172 upnphost - ok

07:18:29.0671 8172 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

07:18:29.0671 8172 UPS - ok

07:18:29.0703 8172 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

07:18:29.0703 8172 USBAAPL - ok

07:18:29.0718 8172 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

07:18:29.0718 8172 usbccgp - ok

07:18:29.0750 8172 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

07:18:29.0750 8172 usbehci - ok

07:18:29.0765 8172 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

07:18:29.0765 8172 usbhub - ok

07:18:29.0796 8172 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

07:18:29.0796 8172 usbohci - ok

07:18:29.0812 8172 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

07:18:29.0812 8172 usbprint - ok

07:18:29.0828 8172 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

07:18:29.0828 8172 usbscan - ok

07:18:29.0843 8172 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

07:18:29.0843 8172 USBSTOR - ok

07:18:29.0843 8172 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

07:18:29.0843 8172 usbuhci - ok

07:18:29.0859 8172 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

07:18:29.0859 8172 VgaSave - ok

07:18:29.0859 8172 ViaIde - ok

07:18:29.0890 8172 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

07:18:29.0890 8172 VolSnap - ok

07:18:29.0906 8172 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

07:18:29.0906 8172 VSS - ok

07:18:30.0000 8172 vToolbarUpdater11.0.2 (56e1e4442e4613fb2039a6b7421f4e58) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe

07:18:30.0015 8172 vToolbarUpdater11.0.2 - ok

07:18:30.0031 8172 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

07:18:30.0031 8172 W32Time - ok

07:18:30.0062 8172 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

07:18:30.0062 8172 Wanarp - ok

07:18:30.0109 8172 WCUService_STC_FF (e47e66538692b1cfd6cc8021546fcc83) C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe

07:18:30.0109 8172 WCUService_STC_FF - ok

07:18:30.0140 8172 WCUService_STC_IE (147c60622cb53e901efd8bb6d44a4c46) C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe

07:18:30.0140 8172 WCUService_STC_IE - ok

07:18:30.0187 8172 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

07:18:30.0187 8172 Wdf01000 - ok

07:18:30.0187 8172 WDICA - ok

07:18:30.0218 8172 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

07:18:30.0218 8172 wdmaud - ok

07:18:30.0281 8172 Web Assistant Updater (b1ec8c9300c58ce5e90990f71eea644c) C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

07:18:30.0562 8172 Web Assistant Updater - ok

07:18:30.0593 8172 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

07:18:30.0593 8172 WebClient - ok

07:18:30.0656 8172 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

07:18:30.0656 8172 winmgmt - ok

07:18:30.0703 8172 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

07:18:30.0703 8172 WmdmPmSN - ok

07:18:30.0750 8172 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

07:18:30.0750 8172 Wmi - ok

07:18:30.0781 8172 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

07:18:30.0781 8172 WmiApSrv - ok

07:18:30.0859 8172 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

07:18:30.0859 8172 WMPNetworkSvc - ok

07:18:30.0906 8172 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

07:18:30.0906 8172 WpdUsb - ok

07:18:31.0000 8172 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

07:18:31.0015 8172 WPFFontCache_v0400 - ok

07:18:31.0046 8172 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

07:18:31.0062 8172 wscsvc - ok

07:18:31.0062 8172 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

07:18:31.0062 8172 wuauserv - ok

07:18:31.0093 8172 WudfPf (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

07:18:31.0093 8172 WudfPf - ok

07:18:31.0109 8172 WudfRd (6e209664bdea8a15b5e8e480d6c607c2) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

07:18:31.0109 8172 WudfRd - ok

07:18:31.0125 8172 WudfSvc (ae93084d2d236887ba56467ae42b4955) C:\WINDOWS\System32\WUDFSvc.dll

07:18:31.0140 8172 WudfSvc - ok

07:18:31.0171 8172 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

07:18:31.0187 8172 WZCSVC - ok

07:18:31.0203 8172 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

07:18:31.0203 8172 xmlprov - ok

07:18:31.0234 8172 yukonwxp (5ee248f1c25579fe3561f7293cdcdc8e) C:\WINDOWS\system32\DRIVERS\yk51x86.sys

07:18:31.0250 8172 yukonwxp - ok

07:18:31.0265 8172 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

07:18:31.0546 8172 \Device\Harddisk0\DR0 - ok

07:18:31.0562 8172 Boot (0x1200) (ccac0c261994d5d859074fbfce4e720b) \Device\Harddisk0\DR0\Partition0

07:18:31.0562 8172 \Device\Harddisk0\DR0\Partition0 - ok

07:18:31.0578 8172 Boot (0x1200) (d97eba61eb0fdec5cc0e13588e2fff60) \Device\Harddisk0\DR0\Partition1

07:18:31.0578 8172 \Device\Harddisk0\DR0\Partition1 - ok

07:18:31.0578 8172 ============================================================

07:18:31.0578 8172 Scan finished

07:18:31.0578 8172 ============================================================

07:18:31.0578 6348 Detected object count: 0

07:18:31.0578 6348 Actual detected object count: 0

07:19:35.0031 6584 Deinitialize success

Link to post
Share on other sites

Sorry for bumping but forgot to add a symptom I just remembered. When following links to *.pdf files, IE fails to load and wants to send error reports, tries to recover the tab and fails again. This then goes into a try, fail, error report, recover tab loop until the tab or window is closed manually.

Link to post
Share on other sites

Thank you for the additional information! :)

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

OK. Just tried again before reading your post and it went to BSoD again at the end when deleting files. It tried to tell me that AVG was still active even though it is turned off.

Now have "My Start Incredibar" showing up as my search result.

Will go to Safe Mode and get back to you.

Link to post
Share on other sites

In Safe Mode Combofix was still telling me that AVG Active Shield was on but it is Command Prompt only in this mode.

Ran Combofix anyway and it produced this logfile:

ComboFix 12-05-20.10 - Greg 21/05/2012 17:47:55.8.2 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3582.3282 [GMT 10:00]

Running from: c:\documents and settings\Greg\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Application Data\wxDfast

c:\documents and settings\All Users\Application Data\wxDfast\background.html

c:\documents and settings\All Users\Application Data\wxDfast\bhoclass.dll

c:\documents and settings\All Users\Application Data\wxDfast\cdfbkhdpdndhaejllgoppclbkcngghcg.crx

c:\documents and settings\All Users\Application Data\wxDfast\content.js

c:\documents and settings\All Users\Application Data\wxDfast\data\content.js

c:\documents and settings\All Users\Application Data\wxDfast\data\jsondb.js

c:\documents and settings\All Users\Application Data\wxDfast\settings.ini

c:\documents and settings\All Users\Application Data\wxDfast\uninstall.exe

c:\documents and settings\Donna\WINDOWS

c:\documents and settings\Greg\Application Data\inst.exe

c:\documents and settings\Greg\WINDOWS

c:\documents and settings\Mikayla\WINDOWS

c:\program files\Blinkx

c:\program files\Blinkx\blinkx.ico

c:\program files\Blinkx\blinkxss.exe

c:\program files\Blinkx\blinkxstop.exe

c:\program files\Blinkx\lang.dll

c:\program files\Blinkx\templates\beat.ico

c:\program files\Blinkx\templates\index.html

c:\program files\Blinkx\templates\noflash.html

c:\program files\Blinkx\templates\offline.html

c:\program files\Blinkx\templates\offline.swf

c:\program files\Blinkx\templates\uninstall.exe

c:\program files\Web Assistant\ExTEnsion32.dll

c:\windows\EventSystem.log

c:\windows\system32\dllcache\dlimport.exe

c:\windows\system32\muzapp.exe

E:\install.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-04-21 to 2012-05-21 )))))))))))))))))))))))))))))))

.

.

2012-05-21 06:25 . 2012-05-21 06:25 -------- d-----w- c:\documents and settings\Donna\Application Data\AVG2012

2012-05-20 10:07 . 2012-05-20 10:07 -------- d-----w- c:\documents and settings\Greg\Application Data\AVG2012

2012-05-20 10:03 . 2012-05-20 10:03 -------- d-----w- c:\documents and settings\Greg\Local Settings\Application Data\AVG Secure Search

2012-05-20 10:03 . 2012-05-20 10:03 -------- d-----w- c:\documents and settings\Greg\Application Data\AVG Secure Search

2012-05-20 10:03 . 2012-05-20 10:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search

2012-05-20 10:03 . 2012-05-20 10:03 -------- d-----w- c:\program files\Common Files\AVG Secure Search

2012-05-20 10:03 . 2012-05-20 10:03 -------- d-----w- c:\program files\AVG Secure Search

2012-05-20 09:05 . 2012-05-20 09:53 -------- d-----w- c:\documents and settings\Greg\Application Data\Ad-Aware Antivirus

2012-05-19 23:36 . 2012-05-19 23:36 -------- d-----w- c:\program files\YouTube Downloader Toolbar

2012-05-19 09:57 . 2012-05-19 09:57 -------- d-----w- c:\program files\pdfforge Toolbar

2012-05-18 10:49 . 2012-05-18 10:49 453 ----a-w- C:\user.js

2012-05-18 10:49 . 2012-05-21 07:56 -------- d-----w- c:\program files\Web Assistant

2012-05-15 21:02 . 2012-05-15 21:02 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-15 21:02 . 2012-05-15 21:02 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-08 06:37 . 2012-05-08 06:37 -------- d-----w- c:\documents and settings\Donna\Application Data\AVG Secure Search

2012-04-25 06:01 . 2012-04-25 06:01 -------- d-----w- c:\documents and settings\Mikayla\Application Data\alotappbar

2012-04-25 06:01 . 2012-04-25 06:01 -------- d-----w- c:\documents and settings\Mikayla\Application Data\YouTube Downloader

2012-04-25 06:01 . 2012-04-25 06:01 -------- d-----w- c:\documents and settings\Mikayla\Application Data\Splashtop

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-21 07:25 . 2012-03-04 05:58 17488 ----a-w- c:\windows\gdrv.sys

2012-04-18 18:50 . 2012-04-18 18:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2012-04-18 00:29 . 2009-11-25 21:02 47360 ----a-w- c:\documents and settings\Greg\Application Data\pcouffin.sys

2012-04-11 13:14 . 2004-08-03 13:18 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 13:12 . 2004-08-03 13:17 1862272 ----a-w- c:\windows\system32\win32k.sys

2012-04-11 12:35 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-04 05:56 . 2009-04-19 09:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-18 19:17 . 2012-03-18 19:17 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2012-03-02 01:45 . 2012-03-02 01:45 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys

2012-03-01 11:01 . 2004-08-03 14:56 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-03-01 11:01 . 2004-08-03 14:56 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01 . 2004-08-03 14:56 43520 ------w- c:\windows\system32\licmgr10.dll

2012-02-29 14:10 . 2004-08-03 14:56 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10 . 2004-08-03 14:56 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17 . 2004-08-03 12:59 385024 ------w- c:\windows\system32\html.iec

2012-02-21 19:25 . 2012-02-21 19:25 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"= "c:\program files\Splashtop\Splashtop Connect IE\AddressBarSearch.dll" [2010-11-24 165776]

.

[HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}]

[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1]

[HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}]

[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}]

2011-12-13 21:30 48488 ----a-w- c:\program files\alotappbar\bin\BHO\ALOTHelperBHO.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-05-20 10:03 2067328 ----a-w- c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{A531D99C-5A22-449b-83DA-872725C6D0ED}"= "c:\program files\alotappbar\bin\ALOTHelper.dll" [2011-12-13 48488]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-05-20 2067328]

.

[HKEY_CLASSES_ROOT\clsid\{a531d99c-5a22-449b-83da-872725c6d0ed}]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]

"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-06-24 941968]

"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-06-24 3373968]

"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-06-24 20880]

"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GBB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-07-12 356352]

"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2006-03-23 1398272]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-02-27 552960]

"3170 Scan2PC"="c:\windows\Twain_32\Samsung\CLX3170\Scan2pc.exe" [2009-01-30 503808]

"Info Center"="c:\program files\PCPitstop\Info Center\InfoCenter.exe" [2011-04-22 24216]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-05-16 992648]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-07 421736]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-01-16 296056]

"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 19968]

"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]

"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]

"STCAgent"="c:\program files\Splashtop\Splashtop Connect IE\STCAgent.exe" [2010-11-24 776064]

"ZyngaGamesAgent"="c:\program files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544]

"RTHDCPL"="RTHDCPL.EXE" [2010-12-15 19967080]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-22 8425472]

"nwiz"="nwiz.exe" [2007-03-22 1622016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-03-22 81920]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-04 2587008]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-05-20 1116544]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Mikayla\Start Menu\Programs\Startup\

Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-12 3746856]

.

c:\documents and settings\Greg\Start Menu\Programs\Startup\

Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-12 3746856]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-03-07 49152]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk

backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]

2006-06-29 09:06 126976 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]

2006-06-29 09:06 1848150 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2005-06-06 13:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2010-01-13 00:46 166912 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-05-11 13:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2010-01-13 00:46 134656 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

2006-03-23 06:06 1398272 ------w- c:\program files\Ahead\InCD\InCD.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-12-07 14:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]

2002-11-08 09:50 19968 ----a-w- c:\windows\LOGI_MWX.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]

2007-07-15 03:47 98304 ----a-w- c:\program files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2010-01-13 00:46 135680 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 01:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2003-12-08 06:35 32768 ----a-w- c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2010-12-15 10:16 19967080 ----a-w- c:\windows\RTHDCPL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient 2.6]

2003-10-03 17:52 61440 ----a-w- c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-06-09 02:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup 2.5]

2004-04-09 15:31 184320 ----a-w- c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]

2006-06-29 20:31 1106386 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]

2002-11-22 16:15 631362 ----a-w- c:\program files\Logitech\iTouch\iTouch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

"c:\\WINDOWS\\twain_32\\Samsung\\ScanMgr.exe"=

"c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Scan2Pc.exe"=

"c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Sscan2io.exe"=

"c:\\Program Files\\FrostWire 5\\FrostWire.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 4:50 AM 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [31/01/2012 4:46 AM 31952]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [19/03/2012 5:17 AM 301248]

R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\drivers\EtronHub3.sys [8/02/2011 3:41 PM 32384]

R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\drivers\EtronXHCI.sys [8/02/2011 3:41 PM 52352]

S1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [4/03/2012 2:25 PM 18544]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [22/02/2012 5:25 AM 235216]

S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [16/05/2012 6:16 PM 785344]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [30/04/2012 9:44 AM 5106744]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14/02/2012 4:53 AM 193288]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]

S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [15/01/2012 9:08 AM 233472]

S2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [4/03/2012 2:19 PM 68136]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27/12/2009 3:56 AM 135664]

S2 SCBackService;Splashtop Connect Service;c:\program files\Splashtop\Splashtop Connect\BackService.exe [15/11/2010 9:21 PM 477000]

S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24/08/2010 7:38 PM 92008]

S2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [20/05/2012 8:03 PM 932736]

S2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;c:\program files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [24/03/2011 2:37 PM 493384]

S2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [22/03/2011 6:37 PM 497480]

S2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [18/05/2012 8:49 PM 185856]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [19/06/2009 11:26 AM 1691480]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 1:32 PM 139856]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23/12/2011 1:32 PM 24144]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 1:32 PM 17232]

S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 10:58 AM 11336]

S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [15/01/2012 9:17 AM 20032]

S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2/03/2012 11:45 AM 23456]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [15/01/2012 9:08 AM 36608]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [27/12/2009 3:56 AM 135664]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [4/08/2004 12:56 AM 14336]

S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [26/11/2009 7:02 AM 47360]

S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [15/01/2012 9:09 AM 98560]

S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [15/01/2012 9:09 AM 14848]

S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [15/01/2012 9:09 AM 123648]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - PXHELP20

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-16 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 02:34]

.

2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 17:55]

.

2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 17:55]

.

2012-05-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2052111302-515967899-839522115-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 05:02]

.

2012-05-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2052111302-515967899-839522115-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 05:02]

.

2012-05-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2052111302-515967899-839522115-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 05:02]

.

2012-05-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2052111302-515967899-839522115-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 05:02]

.

2012-05-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2052111302-515967899-839522115-1007.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 05:02]

.

2012-05-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2052111302-515967899-839522115-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 05:02]

.

2012-05-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2052111302-515967899-839522115-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 05:02]

.

2012-05-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2052111302-515967899-839522115-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 05:02]

.

2012-05-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2052111302-515967899-839522115-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 05:02]

.

2012-05-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2052111302-515967899-839522115-1007.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 05:02]

.

2012-03-02 c:\windows\Tasks\SpeedMaxPc Registration3.job

- c:\program files\Common Files\SpeedMaxPc\UUS3\UUS3.dll [2011-12-12 22:43]

.

2012-05-20 c:\windows\Tasks\SpeedMaxPc Update3.job

- c:\program files\Common Files\SpeedMaxPc\UUS3\Update3.exe [2011-12-12 22:43]

.

2012-05-15 c:\windows\Tasks\SpeedMaxPc.job

- c:\program files\SpeedMaxPc\SpeedMaxPc\SpeedMaxPc.exe [2011-12-22 00:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.bom.gov.au/nsw/forecasts/sydney.shtml

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Download all by YouTube Robot - c:\program files\YouTubeRobot\downall.htm

IE: Download by YouTube Robot - c:\program files\YouTubeRobot\downlink.htm

IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html

IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm

IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm

IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm

IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll

IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\AVG\AVG2012\avgdtiex.dll

TCP: DhcpNameServer = 192.168.1.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab

FF - ProfilePath - c:\documents and settings\Greg\Application Data\Mozilla\Firefox\Profiles\bfkr05z2.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb139?a=6R8th4b6Pa&i=26

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bc9fcc3bd-feeb-48b8-80b9-5d99f9dd4a4d%7D&mid=097e0683f449ce72601156b1a0997436-c5b31c3b348759663931cec5713ee445a364b64e&ds=AVG&v=11.0.0.9〈=en&pr=fr&d=2012-05-08%2013%3A04%3A47&sap=ku&q=

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8th4b6Pa&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - 845452440000000000001c6f65d3dcab

FF - user.js: extensions.incredibar_i.instlDay - 15478

FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1420:49

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6R8th4b6Pa

FF - user.js: extensions.incredibar_i.upn2n - 92824380633273732

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10650

FF - user.js: extensions.incredibar_i.ppd - 37%5F4

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{58655839-E2C3-33ED-C4FF-4C6F19F6D324} - c:\documents and settings\All Users\Application Data\wxDfast\bhoclass.dll

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe

MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

AddRemove-HijackThis - c:\documents and settings\Greg\Desktop\HijackThis.exe

AddRemove-SAMSUNG Mobile Composite Device - c:\windows\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe

AddRemove-{4F4C5E11-0612-48D2-8055-987992AAC432} - c:\documents and settings\All Users\Application Data\wxDfast\uninstall.exe

AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-12_Symbian_USB_Download_Driver - c:\program files\Samsung\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe

AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-blinkx beat - c:\program files\Blinkx\templates\uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-05-21 18:00

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2012-05-21 18:02:30

ComboFix-quarantined-files.txt 2012-05-21 08:02

.

Pre-Run: 67,521,642,496 bytes free

Post-Run: 68,955,176,960 bytes free

.

- - End Of File - - 5DA8F3E2A63853F742B6AEAAFA13C2B4

Link to post
Share on other sites

Hi, thats good to hear! :)

I reported your last post to request removal of the email address, never post your email address in public posts, as that way it can be used by a spambot to send you undesired mail.

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

  • Download the latest version of Java Runtime Environment (JRE) Version 7u3.
  • Look for "JDK 7u3 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-7-windows-i586.exe

    [*]Save it to your desktop

    [*]Close any programs you may have running - especially your web browser.

    [*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).

    [*]Reboot your computer once all Java components are removed.

    [*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
  2. Click the esetonlinebtn.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

    3. Check "YES, I accept the Terms of Use."
    4. Click the Start button.
    5. Accept any security warnings from your browser.
    6. Under scan settings, check "Scan Archives" and "Remove found threats"
    7. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

Link to post
Share on other sites

OK. the JAVA link led me to 7u4. Is that OK?

BTW. The email address I posted is no longer operable so there should have been no threat. I only provided it so you could either remove my old profile or consolidate them since I had no apparent way of modifying my account, or not that I could see anyway. I'd forgotten my password but going down that path had you guys sending messages to an email that I no longer have. So I just created a new account.

Link to post
Share on other sites

That looks like you applied a counterstrike to your text. :) (it happens when accidentally clicking the S button in the reply box.

ESET sometimes has trouble running. Can you instead update MBAM, and run a full scan? Post me the resulting log.

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.22.03

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Greg :: NEWPC [administrator]

23/05/2012 7:09:59 AM

mbam-log-2012-05-23 (07-09-59).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 439297

Time elapsed: 1 hour(s), 2 minute(s), 49 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\System Volume Information\_restore{F46128B1-00B7-44B8-8C7A-1B2D47BA83FA}\RP323\A0054135.rbf (PUP.Dealio.TB) -> No action taken.

(end)

Link to post
Share on other sites

The only object found was in system restore, which will be reset anyway in the following steps. :)

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time. In the run box type combofix /uninstall, then press OK.
      run-box.jpg
    • This will remove Combofix and other tools we used from your computer.

    [*]You can delete any other tool or log by simply deleting them.

Please read the following advice on how to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.