please help fix my computer

dgh · August 26, 2012

Hi and thank you for this forum of help.

My computer restarted two nights ago and when it rebooted, my desktop background was gone, all my desktop icons except IE where gone, and most of my programs are no longer visible in the start menu.

I have read through your forum and tried the following steps to resolve this problem before I posted.

I uninstalled my antivirus and installed AntiVir - ran as described in a previous post and found 8 trogan type detections. I quarantined those as instruced and then installed and ran malwarebytes.

Next I tried unhide.exe to find my still missing icons, folders, and programs. No luck.

I ran dds and saved the logs. I am including them in this post so that hopefully someone can help.

Thank you for your time.

DDS

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13

Run by Compaq_Owner at 20:57:38 on 2012-08-25

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.251 [GMT -5:00]

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\AppLifeUpdateService\Kjs.AppLife.Update.Service.Exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\WDBtnMgr.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Ask.com\Updater\Updater.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\Compaq_Owner\My Documents\RCA Detective\RCADetective.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.ku.edu/

uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=presario&pf=desktop

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop

uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

mURLSearchHooks: H - No File

BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll

BHO: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

EB: DF Bar: {67fcef90-073e-11de-8c30-0800200c9a66} - %SystemRoot%\system32\shdocvw.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet

uRun: [Google Update] "c:\documents and settings\compaq_owner\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [Easy Dock] c:\documents and settings\compaq_owner\my documents\rca easyrip\EZDock.exe

mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [iPInSightMonitor 01] "c:\program files\sbc yahoo!\connection manager\ip insight\IPMon32.exe"

mRun: [soundMan] SOUNDMAN.EXE

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [RemoteControl] "c:\program files\cyberlink dvd solution\powerdvd\PDVDServ.exe"

mRun: [WD Button Manager] WDBtnMgr.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Easy Dock]

mRun: [<NO NAME>]

mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\rcadet~1.lnk - c:\documents and settings\compaq_owner\my documents\rca detective\RCADetective.exe

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_02\bin\npjpi150_02.dll

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll

LSP: c:\program files\avira\antivir desktop\avsda.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab

DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab

DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://download.yahoo.com/dl/installs/yab_af.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab

DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - hxxp://photos.yahoo.com/ocx/us/yexplorer1_9us.cab

TCP: DhcpNameServer = 192.168.7.254

TCP: Interfaces\{2B8F85A8-21CE-4CA4-97A0-556E95F62B4D} : DhcpNameServer = 192.168.7.254

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\1dgsmh0l.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10400&locale=en_US&apn_uid=552eb79c-d8c0-4779-948e-505a8f6c4c7d&apn_ptnrs=^ABY&apn_sauid=84D03A4F-E7BF-402F-934A-D50596E5BB0E&apn_dtid=^YYYYYY^YY^US&&q=

FF - plugin: c:\program files\microsoft silverlight\4.0.50917.0\npctrlui.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_268.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll

.

============= SERVICES / DRIVERS ===============

.

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-8-23 36000]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-8-23 86224]

R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-8-23 110032]

R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2012-8-23 465360]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-8-23 83392]

R2 KjsUpdateService;AppLife Update Service;c:\program files\common files\applifeupdateservice\Kjs.AppLife.Update.Service.Exe [2008-4-23 12800]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-24 655944]

R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE1200xp.sys [2011-11-1 1034240]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-24 22344]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-15 250056]

S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-4-22 25244]

.

=============== Created Last 30 ================

.

2012-08-24 11:28:40 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-08-24 11:28:39 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-24 11:28:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-08-24 11:25:27 -------- d-----w- c:\documents and settings\compaq_owner\application data\AskToolbar

2012-08-24 04:32:30 -------- d-----w- c:\documents and settings\compaq_owner\application data\Avira

2012-08-24 04:26:26 -------- d-----w- c:\program files\Ask.com

2012-08-24 04:26:22 -------- d-----w- c:\documents and settings\compaq_owner\local settings\application data\AskToolbar

2012-08-24 04:25:53 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2012-08-24 04:25:52 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-08-24 04:25:48 -------- d-----w- c:\program files\Avira

2012-08-24 04:25:48 -------- d-----w- c:\documents and settings\all users\application data\Avira

2012-08-24 04:24:50 -------- d-----w- c:\documents and settings\compaq_owner\application data\Malwarebytes

2012-08-24 04:07:57 -------- d-----w- c:\documents and settings\compaq_owner\local settings\application data\Mozilla

2012-08-24 04:07:01 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2012-08-24 03:11:27 -------- d-----w- c:\documents and settings\compaq_owner\application data\AVG2012

2012-08-24 02:47:04 -------- d-----w- c:\documents and settings\compaq_owner\local settings\application data\Apple Computer

.

==================== Find3M ====================

.

2012-08-17 02:19:07 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-17 02:19:07 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2004-08-10 04:30:22 40960 ----a-w- c:\program files\Uninstall_CDS.exe

.

============= FINISH: 20:58:28.06 ===============

ATTACH

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 1/15/2005 1:26:39 AM

System Uptime: 8/25/2012 8:34:32 PM (0 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | Grouper

Processor: Intel® Pentium® 4 CPU 2.93GHz | CPU 1 | 2932/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 144 GiB total, 58.769 GiB free.

D: is FIXED (FAT32) - 5 GiB total, 0.82 GiB free.

E: is CDROM ()

F: is CDROM ()

H: is Removable

I: is Removable

J: is Removable

K: is Removable

N: is FIXED (FAT32) - 466 GiB total, 128.473 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: 1394 Net Adapter

Device ID: V1394\NIC1394\9871ADE01800

Manufacturer: Microsoft

Name: 1394 Net Adapter

PNP Device ID: V1394\NIC1394\9871ADE01800

Service: NIC1394

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Realtek RTL8139/810x Family Fast Ethernet NIC

Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A0B103C&REV_10\4&2E9A5DB2&0&10F0

Manufacturer: Realtek

Name: Realtek RTL8139/810x Family Fast Ethernet NIC

PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A0B103C&REV_10\4&2E9A5DB2&0&10F0

Service: rtl8139

.

==== System Restore Points ===================

.

RP836: 6/23/2012 12:32:10 AM - Installed AVG 2012

RP837: 6/23/2012 12:32:24 AM - Removed AVG 2011

RP838: 6/23/2012 12:32:52 AM - Installed AVG 2012

RP839: 6/23/2012 12:38:10 AM - Removed AVG 2011

RP840: 7/5/2012 12:40:32 AM - System Checkpoint

RP841: 7/23/2012 3:53:22 AM - System Checkpoint

RP842: 7/27/2012 1:23:01 AM - System Checkpoint

RP843: 8/9/2012 12:25:48 AM - System Checkpoint

RP844: 8/21/2012 6:25:56 AM - System Checkpoint

RP845: 8/23/2012 11:10:21 PM - Removed AVG 2012

RP846: 8/23/2012 11:12:04 PM - Removed AVG 2012

.

==== Installed Programs ======================

.

1300

1300_Help

1300Tour

1300Trb

7-Zip 4.65

Adobe Flash Player 11 Plugin

Adobe Flash Player ActiveX

Adobe Photoshop Album 2.0 Starter Edition

Adobe Photoshop Elements 6.0

Adobe Reader 7.0

Adobe Shockwave Player

Agere Systems PCI Soft Modem

AiO_Scan

AIOMinimal

AiOSoftware

allTunes

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Ask Toolbar

AT&T Yahoo! Applications

AT&T Yahoo! Music Jukebox

ATT-AACE

AVG PC Tuneup 2011

Avira Free Antivirus

Avira SearchFree Toolbar plus Web Protection Updater

AviSynth 2.5

Bonjour

CCleaner (remove only)

CCScore

Copy

COWON iAUDIO U2 Digital Audio Player

CreativeProjects

Curitel Packet Service Software

Director

DocProc

DVD Solution

Elecard MPEG-2 Decoder Pack G4

ESSBrwr

ESSCDBK

ESSgui

ESSini

ESSPCD

ESSPDock

ESSSONIC

ESSTOOLS

essvatgt

Fax

ffdshow v1.1.3507 [2010-07-07]

fflink

Fiesta Download Manager

Google Talk Plugin

Google Video Player

Help and Support Additions

Hotfix for Windows Internet Explorer 7 (KB947864)

HP Image Zone 3.5

HP PSC & OfficeJet 3.5

HP Software Update

HP Unload DLL Patch

hpmdtab

HpSdpAppCoreApp

HPSystemDiagnostics

Hudl Video Editor

InstantShare

Intel® Graphics Media Accelerator Driver

IntelliMover Data Transfer Demo

InterVideo WinDVD Player

iTunes

J2SE Runtime Environment 5.0 Update 2

Java 2 Runtime Environment, SE v1.4.2_03

Java 2 Runtime Environment, SE v1.4.2_06

JetShell PRO

kgcbaby

kgcbase

kgchday

kgchlwn

kgcinvt

kgckids

kgcmove

kgcvday

LegalSounds Music Downloader 1.8

LG USB Modem driver

Malwarebytes Anti-Malware version 1.62.0.1300

Memories Disc Creator 2.0

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0 Service Pack 1

Microsoft .NET Framework 3.0 Service Pack 1

Microsoft .NET Framework 3.5

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2000 Disc 2

Microsoft Office 2000 Professional

Microsoft Plus! Dancer LE

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works 7.0

MobileMe Control Panel

Move Networks Media Player for Internet Explorer

Mozilla Firefox 8.0.1 (x86 en-US)

MSN

MSN Music Assistant

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

netbrdg

OfotoXMI

Overland

PC-Doctor for Windows

PhotoGallery

PowerDirector Express

PowerDVD

PowerProducer

PrintScreen

PS2

Python 2.2 combined Win32 extensions

Python 2.2.1

QFolder

QuickProjects

QuickTime

RCA Detective™ 3.0.3.0

RCA easyRip 2.5.8.0

RCA Updater 2.1.7.0

Readme

RealPlayer

Scan

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

SHASTA

skin0001

SkinsHP1

SkinsHP2

SKINXSDK

staticcr

tooltips

TrayApp

Unload

URGE

VPRINTOL

WD Backup

WD Firewire HID Driver

WebFldrs XP

WebReg

Windows Genuine Advantage v1.3.0254.0

Windows Media Format 11 runtime

Windows Media Player 11

Windows Movie Maker 2.0

Windows XP Service Pack 3

WinX DVD Ripper 5.5.6

WIRELESS

XML Paper Specification Shared Components Pack 1.0

.

==== Event Viewer Messages From Past Week ========

.

8/23/2012 11:43:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

8/23/2012 11:42:32 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Aspi32 avipbb avkmgr Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SbcpHid ssmdrv Tcpip

8/23/2012 11:42:32 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

8/23/2012 11:42:32 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

8/23/2012 11:42:32 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.

8/23/2012 11:42:32 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

8/23/2012 11:42:32 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

8/23/2012 11:41:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

8/23/2012 11:41:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

8/22/2012 9:00:17 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

.

==== End Of File ===========================

TheDarkKnight · August 26, 2012

:welcome: I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear.

Please download to the Desktop RogueKiller (by tigzy).

Please quit all programs.
Start RogueKiller.exe.
Wait until Prescan has finished.
Click on Scan.
Click on Report and copy/paste the contents of the report in your next reply.

==========

Next, please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

==========

Next, please download to your Desktop:

TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

Click on the Start Scan button and wait for the scan and disinfection process to be over.
If an infected file is detected, the default action will be Cure. Instead, choose SKIP, then click on Continue
If a suspicious file is detected, the default action will be Skip, click on Continue
If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.

===========

In your reply please provide the following:

RogueKiller log.
ComboFix.txt.
TDSSKiller log.txt.

How is your computer running now?

dgh · August 26, 2012

^{As i try to close roguekiller to run combo fix i get the message "none element have been deleted. do you really want to quit?" should i delete anything or say no and simply close the program to run combo fix?}

TheDarkKnight · August 26, 2012

Hello dgh.

Please say no and proceed.

dgh · August 26, 2012

afternoon.

Ok... thank you. i am about to continue. will post shortly.

dgh · August 26, 2012

Rogue Killer log:

RogueKiller V8.0.0 [08/26/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Compaq_Owner [Admin rights]

Mode : Scan -- Date : 08/26/2012 15:35:19

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[Faked.Drv][FILE] nwlnknb.sys : C:\WINDOWS\system32\drivers\nwlnknb.sys --> CANNOT FIX

¤¤¤ Driver : [LOADED] ¤¤¤

SSDT[25] : NtClose @ 0x8056FA48 -> HOOKED (Unknown @ 0xF8C26EB4)

SSDT[41] : NtCreateKey @ 0x8057791D -> HOOKED (Unknown @ 0xF8C26E6E)

SSDT[50] : NtCreateSection @ 0x8056DB66 -> HOOKED (Unknown @ 0xF8C26EBE)

SSDT[53] : NtCreateThread @ 0x80586C45 -> HOOKED (Unknown @ 0xF8C26E64)

SSDT[63] : NtDeleteKey @ 0x80593334 -> HOOKED (Unknown @ 0xF8C26E73)

SSDT[65] : NtDeleteValueKey @ 0x80591F8B -> HOOKED (Unknown @ 0xF8C26E7D)

SSDT[66] : NtDeviceIoControlFile @ 0x805889A8 -> HOOKED (IPVNMon.sys @ 0xF8331803)

SSDT[68] : NtDuplicateObject @ 0x80581216 -> HOOKED (Unknown @ 0xF8C26EAF)

SSDT[98] : NtLoadKey @ 0x805CE7E5 -> HOOKED (Unknown @ 0xF8C26E82)

SSDT[122] : NtOpenProcess @ 0x80581702 -> HOOKED (Unknown @ 0xF8C26E50)

SSDT[128] : NtOpenThread @ 0x805E1939 -> HOOKED (Unknown @ 0xF8C26E55)

SSDT[177] : NtQueryValueKey @ 0x80573037 -> HOOKED (Unknown @ 0xF8C26ED7)

SSDT[193] : NtReplaceKey @ 0x806564B2 -> HOOKED (Unknown @ 0xF8C26E8C)

SSDT[200] : NtRequestWaitReplyPort @ 0x80579485 -> HOOKED (Unknown @ 0xF8C26EC8)

SSDT[204] : NtRestoreKey @ 0x80656049 -> HOOKED (Unknown @ 0xF8C26E87)

SSDT[213] : NtSetContextThread @ 0x80635947 -> HOOKED (Unknown @ 0xF8C26EC3)

SSDT[237] : NtSetSecurityObject @ 0x805D9CAC -> HOOKED (Unknown @ 0xF8C26ECD)

SSDT[247] : NtSetValueKey @ 0x8058228C -> HOOKED (Unknown @ 0xF8C26E78)

SSDT[255] : NtSystemDebugControl @ 0x80650D97 -> HOOKED (Unknown @ 0xF8C26ED2)

SSDT[257] : NtTerminateProcess @ 0x8058E695 -> HOOKED (Unknown @ 0xF8C26E5F)

S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0xF8C26EE6)

S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0xF8C26EEB)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG SP1614C +++++

--- User ---

[MBR] 15f2ec12ee5c81d34f3abef5e9846a15

[bSP] 068feaa962a87d66d8e6927bbac21038 : MBR Code unknown

Partition table:

0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 4776 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 9782640 | Size: 147840 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Combo Fix log:

ComboFix 12-08-25.04 - Compaq_Owner 08/26/2012 16:45:27.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.199 [GMT -5:00]

Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Compaq_Owner\WINDOWS

c:\documents and settings\Default User\WINDOWS

c:\windows\patch.exe

c:\windows\system32\config\systemprofile\WINDOWS

c:\windows\system32\drivers\npf.sys

c:\windows\system32\Packet.dll

c:\windows\system32\ps2.bat

c:\windows\system32\pthreadVC.dll

c:\windows\system32\regobj.dll

c:\windows\system32\SET6A.tmp

c:\windows\system32\SET6F.tmp

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

c:\windows\system32\WanPacket.dll

c:\windows\system32\wpcap.dll

D:\Autorun.inf

N:\autorun.inf

.

((((((((((((((((((((((((( Files Created from 2012-07-26 to 2012-08-26 )))))))))))))))))))))))))))))))

.

2012-08-24 04:25 . 2012-07-18 23:05 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2012-08-24 04:25 . 2012-07-18 23:05 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-08-24 04:25 . 2012-07-18 23:05 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-08-24 04:25 . 2012-08-24 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2012-08-24 04:25 . 2012-08-24 04:25 -------- d-----w- c:\program files\Avira

2012-08-24 04:24 . 2012-08-24 04:24 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes

2012-08-24 04:07 . 2012-08-24 04:07 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Mozilla

2012-08-24 04:07 . 2012-08-24 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2012-08-24 03:11 . 2012-08-24 03:11 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\AVG2012

2012-08-24 03:03 . 2012-08-24 03:03 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\SampleView

2012-08-24 03:02 . 2012-08-24 03:02 -------- d-----r- c:\documents and settings\Compaq_Owner\Application Data\yahoo!

2012-08-24 03:02 . 2012-08-24 03:02 -------- d-----r- c:\documents and settings\All Users\Application Data\yahoo!

2012-08-24 02:47 . 2012-08-24 02:47 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Apple Computer

2012-08-24 02:47 . 2012-08-24 02:47 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Apple Computer

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-17 02:19 . 2012-07-15 17:35 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-17 02:19 . 2011-06-24 22:43 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2004-08-10 04:30 . 2006-09-25 02:09 40960 ----a-w- c:\program files\Uninstall_CDS.exe

2011-11-21 04:04 . 2011-11-24 04:21 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824]

.

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2012-06-20 18:18 1519824 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-06-20 4351216]

"Easy Dock"="c:\documents and settings\Compaq_Owner\My Documents\RCA easyRip\EZDock.exe" [2011-08-12 585728]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]

"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209]

"IPInSightMonitor 01"="c:\program files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" [2003-07-14 98304]

"SoundMan"="SOUNDMAN.EXE" [2005-04-06 90112]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-08-10 180269]

"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-06-29 32768]

"WD Button Manager"="WDBtnMgr.exe" [2007-08-13 339968]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-20 1568976]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\

RCA Detective.lnk - c:\documents and settings\Compaq_Owner\My Documents\RCA Detective\RCADetective.exe [2012-7-15 866304]

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk

backup=c:\windows\pss\Compaq Connections.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Compaq Organize.lnk]

path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\Compaq Organize.lnk

backup=c:\windows\pss\Compaq Organize.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Picaboo.lnk]

path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\Picaboo.lnk

backup=c:\windows\pss\Picaboo.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-04-12 06:10 65536 -c--a-w- c:\windows\ALCMTR.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]

2005-04-06 23:53 2805248 -c--a-w- c:\windows\ALCWZRD.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2004-08-20 21:51 118784 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

2005-01-12 20:54 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-02-17 05:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]

1998-05-07 23:04 52736 -c--a-w- c:\windows\system\hpsysdrv.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2004-08-20 21:55 155648 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-12-13 23:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]

2003-09-13 03:13 98304 ----a-w- c:\windows\system32\ps2.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2005-03-04 09:36 36975 ----a-w- c:\program files\Java\jre1.5.0_02\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2004-08-10 15:04 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]

2006-07-21 22:19 129536 ----a-w- c:\progra~1\Yahoo!\browser\ybrwicon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\mshta.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\My Book\\WD Backup\\uBBMonitor.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [8/23/2012 11:25 PM 36000]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/23/2012 11:25 PM 86224]

R2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [8/23/2012 11:25 PM 465360]

R2 KjsUpdateService;AppLife Update Service;c:\program files\Common Files\AppLifeUpdateService\Kjs.AppLife.Update.Service.Exe [4/23/2008 4:33 PM 12800]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/24/2012 6:28 AM 655944]

R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE1200xp.sys [11/1/2011 10:08 PM 1034240]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/24/2012 6:28 AM 22344]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [7/15/2012 12:35 PM 250056]

S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [4/22/2008 10:36 PM 25244]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - TRUESIGHT

*Deregistered* - IPVNMon

*Deregistered* - TrueSight

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-26 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 02:19]

.

2012-07-28 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

.

2012-08-26 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\program files\Ask.com\UpdateTask.exe [2012-06-20 18:18]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.ku.edu/

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 192.168.7.254

FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\1dgsmh0l.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10400&locale=en_US&apn_uid=552eb79c-d8c0-4779-948e-505a8f6c4c7d&apn_ptnrs=^ABY&apn_sauid=84D03A4F-E7BF-402F-934A-D50596E5BB0E&apn_dtid=^YYYYYY^YY^US&&q=

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKLM-Run-Easy Dock - (no file)

MSConfigStartUp-KBD - c:\hp\KBD\KBD.EXE

MSConfigStartUp-PRISMSVR - c:\windows\system32\PRISMSVR.EXE

MSConfigStartUp-VTTimer - VTTimer.exe

AddRemove-Move Networks Player - IE - c:\documents and settings\Compaq_Owner\Application Data\Move Networks\ie_bin\Uninst.exe

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-26 16:58

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCDRSRVC]

"ImagePath"="system32\drivers\PCDRSRVC.pkms"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(752)

c:\program files\Avira\AntiVir Desktop\avsda.dll

.

Completion time: 2012-08-26 17:01:41

ComboFix-quarantined-files.txt 2012-08-26 22:01

.

Pre-Run: 66,692,169,728 bytes free

Post-Run: 67,807,461,376 bytes free

.

- - End Of File - - 3AB1F10423D4227BE52B8C10717FADC2

Task Killer log:

17:04:46.0734 1620 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48

17:04:47.0234 1620 ============================================================

17:04:47.0234 1620 Current date / time: 2012/08/26 17:04:47.0234

17:04:47.0234 1620 SystemInfo:

17:04:47.0234 1620

17:04:47.0234 1620 OS Version: 5.1.2600 ServicePack: 3.0

17:04:47.0234 1620 Product type: Workstation

17:04:47.0234 1620 ComputerName: D-OFFICE

17:04:47.0234 1620 UserName: Compaq_Owner

17:04:47.0234 1620 Windows directory: C:\WINDOWS

17:04:47.0234 1620 System windows directory: C:\WINDOWS

17:04:47.0234 1620 Processor architecture: Intel x86

17:04:47.0234 1620 Number of processors: 1

17:04:47.0234 1620 Page size: 0x1000

17:04:47.0234 1620 Boot type: Normal boot

17:04:47.0234 1620 ============================================================

17:04:48.0750 1620 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054

17:04:48.0890 1620 Drive \Device\Harddisk5\DR11 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

17:04:48.0906 1620 ============================================================

17:04:48.0906 1620 \Device\Harddisk0\DR0:

17:04:48.0906 1620 MBR partitions:

17:04:48.0906 1620 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x954531

17:04:48.0906 1620 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x954570, BlocksNum 0x120C0690

17:04:48.0906 1620 \Device\Harddisk5\DR11:

17:04:48.0906 1620 MBR partitions:

17:04:48.0906 1620 \Device\Harddisk5\DR11\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02

17:04:48.0906 1620 ============================================================

17:04:48.0953 1620 C: <-> \Device\Harddisk0\DR0\Partition2

17:04:48.0953 1620 D: <-> \Device\Harddisk0\DR0\Partition1

17:04:48.0953 1620 N: <-> \Device\Harddisk5\DR11\Partition1

17:04:48.0953 1620 ============================================================

17:04:48.0953 1620 Initialize success

17:04:48.0953 1620 ============================================================

17:05:17.0406 3844 ============================================================

17:05:17.0406 3844 Scan started

17:05:17.0406 3844 Mode: Manual;

17:05:17.0406 3844 ============================================================

17:05:19.0328 3844 ================ Scan system memory ========================

17:05:19.0343 3844 System memory - ok

17:05:19.0343 3844 ================ Scan services =============================

17:05:19.0562 3844 [ 6551C1CF190DF3E12C435A085987FBA0 ] 2WIREPCP C:\WINDOWS\system32\DRIVERS\2WirePCP.sys

17:05:19.0562 3844 2WIREPCP - ok

17:05:19.0578 3844 Abiosdsk - ok

17:05:19.0578 3844 abp480n5 - ok

17:05:19.0625 3844 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

17:05:19.0640 3844 ACPI - ok

17:05:19.0671 3844 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys

17:05:19.0671 3844 ACPIEC - ok

17:05:19.0781 3844 [ E8FE4FCE23D2809BD88BCC1D0F8408CE ] AdobeActiveFileMonitor6.0 C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

17:05:19.0781 3844 AdobeActiveFileMonitor6.0 - ok

17:05:19.0890 3844 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

17:05:19.0937 3844 AdobeFlashPlayerUpdateSvc - ok

17:05:19.0937 3844 adpu160m - ok

17:05:19.0968 3844 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys

17:05:19.0968 3844 aec - ok

17:05:20.0000 3844 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\WINDOWS\system32\drivers\Afc.sys

17:05:20.0000 3844 Afc - ok

17:05:20.0062 3844 [ 7E775010EF291DA96AD17CA4B17137D7 ] AFD C:\WINDOWS\System32\drivers\afd.sys

17:05:20.0062 3844 AFD - ok

17:05:20.0109 3844 [ C685CC27A2E637F0DCB5A45E67CC6F74 ] AFS2K C:\WINDOWS\system32\drivers\AFS2K.sys

17:05:20.0109 3844 AFS2K - ok

17:05:20.0187 3844 [ 029E01CB2938BEC5AF31BF47B6AF0159 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys

17:05:20.0234 3844 AgereSoftModem - ok

17:05:20.0250 3844 Aha154x - ok

17:05:20.0250 3844 aic78u2 - ok

17:05:20.0265 3844 aic78xx - ok

17:05:20.0312 3844 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

17:05:20.0312 3844 Alerter - ok

17:05:20.0328 3844 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe

17:05:20.0328 3844 ALG - ok

17:05:20.0328 3844 AliIde - ok

17:05:20.0375 3844 [ 8FCE268CDBDD83B23419D1F35F42C7B1 ] AmdK7 C:\WINDOWS\system32\DRIVERS\amdk7.sys

17:05:20.0375 3844 AmdK7 - ok

17:05:20.0390 3844 amsint - ok

17:05:20.0484 3844 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe

17:05:20.0484 3844 AntiVirSchedulerService - ok

17:05:20.0531 3844 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe

17:05:20.0531 3844 AntiVirService - ok

17:05:20.0609 3844 [ E38BA9FAB3981A2115C53260B930FD3C ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

17:05:20.0640 3844 AntiVirWebService - ok

17:05:20.0734 3844 [ 018857EAD9A077A56AEDFC0E5EF7A24A ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

17:05:20.0734 3844 Apple Mobile Device - ok

17:05:20.0750 3844 AppMgmt - ok

17:05:20.0781 3844 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys

17:05:20.0781 3844 Arp1394 - ok

17:05:20.0796 3844 asc - ok

17:05:20.0812 3844 asc3350p - ok

17:05:20.0812 3844 asc3550 - ok

17:05:20.0875 3844 [ B979979AB8027F7F53FB16EC4229B7DB ] ASPI C:\WINDOWS\System32\DRIVERS\ASPI32.sys

17:05:20.0875 3844 ASPI - ok

17:05:20.0875 3844 [ B979979AB8027F7F53FB16EC4229B7DB ] Aspi32 C:\WINDOWS\system32\drivers\Aspi32.sys

17:05:20.0875 3844 Aspi32 - ok

17:05:21.0000 3844 [ 4EABF511B1AF176A971C3271E48FA3A8 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

17:05:21.0000 3844 aspnet_state - ok

17:05:21.0015 3844 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

17:05:21.0015 3844 AsyncMac - ok

17:05:21.0046 3844 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

17:05:21.0046 3844 atapi - ok

17:05:21.0062 3844 Atdisk - ok

17:05:21.0093 3844 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

17:05:21.0093 3844 Atmarpc - ok

17:05:21.0140 3844 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

17:05:21.0140 3844 AudioSrv - ok

17:05:21.0187 3844 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

17:05:21.0187 3844 audstub - ok

17:05:21.0234 3844 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys

17:05:21.0234 3844 avgntflt - ok

17:05:21.0265 3844 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys

17:05:21.0265 3844 avipbb - ok

17:05:21.0312 3844 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys

17:05:21.0312 3844 avkmgr - ok

17:05:21.0359 3844 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

17:05:21.0359 3844 Beep - ok

17:05:21.0390 3844 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll

17:05:21.0453 3844 BITS - ok

17:05:21.0546 3844 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

17:05:21.0562 3844 Bonjour Service - ok

17:05:21.0593 3844 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll

17:05:21.0593 3844 Browser - ok

17:05:21.0750 3844 catchme - ok

17:05:21.0781 3844 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

17:05:21.0781 3844 cbidf2k - ok

17:05:21.0781 3844 cd20xrnt - ok

17:05:21.0812 3844 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

17:05:21.0812 3844 Cdaudio - ok

17:05:21.0828 3844 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

17:05:21.0828 3844 Cdfs - ok

17:05:21.0875 3844 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

17:05:21.0875 3844 Cdrom - ok

17:05:21.0875 3844 Changer - ok

17:05:21.0906 3844 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe

17:05:21.0906 3844 CiSvc - ok

17:05:21.0937 3844 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

17:05:21.0953 3844 ClipSrv - ok

17:05:21.0984 3844 [ 234B1BC2796483E1F5C3F26649FB3388 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

17:05:21.0984 3844 clr_optimization_v2.0.50727_32 - ok

17:05:22.0000 3844 CmdIde - ok

17:05:22.0000 3844 COMSysApp - ok

17:05:22.0015 3844 Cpqarray - ok

17:05:22.0062 3844 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

17:05:22.0062 3844 CryptSvc - ok

17:05:22.0078 3844 dac2w2k - ok

17:05:22.0078 3844 dac960nt - ok

17:05:22.0140 3844 [ 2589FE6015A316C0F5D5112B4DA7B509 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

17:05:22.0156 3844 DcomLaunch - ok

17:05:22.0187 3844 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

17:05:22.0187 3844 Dhcp - ok

17:05:22.0203 3844 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

17:05:22.0203 3844 Disk - ok

17:05:22.0218 3844 dmadmin - ok

17:05:22.0296 3844 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

17:05:22.0328 3844 dmboot - ok

17:05:22.0343 3844 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys

17:05:22.0359 3844 dmio - ok

17:05:22.0390 3844 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

17:05:22.0390 3844 dmload - ok

17:05:22.0437 3844 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll

17:05:22.0437 3844 dmserver - ok

17:05:22.0468 3844 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

17:05:22.0468 3844 DMusic - ok

17:05:22.0500 3844 [ 474B4DC3983173E4B4C9740B0DAC98A6 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

17:05:22.0500 3844 Dnscache - ok

17:05:22.0562 3844 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

17:05:22.0562 3844 Dot3svc - ok

17:05:22.0578 3844 dpti2o - ok

17:05:22.0609 3844 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

17:05:22.0609 3844 drmkaud - ok

17:05:22.0625 3844 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll

17:05:22.0625 3844 EapHost - ok

17:05:22.0656 3844 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll

17:05:22.0656 3844 ERSvc - ok

17:05:22.0703 3844 [ 0E776ED5F7CC9F94299E70461B7B8185 ] Eventlog C:\WINDOWS\system32\services.exe

17:05:22.0703 3844 Eventlog - ok

17:05:22.0750 3844 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll

17:05:22.0765 3844 EventSystem - ok

17:05:22.0781 3844 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

17:05:22.0781 3844 Fastfat - ok

17:05:22.0828 3844 [ 1E580770BDECE924494B368AC980749E ] fasttx2k C:\WINDOWS\system32\DRIVERS\fasttx2k.sys

17:05:22.0843 3844 fasttx2k - ok

17:05:22.0875 3844 [ 1926899BF9FFE2602B63074971700412 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

17:05:22.0890 3844 FastUserSwitchingCompatibility - ok

17:05:22.0937 3844 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe

17:05:22.0937 3844 Fax - ok

17:05:22.0984 3844 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys

17:05:22.0984 3844 Fdc - ok

17:05:23.0000 3844 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

17:05:23.0000 3844 Fips - ok

17:05:23.0078 3844 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

17:05:23.0093 3844 FLEXnet Licensing Service - ok

17:05:23.0109 3844 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys

17:05:23.0125 3844 Flpydisk - ok

17:05:23.0156 3844 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

17:05:23.0156 3844 FltMgr - ok

17:05:23.0250 3844 [ 993883524AA9CF1C90E1545411A9AC9C ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

17:05:23.0250 3844 FontCache3.0.0.0 - ok

17:05:23.0296 3844 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

17:05:23.0296 3844 Fs_Rec - ok

17:05:23.0328 3844 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

17:05:23.0328 3844 Ftdisk - ok

17:05:23.0359 3844 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

17:05:23.0359 3844 GEARAspiWDM - ok

17:05:23.0406 3844 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

17:05:23.0406 3844 Gpc - ok

17:05:23.0421 3844 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

17:05:23.0421 3844 HDAudBus - ok

17:05:23.0531 3844 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

17:05:23.0531 3844 helpsvc - ok

17:05:23.0546 3844 HidServ - ok

17:05:23.0578 3844 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys

17:05:23.0578 3844 HidUsb - ok

17:05:23.0625 3844 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

17:05:23.0625 3844 hkmsvc - ok

17:05:23.0640 3844 hpn - ok

17:05:23.0687 3844 [ 287A63BD8509BD78E7978823B38AFA81 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys

17:05:23.0687 3844 HPZid412 - ok

17:05:23.0703 3844 [ 0B4FDA2657C3E0315EAA57F9C6D4FD1F ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

17:05:23.0703 3844 HPZipr12 - ok

17:05:23.0734 3844 [ 29559DB25258B60510A60C4E470FCE32 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys

17:05:23.0750 3844 HPZius12 - ok

17:05:23.0781 3844 [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

17:05:23.0796 3844 HTTP - ok

17:05:23.0828 3844 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

17:05:23.0828 3844 HTTPFilter - ok

17:05:23.0843 3844 i2omgmt - ok

17:05:23.0859 3844 i2omp - ok

17:05:23.0875 3844 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

17:05:23.0875 3844 i8042prt - ok

17:05:23.0953 3844 [ 0ACEBB31989CBF9A5663FE4A33D28D21 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

17:05:23.0984 3844 ialm - ok

17:05:24.0046 3844 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

17:05:24.0062 3844 IDriverT - ok

17:05:24.0140 3844 [ E7CC3AEAED9893A88876744CD439F76C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

17:05:24.0171 3844 idsvc - ok

17:05:24.0187 3844 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

17:05:24.0187 3844 Imapi - ok

17:05:24.0234 3844 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe

17:05:24.0234 3844 ImapiService - ok

17:05:24.0250 3844 ini910u - ok

17:05:24.0375 3844 [ 44792CCBC7B41B42EC068C6416D17DE1 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys

17:05:24.0468 3844 IntcAzAudAddService - ok

17:05:24.0515 3844 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys

17:05:24.0515 3844 IntelIde - ok

17:05:24.0531 3844 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys

17:05:24.0531 3844 intelppm - ok

17:05:24.0546 3844 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys

17:05:24.0546 3844 Ip6Fw - ok

17:05:24.0593 3844 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

17:05:24.0593 3844 IpFilterDriver - ok

17:05:24.0625 3844 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

17:05:24.0625 3844 IpInIp - ok

17:05:24.0640 3844 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

17:05:24.0640 3844 IpNat - ok

17:05:24.0734 3844 [ 6E27978A4755F4789F912F5F49392F7C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

17:05:24.0765 3844 iPod Service - ok

17:05:24.0796 3844 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

17:05:24.0796 3844 IPSec - ok

17:05:24.0843 3844 [ F60AF0F89204A9177D110E3B2BD9FA0B ] IPVNMon C:\WINDOWS\system32\drivers\IPVNMon.sys

17:05:24.0859 3844 IPVNMon - ok

17:05:24.0890 3844 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

17:05:24.0890 3844 IRENUM - ok

17:05:24.0906 3844 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

17:05:24.0906 3844 isapnp - ok

17:05:24.0906 3844 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

17:05:24.0906 3844 Kbdclass - ok

17:05:24.0984 3844 [ C8103B2F45598C5E2A98697009ADD1F3 ] KjsUpdateService C:\Program Files\Common Files\AppLifeUpdateService\Kjs.AppLife.Update.Service.Exe

17:05:24.0984 3844 KjsUpdateService - ok

17:05:25.0000 3844 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

17:05:25.0000 3844 kmixer - ok

17:05:25.0015 3844 [ 1705745D900DABF2D89F90EBADDC7517 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

17:05:25.0015 3844 KSecDD - ok

17:05:25.0046 3844 [ F385F4B02C535BFFE1D70CAB80838123 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

17:05:25.0046 3844 lanmanserver - ok

17:05:25.0093 3844 [ 1B67B632786FEF1C1BBAEF46C2F3F2E6 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

17:05:25.0093 3844 lanmanworkstation - ok

17:05:25.0109 3844 lbrtfdc - ok

17:05:25.0187 3844 [ BCDF72DCE41874B3AD9143D537B493B2 ] Linksys_adapter_H C:\WINDOWS\system32\DRIVERS\AE1200xp.sys

17:05:25.0234 3844 Linksys_adapter_H - ok

17:05:25.0265 3844 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

17:05:25.0281 3844 LmHosts - ok

17:05:25.0296 3844 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys

17:05:25.0296 3844 MBAMProtector - ok

17:05:25.0359 3844 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

17:05:25.0390 3844 MBAMService - ok

17:05:25.0437 3844 [ D7010580BF4E45D5E793A1FE75758C69 ] MDC8021X C:\WINDOWS\system32\DRIVERS\mdc8021x.sys

17:05:25.0437 3844 MDC8021X - ok

17:05:25.0515 3844 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

17:05:25.0531 3844 MDM - ok

17:05:25.0562 3844 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll

17:05:25.0562 3844 Messenger - ok

17:05:25.0593 3844 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

17:05:25.0593 3844 mnmdd - ok

17:05:25.0640 3844 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

17:05:25.0640 3844 mnmsrvc - ok

17:05:25.0656 3844 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

17:05:25.0656 3844 Modem - ok

17:05:25.0671 3844 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

17:05:25.0671 3844 Mouclass - ok

17:05:25.0687 3844 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

17:05:25.0703 3844 MountMgr - ok

17:05:25.0703 3844 mraid35x - ok

17:05:25.0765 3844 [ 2BC9E43F55DE8C30FC817ED56D0EE907 ] MREMPR5 C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS

17:05:25.0765 3844 MREMPR5 - ok

17:05:25.0781 3844 [ 594B9D8194E3F4ECBF0325BD10BBEB05 ] MRENDIS5 C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS

17:05:25.0781 3844 MRENDIS5 - ok

17:05:25.0796 3844 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

17:05:25.0796 3844 MRxDAV - ok

17:05:25.0843 3844 [ 60AE98742484E7AB80C3C1450E708148 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

17:05:25.0875 3844 MRxSmb - ok

17:05:25.0890 3844 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

17:05:25.0906 3844 MSDTC - ok

17:05:25.0921 3844 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

17:05:25.0921 3844 Msfs - ok

17:05:25.0937 3844 MSIServer - ok

17:05:25.0937 3844 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

17:05:25.0953 3844 MSKSSRV - ok

17:05:25.0953 3844 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

17:05:25.0953 3844 MSPCLOCK - ok

17:05:25.0984 3844 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

17:05:25.0984 3844 MSPQM - ok

17:05:26.0015 3844 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

17:05:26.0015 3844 mssmbios - ok

17:05:26.0031 3844 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

17:05:26.0031 3844 Mup - ok

17:05:26.0078 3844 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll

17:05:26.0093 3844 napagent - ok

17:05:26.0109 3844 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

17:05:26.0125 3844 NDIS - ok

17:05:26.0140 3844 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

17:05:26.0140 3844 NdisTapi - ok

17:05:26.0171 3844 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

17:05:26.0171 3844 Ndisuio - ok

17:05:26.0187 3844 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

17:05:26.0203 3844 NdisWan - ok

17:05:26.0203 3844 [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

17:05:26.0203 3844 NDProxy - ok

17:05:26.0218 3844 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

17:05:26.0218 3844 NetBIOS - ok

17:05:26.0265 3844 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

17:05:26.0265 3844 NetBT - ok

17:05:26.0296 3844 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe

17:05:26.0312 3844 NetDDE - ok

17:05:26.0312 3844 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

17:05:26.0312 3844 NetDDEdsdm - ok

17:05:26.0359 3844 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe

17:05:26.0359 3844 Netlogon - ok

17:05:26.0390 3844 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll

17:05:26.0406 3844 Netman - ok

17:05:26.0453 3844 [ F9102685F97F9BA85F4A70AFCF722CFE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

17:05:26.0468 3844 NetTcpPortSharing - ok

17:05:26.0484 3844 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys

17:05:26.0484 3844 NIC1394 - ok

17:05:26.0531 3844 [ 832E4DD8964AB7ACC880B2837CB1ED20 ] Nla C:\WINDOWS\System32\mswsock.dll

17:05:26.0546 3844 Nla - ok

17:05:26.0562 3844 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

17:05:26.0562 3844 Npfs - ok

17:05:26.0609 3844 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

17:05:26.0640 3844 Ntfs - ok

17:05:26.0640 3844 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

17:05:26.0656 3844 NtLmSsp - ok

17:05:26.0703 3844 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

17:05:26.0718 3844 NtmsSvc - ok

17:05:26.0781 3844 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

17:05:26.0781 3844 Null - ok

17:05:26.0906 3844 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

17:05:26.0984 3844 nv - ok

17:05:27.0031 3844 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

17:05:27.0031 3844 NwlnkFlt - ok

17:05:27.0046 3844 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

17:05:27.0046 3844 NwlnkFwd - ok

17:05:27.0046 3844 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys

17:05:27.0062 3844 ohci1394 - ok

17:05:27.0078 3844 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys

17:05:27.0078 3844 Parport - ok

17:05:27.0078 3844 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

17:05:27.0078 3844 PartMgr - ok

17:05:27.0125 3844 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

17:05:27.0125 3844 ParVdm - ok

17:05:27.0156 3844 [ F9CB3EE1C3C85D760D2219C9C236DCCD ] PCDRSRVC C:\WINDOWS\system32\drivers\PCDRSRVC.pkms

17:05:27.0156 3844 PCDRSRVC - ok

17:05:27.0171 3844 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

17:05:27.0171 3844 PCI - ok

17:05:27.0171 3844 PCIDump - ok

17:05:27.0218 3844 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

17:05:27.0218 3844 PCIIde - ok

17:05:27.0250 3844 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys

17:05:27.0265 3844 Pcmcia - ok

17:05:27.0265 3844 PDCOMP - ok

17:05:27.0281 3844 PDFRAME - ok

17:05:27.0296 3844 PDRELI - ok

17:05:27.0296 3844 PDRFRAME - ok

17:05:27.0312 3844 perc2 - ok

17:05:27.0312 3844 perc2hib - ok

17:05:27.0375 3844 [ 444F122E68DB44C0589227781F3C8B3F ] pfc C:\WINDOWS\system32\drivers\pfc.sys

17:05:27.0375 3844 pfc - ok

17:05:27.0390 3844 [ 0E776ED5F7CC9F94299E70461B7B8185 ] PlugPlay C:\WINDOWS\system32\services.exe

17:05:27.0390 3844 PlugPlay - ok

17:05:27.0453 3844 [ 5C1CADD1CB67C0B9D8A84EC6E4D6B5CC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe

17:05:27.0453 3844 Pml Driver HPZ12 - ok

17:05:27.0468 3844 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

17:05:27.0468 3844 PolicyAgent - ok

17:05:27.0500 3844 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

17:05:27.0515 3844 PptpMiniport - ok

17:05:27.0531 3844 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys

17:05:27.0531 3844 Processor - ok

17:05:27.0546 3844 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

17:05:27.0546 3844 ProtectedStorage - ok

17:05:27.0593 3844 [ 9B793A1FFD480155FE9EE5261153F21B ] Ps2 C:\WINDOWS\system32\DRIVERS\PS2.sys

17:05:27.0593 3844 Ps2 - ok

17:05:27.0609 3844 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

17:05:27.0609 3844 PSched - ok

17:05:27.0656 3844 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

17:05:27.0656 3844 Ptilink - ok

17:05:27.0687 3844 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys

17:05:27.0687 3844 PxHelp20 - ok

17:05:27.0703 3844 ql1080 - ok

17:05:27.0703 3844 Ql10wnt - ok

17:05:27.0718 3844 ql12160 - ok

17:05:27.0734 3844 ql1240 - ok

17:05:27.0734 3844 ql1280 - ok

17:05:27.0765 3844 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

17:05:27.0765 3844 RasAcd - ok

17:05:27.0796 3844 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll

17:05:27.0796 3844 RasAuto - ok

17:05:27.0812 3844 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

17:05:27.0812 3844 Rasl2tp - ok

17:05:27.0859 3844 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll

17:05:27.0859 3844 RasMan - ok

17:05:27.0875 3844 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

17:05:27.0875 3844 RasPppoe - ok

17:05:27.0906 3844 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

17:05:27.0906 3844 Raspti - ok

17:05:27.0937 3844 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

17:05:27.0937 3844 Rdbss - ok

17:05:27.0953 3844 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

17:05:27.0953 3844 RDPCDD - ok

17:05:27.0984 3844 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

17:05:28.0000 3844 RDPWD - ok

17:05:28.0031 3844 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

17:05:28.0031 3844 RDSessMgr - ok

17:05:28.0046 3844 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

17:05:28.0062 3844 redbook - ok

17:05:28.0093 3844 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

17:05:28.0093 3844 RemoteAccess - ok

17:05:28.0125 3844 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe

17:05:28.0140 3844 RpcLocator - ok

17:05:28.0156 3844 [ 2589FE6015A316C0F5D5112B4DA7B509 ] RpcSs C:\WINDOWS\System32\rpcss.dll

17:05:28.0171 3844 RpcSs - ok

17:05:28.0218 3844 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe

17:05:28.0218 3844 RSVP - ok

17:05:28.0281 3844 [ 7436BFD3A542CF6FF55097200031B293 ] RT73 C:\WINDOWS\system32\DRIVERS\rt73.sys

17:05:28.0312 3844 RT73 - ok

17:05:28.0343 3844 [ 2EF9C0DC26B30B2318B1FC3FAA1F0AE7 ] rtl8139 C:\WINDOWS\system32\DRIVERS\R8139n51.SYS

17:05:28.0343 3844 rtl8139 - ok

17:05:28.0359 3844 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe

17:05:28.0359 3844 SamSs - ok

17:05:28.0421 3844 [ AAF28AB6EFFD8990BFE20398E92F101E ] SbcpHid C:\WINDOWS\system32\Drivers\SbcpHid.sys

17:05:28.0421 3844 SbcpHid - ok

17:05:28.0468 3844 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

17:05:28.0484 3844 SCardSvr - ok

17:05:28.0531 3844 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll

17:05:28.0531 3844 Schedule - ok

17:05:28.0625 3844 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

17:05:28.0625 3844 Secdrv - ok

17:05:28.0687 3844 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll

17:05:28.0687 3844 seclogon - ok

17:05:28.0734 3844 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll

17:05:28.0734 3844 SENS - ok

17:05:28.0781 3844 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys

17:05:28.0781 3844 Serial - ok

17:05:28.0843 3844 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

17:05:28.0843 3844 Sfloppy - ok

17:05:28.0890 3844 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

17:05:28.0906 3844 SharedAccess - ok

17:05:28.0937 3844 [ 1926899BF9FFE2602B63074971700412 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

17:05:28.0937 3844 ShellHWDetection - ok

17:05:28.0937 3844 Simbad - ok

17:05:29.0000 3844 [ 7467E510C81B19A6B590A3868F499B23 ] SiS315 C:\WINDOWS\system32\DRIVERS\sisgrp.sys

17:05:29.0000 3844 SiS315 - ok

17:05:29.0046 3844 [ 61CA562DEF09A782D26B3E7EDEC5369A ] SISAGP C:\WINDOWS\system32\DRIVERS\SISAGPX.sys

17:05:29.0046 3844 SISAGP - ok

17:05:29.0062 3844 [ 14ED728E44B0E7A169217127D8510CA9 ] SiSkp C:\WINDOWS\system32\DRIVERS\srvkp.sys

17:05:29.0062 3844 SiSkp - ok

17:05:29.0062 3844 SMNDIS5 - ok

17:05:29.0078 3844 Sparrow - ok

17:05:29.0109 3844 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

17:05:29.0109 3844 splitter - ok

17:05:29.0109 3844 [ D8E14A61ACC1D4A6CD0D38AEBAC7FA3B ] Spooler C:\WINDOWS\system32\spoolsv.exe

17:05:29.0125 3844 Spooler - ok

17:05:29.0125 3844 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

17:05:29.0125 3844 sr - ok

17:05:29.0156 3844 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll

17:05:29.0171 3844 srservice - ok

17:05:29.0218 3844 [ 3BB03F2BA89D2BE417206C373D2AF17C ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

17:05:29.0234 3844 Srv - ok

17:05:29.0250 3844 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

17:05:29.0265 3844 SSDPSRV - ok

17:05:29.0328 3844 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

17:05:29.0328 3844 ssmdrv - ok

17:05:29.0390 3844 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll

17:05:29.0437 3844 stisvc - ok

17:05:29.0500 3844 [ BC04D165DB2AAC42B73DF01B913C625B ] StMp3Rec C:\WINDOWS\system32\Drivers\StMp3Rec.sys

17:05:29.0500 3844 StMp3Rec - ok

17:05:29.0546 3844 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

17:05:29.0546 3844 swenum - ok

17:05:29.0609 3844 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

17:05:29.0609 3844 swmidi - ok

17:05:29.0609 3844 SwPrv - ok

17:05:29.0625 3844 symc810 - ok

17:05:29.0625 3844 symc8xx - ok

17:05:29.0640 3844 sym_hi - ok

17:05:29.0656 3844 sym_u3 - ok

17:05:29.0671 3844 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

17:05:29.0687 3844 sysaudio - ok

17:05:29.0703 3844 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

17:05:29.0703 3844 SysmonLog - ok

17:05:29.0734 3844 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

17:05:29.0750 3844 TapiSrv - ok

17:05:29.0796 3844 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

17:05:29.0812 3844 Tcpip - ok

17:05:29.0843 3844 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

17:05:29.0843 3844 TDPIPE - ok

17:05:29.0875 3844 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

17:05:29.0875 3844 TDTCP - ok

17:05:29.0906 3844 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

17:05:29.0906 3844 TermDD - ok

17:05:29.0937 3844 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll

17:05:29.0937 3844 TermService - ok

17:05:29.0968 3844 [ 1926899BF9FFE2602B63074971700412 ] Themes C:\WINDOWS\System32\shsvcs.dll

17:05:29.0968 3844 Themes - ok

17:05:29.0984 3844 TosIde - ok

17:05:30.0000 3844 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll

17:05:30.0000 3844 TrkWks - ok

17:05:30.0046 3844 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

17:05:30.0046 3844 Udfs - ok

17:05:30.0062 3844 ultra - ok

17:05:30.0109 3844 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

17:05:30.0125 3844 Update - ok

17:05:30.0171 3844 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll

17:05:30.0171 3844 upnphost - ok

17:05:30.0187 3844 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe

17:05:30.0187 3844 UPS - ok

17:05:30.0250 3844 [ 5C2BDC152BBAB34F36473DEAF7713F22 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys

17:05:30.0250 3844 USBAAPL - ok

17:05:30.0312 3844 [ D9F3BB7C292F194F3B053CE295754EB8 ] usbbus C:\WINDOWS\system32\DRIVERS\lgusbbus.sys

17:05:30.0312 3844 usbbus - ok

17:05:30.0343 3844 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

17:05:30.0343 3844 usbccgp - ok

17:05:30.0390 3844 [ C4F77DA649F99FAD116EA585376FC164 ] UsbDiag C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys

17:05:30.0390 3844 UsbDiag - ok

17:05:30.0406 3844 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

17:05:30.0406 3844 usbehci - ok

17:05:30.0437 3844 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

17:05:30.0437 3844 usbhub - ok

17:05:30.0453 3844 [ C0613CE45E617BC671DE8EBB1B30D175 ] USBModem C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys

17:05:30.0453 3844 USBModem - ok

17:05:30.0484 3844 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys

17:05:30.0484 3844 usbohci - ok

17:05:30.0500 3844 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

17:05:30.0500 3844 usbprint - ok

17:05:30.0531 3844 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

17:05:30.0531 3844 usbscan - ok

17:05:30.0531 3844 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

17:05:30.0531 3844 USBSTOR - ok

17:05:30.0546 3844 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys

17:05:30.0546 3844 usbuhci - ok

17:05:30.0546 3844 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

17:05:30.0546 3844 VgaSave - ok

17:05:30.0593 3844 [ 4B039BBD037B01F5DB5A144C837F283A ] viaagp1 C:\WINDOWS\system32\DRIVERS\viaagp1.sys

17:05:30.0593 3844 viaagp1 - ok

17:05:30.0656 3844 [ 19BBA101CB87D18FF04E7F24E1792AB0 ] viagfx C:\WINDOWS\system32\DRIVERS\vtmini.sys

17:05:30.0656 3844 viagfx - ok

17:05:30.0687 3844 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys

17:05:30.0687 3844 ViaIde - ok

17:05:30.0703 3844 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

17:05:30.0703 3844 VolSnap - ok

17:05:30.0750 3844 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe

17:05:30.0765 3844 VSS - ok

17:05:30.0781 3844 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll

17:05:30.0781 3844 W32Time - ok

17:05:30.0812 3844 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

17:05:30.0812 3844 Wanarp - ok

17:05:30.0828 3844 WDICA - ok

17:05:30.0843 3844 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

17:05:30.0843 3844 wdmaud - ok

17:05:30.0875 3844 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll

17:05:30.0890 3844 WebClient - ok

17:05:30.0984 3844 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

17:05:30.0984 3844 winmgmt - ok

17:05:31.0031 3844 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

17:05:31.0031 3844 WmdmPmSN - ok

17:05:31.0078 3844 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

17:05:31.0078 3844 WmiApSrv - ok

17:05:31.0218 3844 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe

17:05:31.0250 3844 WMPNetworkSvc - ok

17:05:31.0296 3844 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys

17:05:31.0296 3844 WpdUsb - ok

17:05:31.0343 3844 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys

17:05:31.0343 3844 WS2IFSL - ok

17:05:31.0375 3844 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll

17:05:31.0375 3844 wscsvc - ok

17:05:31.0421 3844 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll

17:05:31.0421 3844 wuauserv - ok

17:05:31.0484 3844 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys

17:05:31.0500 3844 WudfPf - ok

17:05:31.0531 3844 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WUDFRd C:\WINDOWS\system32\DRIVERS\WUDFRd.sys

17:05:31.0546 3844 WUDFRd - ok

17:05:31.0578 3844 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll

17:05:31.0578 3844 WudfSvc - ok

17:05:31.0640 3844 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

17:05:31.0671 3844 WZCSVC - ok

17:05:31.0718 3844 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

17:05:31.0718 3844 xmlprov - ok

17:05:31.0781 3844 ================ Scan global ===============================

17:05:31.0812 3844 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

17:05:31.0843 3844 [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll

17:05:31.0859 3844 [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll

17:05:31.0875 3844 [ 0E776ED5F7CC9F94299E70461B7B8185 ] C:\WINDOWS\system32\services.exe

17:05:31.0875 3844 [Global] - ok

17:05:31.0875 3844 ================ Scan MBR ==================================

17:05:31.0906 3844 [ BAD0263FBE81B49F5F07B32DC9D198B3 ] \Device\Harddisk0\DR0

17:05:32.0062 3844 \Device\Harddisk0\DR0 - ok

17:05:32.0078 3844 [ 8FF255184F078C9C04E6A2CE66117C5C ] \Device\Harddisk5\DR11

17:05:32.0078 3844 \Device\Harddisk5\DR11 - ok

17:05:32.0078 3844 ================ Scan VBR ==================================

17:05:32.0093 3844 [ 1F1C8700233698FDD062474536FF6D3E ] \Device\Harddisk0\DR0\Partition1

17:05:32.0093 3844 \Device\Harddisk0\DR0\Partition1 - ok

17:05:32.0093 3844 [ 4A14D0ACE94289F306CA97EAECCAAD27 ] \Device\Harddisk0\DR0\Partition2

17:05:32.0093 3844 \Device\Harddisk0\DR0\Partition2 - ok

17:05:32.0109 3844 [ BA1F1FA618D6DB4591865C419E307ECC ] \Device\Harddisk5\DR11\Partition1

17:05:32.0109 3844 \Device\Harddisk5\DR11\Partition1 - ok

17:05:32.0109 3844 ============================================================

17:05:32.0109 3844 Scan finished

17:05:32.0109 3844 ============================================================

17:05:32.0125 1880 Detected object count: 0

17:05:32.0125 1880 Actual detected object count: 0

As far as how my computer is running, it seems to be running okay outside of missing my desktop icons & start menu programs although I must admit I haven't really used it for anything other than posting here to try and get help with the problem.

Thank you for your time and assistance.

TheDarkKnight · August 27, 2012

Hey dgh.

Please re-run RogueKiller, and proceed to let it fix everything it finds. Post the new log in your reply.

==========

You have the Ask Toolbar (AskBarDis) installed. I strongly recommend you remove the Ask Toolbar from your computer because:

It promotes its toolbars on sites targeted at kids.

It promotes its toolbars through ads that appear to be part of other companies' sites.

It promotes its toolbars through other companies' spyware.

It is installed without any disclosure whatsoever and without any consent from the user whatsoever.

It solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.

It makes confusing changes to user's browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

Please go to Start>Control Panel> Add or Remove Programs and remove the following program (if present):

AskBarDis

Please restart your computer after this program removal.

==========

Next, please follow these instructions to remove the remaining malicious entries:

Please close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open Notepad and copy/paste the text in the quotebox below into it:
Please Note: Do NOT use any other text editor than Notepad or the CFScript will fail.

killall::
DDS::
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10400&locale=en_US&apn_uid=552eb79c-d8c0-4779-948e-505a8f6c4c7d&apn_ptnrs=^ABY&apn_sauid=84D03A4F-E7BF-402F-934A-D50596E5BB0E&apn_dtid=^YYYYYY^YY^US&&q=
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
Save this as CFScript.txt, in the same location as ComboFix.exe.
Referring to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at C:\ComboFix.txt.

Please post the ComboFix.txt in your next reply.

==========

Finally, please re-run Unhide.exe and see if the icons return.

==========

In your reply I would like to see the new log from RogueKiller and ComboFix.txt. are your icons still hidden?

dgh · August 27, 2012

ok... will do. after rogue killer runs do i click delete, fix host, fix proxy, fix dns, or fix shortcuts?

dgh · August 27, 2012

^{Hey Dark Knight....}

^{Things aren't going so well.}^{So ... I ran the Rogue Killer and it gave me 7 different reports. Do you want me to cut and paste all of them or just a specific one?}

^{Then I tried to remove the Ask toolbar and it's not listed under add/remove programs.}

^{Lastly ... I did everything as instructed to run ComboFix and things got worse. Combo Fix seemed to be working fine then a box popped up that said}

^{"This machine does not have the 'Microsoft Windows recover console' installed. Alternately, an existing installation of the recovery console may be present but requires updating. Without it, ComboFix shall not attempt the fixing of some serious infectons." It asked if I wanted to download and install so I clicked "yes" and got this message. "Failed to download required files. Aborting... Shall continue scanning for malware." I clicked ok. It seemed as though it was doing the scan, with the flashing cursor in the blue box, the same as it did last time but then the cursor stopped flashing after about 45 minutes and nothing else happened -- no info listed, no report, etc. My computer was froze. I had to power it off by holding the power button and then turn it back on so I could post to you.}

^{Please advise what I should do next...}

TheDarkKnight · August 27, 2012

Hello dgh.

For RogueKiller, just press delete.

For ComboFix, please boot into Safe Mode (restart and tap F8 repeatedly to bring up the boot screen menu). Try running ComboFix in Safe Mode and let me know how things go.

dgh · August 28, 2012

Good evening... so... still no icons or programs in the start menu.

Here are reports you asked for:

Rogue Killer 8

ogueKiller V8.0.0 [08/26/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Compaq_Owner [Admin rights]

Mode : Scan -- Date : 08/27/2012 20:19:27

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤

[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[Faked.Drv][FILE] nwlnknb.sys : C:\WINDOWS\system32\drivers\nwlnknb.sys --> CANNOT FIX

¤¤¤ Driver : [LOADED] ¤¤¤

SSDT[25] : NtClose @ 0x8056F8D7 -> HOOKED (Unknown @ 0xF8BDA36C)

SSDT[41] : NtCreateKey @ 0x80578ABE -> HOOKED (Unknown @ 0xF8BDA326)

SSDT[50] : NtCreateSection @ 0x8056DB66 -> HOOKED (Unknown @ 0xF8BDA376)

SSDT[53] : NtCreateThread @ 0x805860C0 -> HOOKED (Unknown @ 0xF8BDA31C)

SSDT[63] : NtDeleteKey @ 0x8059A5CD -> HOOKED (Unknown @ 0xF8BDA32B)

SSDT[65] : NtDeleteValueKey @ 0x805991EC -> HOOKED (Unknown @ 0xF8BDA335)

SSDT[66] : NtDeviceIoControlFile @ 0x80588ABD -> HOOKED (IPVNMon.sys @ 0xF8331803)

SSDT[68] : NtDuplicateObject @ 0x8057DDAF -> HOOKED (Unknown @ 0xF8BDA367)

SSDT[98] : NtLoadKey @ 0x805D608D -> HOOKED (Unknown @ 0xF8BDA33A)

SSDT[122] : NtOpenProcess @ 0x8057BB80 -> HOOKED (Unknown @ 0xF8BDA308)

SSDT[128] : NtOpenThread @ 0x80596A0F -> HOOKED (Unknown @ 0xF8BDA30D)

SSDT[177] : NtQueryValueKey @ 0x80572F19 -> HOOKED (Unknown @ 0xF8BDA38F)

SSDT[193] : NtReplaceKey @ 0x806570B6 -> HOOKED (Unknown @ 0xF8BDA344)

SSDT[200] : NtRequestWaitReplyPort @ 0x8057D89E -> HOOKED (Unknown @ 0xF8BDA380)

SSDT[204] : NtRestoreKey @ 0x80656C4D -> HOOKED (Unknown @ 0xF8BDA33F)

SSDT[213] : NtSetContextThread @ 0x8063629D -> HOOKED (Unknown @ 0xF8BDA37B)

SSDT[237] : NtSetSecurityObject @ 0x8059EC29 -> HOOKED (Unknown @ 0xF8BDA385)

SSDT[247] : NtSetValueKey @ 0x8057B4EF -> HOOKED (Unknown @ 0xF8BDA330)

SSDT[255] : NtSystemDebugControl @ 0x80651981 -> HOOKED (Unknown @ 0xF8BDA38A)

SSDT[257] : NtTerminateProcess @ 0x8058E6B9 -> HOOKED (Unknown @ 0xF8BDA317)

S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0xF8BDA39E)

S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0xF8BDA3A3)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG SP1614C +++++

--- User ---

[MBR] 15f2ec12ee5c81d34f3abef5e9846a15

[bSP] 068feaa962a87d66d8e6927bbac21038 : MBR Code unknown

Partition table:

0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 4776 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 9782640 | Size: 147840 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[8].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;

RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt

Rogue Killer 9

RogueKiller V8.0.0 [08/26/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Compaq_Owner [Admin rights]

Mode : Remove -- Date : 08/27/2012 20:20:11

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤

[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED