pb1947 Posted November 4, 2012 ID:609468 Share Posted November 4, 2012 Hi, My HD and modem started to thrash in unison about a week ago. I have a full registered version of AVG and have run full scans twice since and it showed a clean system. I started to smell a rat when my browser (google chrome) started to do weird things ie tabbing ads and weird sites. I have a full registered version of malwarebytes which was mothballed due to clashes at the time with AVG. (I currently have noticed that this is not the case now). I updated malwarebytes and ran a full scan and came up with a affiliates downloader which was subsequently removed. I then did another full scan with AVG and it picked up 16 malware/viruses??? after originally showing a clean system. These were removed and system rebootedI then did another scan with malware bytes with the modem switched off and picked up trojans in my memory and restore files which were removed and system reboot. I did a registery clean with Ccleaner and defragged. I then did another another fullscan with AVG and found yet another 3 Trojans 2 of which I could not remove, they were disabled and quarantined. Then I again rebooted (modem still switched off)I did one more scan with Malwarebytes and finally came up clean (Ironically I am not so sure about that). I then after a reboot switched on my modem and my harddisk started to thrash, the ethernet light and HD light are at this moment having a hernia and I know without going any further my problem is rewriting itself.Dont you hate it!!!! Below are the log pastes of dds and attachyour help will be appreciated. Cheers Pete DDS (Ver_2012-10-19.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2Run by peter smith at 18:22:36 on 2012-11-04Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3068.1985 [GMT 11:00].AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}FW: AVG Internet Security 2012 *Enabled* .============== Running Processes ================.C:\windows\system32\nvsvc32.exeC:\windows\system32\spoolsv.exeC:\Program Files\Creative\Shared Files\CTAudSvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\AVG\AVG2012\avgfws.exeC:\Program Files\AVG\AVG2012\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\windows\system32\CTsvcCDA.exeC:\Program Files\Motorola Media Link\Lite\NServiceEntry.exeC:\Program Files\Java\jre7\bin\jqs.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exeC:\windows\Explorer.EXEC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Motorola\MotoHelper\MotoHelperService.exeC:\Program Files\Microsoft LifeCam\MSCamS32.exeC:\Program Files\Nero\Update\NASvc.exeC:\windows\vVX3000.exeC:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeC:\windows\system32\CTXFIHLP.EXEC:\Program Files\AVG\AVG2012\avgtray.exeC:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\TomTom HOME 2\TomTomHOMERunner.exeC:\windows\system32\ctfmon.exeC:\Program Files\Windows Desktop Search\WindowsSearch.exeC:\Documents and Settings\peter smith\Start Menu\Programs\Startup\hpqtra08.exeC:\Program Files\MagicDisc\MagicDisc.exeC:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeC:\windows\system32\IoctlSvc.exeC:\windows\system32\PnkBstrA.exeC:\windows\system32\PnkBstrB.exeC:\Program Files\UPHClean\uphclean.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\windows\system32\SearchIndexer.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files\iPod\bin\iPodService.exeC:\windows\SYSTEM32\CTXFISPI.EXEC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\HP\Digital Imaging\bin\hpqbam08.exeC:\Documents and Settings\peter smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\peter smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\peter smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\peter smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\peter smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\peter smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\windows\System32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k WudfServiceGroupC:\windows\system32\svchost.exe -k NetworkServiceC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\svchost.exe -k LocalServiceC:\windows\System32\svchost.exe -k HPZ12C:\windows\System32\svchost.exe -k HPZ12C:\windows\system32\svchost.exe -k imgsvcC:\windows\system32\svchost.exe -k hpdevmgmt.============== Pseudo HJT Report ===============.uStart Page = hxxp://go.bigpond.com/home/index.jspuSearch Bar = hxxp://www.google.com/ieuSearch Page = hxxp://www.google.comuInternet Connection Wizard,ShellNext = iexploreuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%smSearchAssistant = hxxp://www.google.com/ieBHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - c:\program files\avg\avg2012\avgdtiex.dllBHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLLBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllBHO: CPrintEnhancer Object: {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - c:\program files\hp\smart web printing\SmartWebPrinting.dllBHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dllBHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\documents and settings\peter smith\application data\flashgetbho\FlashGetBHO3.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dllEB: Groove Folder Synchronization: {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} - c:\program files\microsoft office\office14\GROOVEEX.DLLuRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [Google Update] "c:\documents and settings\peter smith\local settings\application data\google\update\GoogleUpdate.exe" /cuRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MS-RTC EA 2; InfoPath.3; Creative AutoUpdate v1.40.01)" -"http://www.freeaddictinggames.com/game/knievels-wild-ride/"mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"mRun: [VX3000] c:\windows\vVX3000.exemRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exemRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exemRun: [CTxfiHlp] CTXFIHLP.EXEmRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServicesmRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [NBAgent] "c:\program files\nero\nero 11\nero backitup\NBAgent.exe" /WinStartmRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXEStartupFolder: c:\documents and settings\peter smith\start menu\programs\startup\hpqtra08.exeStartupFolder: c:\docume~1\peters~1\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exeStartupFolder: c:\documents and settings\peter smith\start menu\programs\startup\PowerReg Scheduler.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoDriveTypeAutoRun = dword:28mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1mPolicies-Explorer: NoDriveTypeAutoRun = dword:145IE: Download All By FlashGet3 - c:\documents and settings\peter smith\application data\flashgetbho\GetAllUrl.htmIE: Download By FlashGet3 - c:\documents and settings\peter smith\application data\flashgetbho\GetUrl.htmIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.htmlIE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dllIE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeLSP: mswsock.dllDPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CABDPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cabDPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cabDPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocxDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabDPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cabDPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cabDPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243504952390DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cabDPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cabDPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabDPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} - hxxp://games.bigfishgames.com/en_big-city-adventure-sydney-australia/online/JBGamePlayer.cabDPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cabDPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocxDPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabDPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cabFilter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLLHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dllHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLLSEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dllHosts: 127.0.0.1 www.spywareinfo.com.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\peter smith\application data\mozilla\firefox\profiles\lhrewx53.default\FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=109217&tt=120812_bandext_3312_8&babsrc=HP_ss&mntrId=08262c03000000000000001cc0a94c4dFF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=109217&tt=120812_bandext_3312_8&babsrc=KW_ss&mntrId=08262c03000000000000001cc0a94c4d&q=FF - prefs.js: network.proxy.type - 0FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dllFF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dllFF - plugin: c:\documents and settings\peter smith\application data\mozilla\firefox\profiles\lhrewx53.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\plugins\np-mswmp.dllFF - plugin: c:\documents and settings\peter smith\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dllFF - plugin: c:\progra~1\common~1\nero\browse~1\npBrowserPlugin.dllFF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLLFF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLLFF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\downloader\npdd.dllFF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dllFF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dllFF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dllFF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dllFF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dllFF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dllFF - plugin: c:\windows\system32\npdeployJava1.dllFF - plugin: c:\windows\system32\npptools.dllFF - plugin: c:\windows\system32\npwmsdrm.dllFF - ExtSQL: !HIDDEN! 2009-07-11 00:24; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension.---- FIREFOX POLICIES ----FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109217&tt=120812_bandext_3312_8FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ssFF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=FF - user.js: extensions.BabylonToolbar.id - 08262c03000000000000001cc0a94c4dFF - user.js: extensions.BabylonToolbar.instlDay - 15565FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.618:05:21FF - user.js: extensions.BabylonToolbar.prtnrId - babylonFF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbarFF - user.js: extensions.BabylonToolbar.aflt - babsstFF - user.js: extensions.BabylonToolbar_i.smplGrp - noneFF - user.js: extensions.BabylonToolbar.tlbrId - baseFF - user.js: extensions.BabylonToolbar.instlRef - sstFF - user.js: extensions.BabylonToolbar.dfltLng - enFF - user.js: extensions.BabylonToolbar.excTlbr - falseFF - user.js: extensions.BabylonToolbar.admin - false.============= SERVICES / DRIVERS ===============.R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-6 64288]R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [2012-4-18 56496]R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [2012-4-18 12464]R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-2-2 14776]R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 237408]R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-2-22 301920]R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-10-28 98392]R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2012-6-13 2321560]R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]R2 DeviceMonitorService;DeviceMonitorService;c:\program files\motorola media link\lite\NServiceEntry.exe [2011-9-19 87368]R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-7-8 54760]R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-3 399432]R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-12-7 214896]R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-11-25 687400]R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-26 35088]R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-3-14 2348352]R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2012-1-12 30944]R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-4-4 22856]R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2012-5-15 100456]R3 VMHybrid;VMHybrid service;c:\windows\system32\drivers\VMHybrid.sys [2008-9-1 1060224]S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-8-13 5167736]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-25 135664]S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-4-4 676936]S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2012-1-12 30944]S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys --> c:\windows\system32\drivers\motfilt.sys [?]S3 ComproHID;VideoMate Root Enumerated Hid Device;c:\windows\system32\drivers\ComproHID.sys [2009-5-22 7040]S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-7-18 79360]S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-25 135664]S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys --> c:\windows\system32\drivers\motccgp.sys [?]S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys --> c:\windows\system32\drivers\motccgpfl.sys [?]S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\motousbnet.sys --> c:\windows\system32\drivers\Motousbnet.sys [?]S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys --> c:\windows\system32\drivers\motusbdevice.sys [?]S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2009-8-21 36928]S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504].=============== Created Last 30 ================.2012-11-03 04:37:05 33280 ----a-w- c:\program files\microsoft games\halo\trainer.exe2012-11-03 04:18:59 -------- d-----w- C:\Halo2012-10-31 08:27:55 -------- d-----w- C:\extract2012-10-29 23:35:11 -------- d-----w- c:\program files\Aveyond - Gates of Night2012-10-27 00:10:53 -------- d-----w- c:\documents and settings\peter smith\application data\Aveyond 32012-10-26 23:46:07 441 ----a-w- c:\program files\2710201210460739.bat2012-10-26 13:47:37 -------- d-----w- c:\documents and settings\peter smith\local settings\application data\Buried In Time2012-10-26 12:40:34 -------- d-----w- c:\documents and settings\peter smith\application data\Mud Puddle Games2012-10-23 12:56:20 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll2012-10-20 23:11:47 -------- d-----w- c:\documents and settings\peter smith\application data\Oberon Media2012-10-20 23:11:38 -------- d-----w- c:\program files\common files\Oberon Media2012-10-20 23:09:14 -------- d-----w- c:\documents and settings\all users\application data\Oberon Media2012-10-20 23:09:09 -------- d-----w- c:\program files\Oberon Media2012-10-20 23:09:09 -------- d-----w- c:\program files\MSN Games2012-10-06 05:01:48 -------- d-----w- c:\program files\Cheat Engine 6.1.==================== Find3M ====================.2012-10-23 12:56:08 821736 ----a-w- c:\windows\system32\npdeployJava1.dll2012-10-23 12:56:08 746984 ----a-w- c:\windows\system32\deployJava1.dll2012-10-23 12:56:08 143872 ----a-w- c:\windows\system32\javacpl.cpl2012-09-29 08:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll2012-08-28 15:14:53 43520 ------w- c:\windows\system32\licmgr10.dll2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll2012-08-24 05:43:18 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys2012-08-21 13:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe2012-08-21 12:58:09 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe2012-08-08 07:21:25 256868 ----a-w- c:\windows\system32\nvdrsdb1.bin2012-08-08 07:21:25 1 ----a-w- c:\windows\system32\nvdrssel.bin2012-08-08 07:21:14 256868 ----a-w- c:\windows\system32\nvdrsdb0.bin.============= FINISH: 18:23:11.00 ===============DDS (Ver_2012-10-19.01).Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 22/05/2009 6:27:43 PMSystem Uptime: 4/11/2012 5:05:08 PM (1 hours ago).Motherboard: Intel Corporation | | DG41TYProcessor: Intel Pentium III Xeon processor | LGA775 | 2332/333mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 466 GiB total, 87.005 GiB free.D: is FIXED (NTFS) - 466 GiB total, 377.505 GiB free.E: is CDROM ()F: is RemovableG: is RemovableH: is RemovableI: is RemovableJ: is CDROM ()K: is Removable.==== Disabled Device Manager Items =============.Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}Description: Nokia 6120 classicDevice ID: ROOT\WPD\0000Manufacturer: NokiaName: Nokia 6120 classicPNP Device ID: ROOT\WPD\0000Service: WUDFRd.==== System Restore Points ===================.RP736: 8/08/2012 6:17:31 AM - System CheckpointRP737: 8/08/2012 11:10:01 AM - Installed Trains and Trucks TycoonRP738: 9/08/2012 2:32:01 PM - System CheckpointRP739: 12/08/2012 8:00:50 PM - System CheckpointRP740: 13/08/2012 6:08:24 PM - Restore OperationRP741: 14/08/2012 7:19:50 PM - System CheckpointRP742: 15/08/2012 12:17:09 PM - Software Distribution Service 3.0RP743: 16/08/2012 8:51:17 PM - System CheckpointRP744: 6/10/2012 9:04:56 AM - Installed DirectXRP745: 6/10/2012 9:05:36 AM - Installed Nero Prerequisite Installer 1.0.RP746: 6/10/2012 9:29:09 AM - Software Distribution Service 3.0RP747: 15/10/2012 4:28:43 PM - Software Distribution Service 3.0RP748: 17/10/2012 1:18:00 PM - Installed DirectXRP749: 18/10/2012 3:57:19 PM - System CheckpointRP750: 19/10/2012 4:59:24 PM - System CheckpointRP751: 21/10/2012 1:26:20 AM - System CheckpointRP752: 22/10/2012 2:07:08 AM - System CheckpointRP753: 23/10/2012 2:44:00 PM - System CheckpointRP754: 23/10/2012 11:55:41 PM - Removed Java 7 Update 5RP755: 26/10/2012 4:22:41 PM - System CheckpointRP756: 30/10/2012 1:12:55 AM - System CheckpointRP757: 31/10/2012 1:02:33 PM - System CheckpointRP758: 1/11/2012 1:43:31 PM - System CheckpointRP759: 4/11/2012 4:20:43 AM - System Checkpoint.==== Installed Programs ======================.100% Free Euchre 7.30100% Free Five Hundred 7.3032 Bit HP CIO Components Installer4 Elements900 Puzzle GamesACDSee Image Decoder UpdateACDSee Pro 4ACDSee RAW Image Decoder Plug-In Update 4.0Acrobat.comAdobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.4)Adobe Shockwave Player 11.6Age of Empires IIIAge of Empires III - The Asian DynastiesAIO_ScanAll My GodsANNO 1404Apple Application SupportApple Mobile Device SupportApple Software UpdateAustralian Pictorial Computer Stamp Catalogue 2012 EditionAustralian Pictorial Computer Stamp Organiser 2012 EditionAveyond - Gates of NightAveyond Lord of TwilightAVG 2012AVS Media Player 3.1AVS Mobile Uploader version 1.9AVS Update Manager 1.0AVS Video Converter 6AVS4YOU Software Navigator 1.3Be a King (remove only)Be RichBe RicherBejeweled Twist 1.0.3BestHD Blu-ray DVD Ripper 3.58.07Big Fish Games: Game ManagerBlokus World TourBonampakBonjourBoulder Dash®: Pirate's Quest™Brain Games: ChessBufferChmBuild-a-Lot 4: Power SourceBuild-a-lot: On VacationC4200c4200_HelpCallerIPCanasta From Special KCapitalism IICCleanerChampion ChefCheat Engine 6.1Chocolatier 2 - Secret IngredientsCoconut Queen (remove only)Compatibility Pack for the 2007 Office systemConvertXtoDVD 3.0.0.1CopyCradle of Persia 1.00Creative Audio Control PanelCreative Console LauncherCreative MediaSource 5Creative Software AutoUpdateCreative System InformationCreative WaveStudio 7CribbageCritical Update for Windows Media Player 11 (KB959772)Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDestination ComponentDeviceDiscoveryDeviceManagementQFolderDiablo IIDocProcDocProcQFolderDownloaderDragon KeeperDrawn: Dark Flight ®DVD Shrink 3.2East India Company CollectionEmpire Earth IIeSupportQFolderF.E.A.R. 2: Project OriginFallout 3Farm TribeFate of the PharaohFINAL FANTASY XIVFishdom (remove only)fishsim2Fishsim2.11h+FlashGet 3.3Flower Story - Fairy QuestFREEpingGarden DefenseGardenscapes 1.00Garmin USB DriversGarmin WebUpdaterGatling GearsgBurnerGFI LANguard 9.6Google ChromeGoogle Toolbar for Internet ExplorerGoogle Update HelperGovernor of PokerGreek Goddesses of SolitaireGuild WarsHoneybeeHospital TycoonHot DishHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB2158563)Hotfix for Windows XP (KB2443685)Hotfix for Windows XP (KB2570791)Hotfix for Windows XP (KB2633952)Hotfix for Windows XP (KB2756822)Hotfix for Windows XP (KB915800-v4)Hotfix for Windows XP (KB942288-v3)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB954708)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB970653-v3)Hotfix for Windows XP (KB976098-v2)Hotfix for Windows XP (KB979306)Hotfix for Windows XP (KB981793)Hoyle Board Games 2003HP Imaging Device Functions 8.0HP OCR Software 8.0HP Photosmart All-In-One Driver Software 9.0.A Corporate EditionHP Photosmart All-In-One Software 8.0HP Photosmart EssentialHP Product AssistantHP Product DetectionHP Smart Web Printing 1.0HP Solution Center 8.0HP UpdateHPProductAssistantHunting Unlimited 2010Island Tribe 1.00Island Tribe 2iTunesJava 7 Update 9Java Auto UpdaterJava 6 Update 29JavaFX 2.1.1Junk Mail filter updateK-Lite Mega Codec Pack 6.5.5Kingdom Chronicles Collector's EditionLand GrabbersLeft 4 Dead 2Left 4 Dead 2 Add-on SupportLeft 4 Dead 2 Authoring ToolsLegends of Atlantis: ExodusMagic FLAC to MP3 Converter 3.71MagicDisc 2.7.106Malwarebytes Anti-Malware version 1.65.1.1000MarblezMatroska Pack - Lazy Man's MKV 0.9.9Microsoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2656353)Microsoft .NET Framework 1.1 Security Update (KB2656370)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft Base Smart Card Cryptographic Service Provider PackageMicrosoft Choice GuardMicrosoft Compression Client Pack 1.0 for Windows XPMicrosoft Easy Assist v2Microsoft Fix it CenterMicrosoft Games for Windows - LIVE RedistributableMicrosoft Games for Windows MarketplaceMicrosoft HaloMicrosoft Kernel-Mode Driver Framework Feature Pack 1.7Microsoft LifeCamMicrosoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Groove MUI (English) 2010Microsoft Office InfoPath MUI (English) 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional Plus 2010Microsoft Office Proof (English) 2007Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Word MUI (English) 2010Microsoft SilverlightMicrosoft Software Update for Web Folders (English) 14Microsoft SQL Server 2005 Compact Edition [ENU]Microsoft User-Mode Driver Framework Feature Pack 1.7Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Windows XP Video Decoder Checkup UtilityMicrosoft Works 6-9 ConverterMicrosoft WSE 3.0 RuntimeMiriel the Magical Merchant (remove only)MobileMe Control PanelMonopoly (remove only)Monument Builders: Eiffel TowerMortimer Beckett and the Time ParadoxMotoHelper 2.1.32 Driver 5.4.0MotoHelper MergeModulesMOTOROLA MEDIA LINKMotorola Mobile Drivers Installation 5.4.0Mount&Blade With Fire and SwordMozilla Firefox 8.0.1 (x86 en-GB)MSVC80_x86MSVC80_x86_v2MSVC90_x86MSVCRTMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP2 Parser and SDKMy Farm Life 2My Kingdom For The Princess IIMy Life Story (remove only)My TribeNero 11Nero 8 EssentialsNero Abstract ThemesNero Audio Pack 1Nero BackItUp 11Nero BackItUp 11 Help (CHM)Nero Backup DriversNero Blu-ray PlayerNero Burning ROM 11Nero Burning ROM 11 Help (CHM)Nero ClipartsNero ControlCenterNero ControlCenter Help (CHM)Nero Core ComponentsNero CoverDesigner 11Nero CoverDesigner 11 Help (CHM)Nero Disc Menus 1Nero Disc Menus 2Nero Disc Menus 3Nero Disc Menus BasicNero Effects BasicNero Express 11Nero Express 11 Help (CHM)Nero Family and Events ThemesNero Football (Soccer) ThemesNero Holiday and Sports ThemesNero Image SamplesNero Kwik MediaNero Kwik Media Help (CHM)Nero Kwik Themes BasicNero PiP Effects 1Nero PiP Effects BasicNero Prerequisite Installer 1.0Nero Recode 11Nero Recode 11 Help (CHM)Nero RescueAgent 11Nero RescueAgent 11 Help (CHM)Nero SharedVideoCodecsNero SoundTrax 11Nero SoundTrax 11 Help (CHM)Nero UpdateNero Video 11Nero Video 11 Help (CHM)Nero Video SamplesNero Video Transitions 1Nero WaveEditor 11Nero WaveEditor 11 Help (CHM)nero.prerequisites.msineroxmlNew Yankee in King Arthur's CourtNokia Connectivity Cable DriverNokia Ovi SuiteNokia Ovi Suite Software UpdaterNokia PC SuiteNokia Software UpdaterNVIDIA Control Panel 267.59NVIDIA Graphics Driver 267.59NVIDIA HD Audio Driver 1.1.13.1NVIDIA Install ApplicationNVIDIA nView 136.18NVIDIA nView Desktop ManagerNVIDIA PhysXNVIDIA PhysX System Software 9.12.0213NVIDIA Update 1.7.11NVIDIA Update ComponentsOGA Notifier 2.0.0048.0Open Sea FishingOpenALOpera 11.60Ovi Desktop Sync EngineOviMPlatformPakoomboPath To SuccessPC Connectivity SolutionPhoto Story 3 for WindowsPL-2303 USB-to-SerialPlants vs. Zombies (remove only)ps_aio_corporatePS_AIO_ProductContextPS_AIO_SoftwarePS_AIO_Software_minPunkBuster ServicesQuickTimeRailroad Tycoon 3Railroad Tycoon 3 1.06Rapala Pro FishingRAW - Realms of Ancient WarREALTEK GbE & FE Ethernet PCI-E NIC DriverRealtek High Definition Audio DriverRobinson Crusoe and The Cursed PiratesRoyal Envoy Collector's EditionScanSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Extended (KB2416472)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553091)Security Update for Microsoft Office 2010 (KB2553096)Security Update for Microsoft Office 2010 (KB2553260) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553371) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553447) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589320) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589322) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589337) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2597986) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2598243) 32-Bit EditionSecurity Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit EditionSecurity Update for Microsoft SharePoint Workspace 2010 (KB2566445)Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit EditionSecurity Update for Microsoft Windows (KB2564958)Security Update for Microsoft Word 2010 (KB2553488) 32-Bit EditionSecurity Update for Windows Internet Explorer 8 (KB2510531)Security Update for Windows Internet Explorer 8 (KB2544521)Security Update for Windows Internet Explorer 8 (KB2618444)Security Update for Windows Internet Explorer 8 (KB2647516)Security Update for Windows Internet Explorer 8 (KB2675157)Security Update for Windows Internet Explorer 8 (KB2699988)Security Update for Windows Internet Explorer 8 (KB2722913)Security Update for Windows Internet Explorer 8 (KB2744842)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows Media Encoder (KB2447961)Security Update for Windows Media Encoder (KB954156)Security Update for Windows Media Encoder (KB979332)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB968816)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player 11 (KB936782)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows Search 4 - KB963093Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2121546)Security Update for Windows XP (KB2160329)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2259922)Security Update for Windows XP (KB2279986)Security Update for Windows XP (KB2286198)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2296199)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2412687)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2436673)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2476490)Security Update for Windows XP (KB2476687)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2479628)Security Update for Windows XP (KB2479943)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485376)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2503658)Security Update for Windows XP (KB2503665)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2506223)Security Update for Windows XP (KB2507618)Security Update for Windows XP (KB2507938)Security Update for Windows XP (KB2508272)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2510581)Security Update for Windows XP (KB2511455)Security Update for Windows XP (KB2524375)Security Update for Windows XP (KB2535512)Security Update for Windows XP (KB2536276-v2)Security Update for Windows XP (KB2536276)Security Update for Windows XP (KB2544521)Security Update for Windows XP (KB2544893-v2)Security Update for Windows XP (KB2544893)Security Update for Windows XP (KB2555917)Security Update for Windows XP (KB2562937)Security Update for Windows XP (KB2566454)Security Update for Windows XP (KB2567053)Security Update for Windows XP (KB2567680)Security Update for Windows XP (KB2570222)Security Update for Windows XP (KB2570947)Security Update for Windows XP (KB2584146)Security Update for Windows XP (KB2585542)Security Update for Windows XP (KB2592799)Security Update for Windows XP (KB2598479)Security Update for Windows XP (KB2603381)Security Update for Windows XP (KB2618444)Security Update for Windows XP (KB2618451)Security Update for Windows XP (KB2619339)Security Update for Windows XP (KB2620712)Security Update for Windows XP (KB2621440)Security Update for Windows XP (KB2624667)Security Update for Windows XP (KB2631813)Security Update for Windows XP (KB2633171)Security Update for Windows XP (KB2639417)Security Update for Windows XP (KB2641653)Security Update for Windows XP (KB2646524)Security Update for Windows XP (KB2647516)Security Update for Windows XP (KB2647518)Security Update for Windows XP (KB2653956)Security Update for Windows XP (KB2655992)Security Update for Windows XP (KB2659262)Security Update for Windows XP (KB2660465)Security Update for Windows XP (KB2661637)Security Update for Windows XP (KB2676562)Security Update for Windows XP (KB2685939)Security Update for Windows XP (KB2686509)Security Update for Windows XP (KB2691442)Security Update for Windows XP (KB2695962)Security Update for Windows XP (KB2698365)Security Update for Windows XP (KB2705219)Security Update for Windows XP (KB2707511)Security Update for Windows XP (KB2712808)Security Update for Windows XP (KB2718523)Security Update for Windows XP (KB2719985)Security Update for Windows XP (KB2723135)Security Update for Windows XP (KB2724197)Security Update for Windows XP (KB2731847)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB938464-v2)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950760)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB954459)Security Update for Windows XP (KB954600)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958687)Security Update for Windows XP (KB958690)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960715)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961371)Security Update for Windows XP (KB961373)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB963027)Security Update for Windows XP (KB968537)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB969898)Security Update for Windows XP (KB969947)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971486)Security Update for Windows XP (KB971557)Security Update for Windows XP (KB971633)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973346)Security Update for Windows XP (KB973354)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973525)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978251)Security Update for Windows XP (KB978262)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979559)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980218)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB980436)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981852)Security Update for Windows XP (KB981957)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982214)Security Update for Windows XP (KB982665)Security Update for Windows XP (KB982802)Seeds of SorcerySegoe UIShabanSid Meier's Railroads!Simon3DSkype ToolbarsSkype™ 5.10Smart Defrag 2SolutionCenterSoundFont Bank ManagerSPORE™SPORE™ Galactic AdventuresStar Defender 4StatusSteamswMSMSylenth1 v2.20System Requirements LabThe Chronicles of SpellbornThe Fall Trilogy 1.00The Golden Years: Way Out WestThe Island: Castaway 2The Sims Carnival - BumperBlastThe Sims MedievalThe Timebuilders - Caveman's ProphecyTomTom HOME 2.7.3.1894TomTom HOME Visual Studio Merge ModulesToolboxTrackMania 2TrayAppTrucks & Trailers 1.00Turbo SubsTweak UIUbisoft Game LauncherUndelete 360Uniblue DriverScanner 2009Uniblue System TweakerUnloadSupportUpdate for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft .NET Framework 4 Client Profile (KB2473228)Update for Microsoft Office 2010 (KB2553065)Update for Microsoft Office 2010 (KB2553092)Update for Microsoft Office 2010 (KB2553181) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553267) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553270) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office 2010 (KB2596964) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2598289) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2553290) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2589345) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2553248) 32-Bit EditionUpdate for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit EditionUpdate for Microsoft Windows (KB971513)Update for Windows Internet Explorer 8 (KB2598845)Update for Windows XP (KB2141007)Update for Windows XP (KB2345886)Update for Windows XP (KB2467659)Update for Windows XP (KB2492386)Update for Windows XP (KB2541763)Update for Windows XP (KB2607712)Update for Windows XP (KB2616676)Update for Windows XP (KB2641690)Update for Windows XP (KB2661254-v2)Update for Windows XP (KB2718704)Update for Windows XP (KB2736233)Update for Windows XP (KB2749655)Update for Windows XP (KB951978)Update for Windows XP (KB955759)Update for Windows XP (KB955839)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971029)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)User Profile Hive Cleanup ServiceVC80CRTRedist - 8.0.50727.6195VCRedistSetupVirtual City (remove only)Virtual Villagers - The Secret CityVirtual Villagers - The Secret City 1.0Virtual Villagers 3 - The Secret City FixedVisual C++ 2008 x86 Runtime - (v9.0.30729)Visual C++ 2008 x86 Runtime - v9.0.30729.01WebFldrs XPWebRegWelcome App (Start-up experience)Westward IV - All Aboard (remove only)Windows 7 Upgrade AdvisorWindows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)Windows Driver Package - Nokia Modem (10/05/2009 4.2)Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)Windows Genuine Advantage Notifications (KB905474)Windows Genuine Advantage Validation Tool (KB892130)Windows Internet Explorer 8Windows Live Communications PlatformWindows Live EssentialsWindows Live Family SafetyWindows Live ID Sign-in AssistantWindows Live MailWindows Live Photo GalleryWindows Live SyncWindows Live Upload ToolWindows Live WriterWindows Management Framework CoreWindows Media Encoder 9 SeriesWindows Media Format 11 runtimeWindows Media Player 11Windows Media Player Firefox PluginWindows Search 4.0WinPcap 4.1.2WinRAR archiverWireshark 1.4.1World Mosaics 4 1.00World Of ZelliansYouda Farmer 3 - SeasonsYouda Survivor.==== Event Viewer Messages From Past Week ========.3/11/2012 10:18:16 PM, error: Service Control Manager [7022] - The WebClient service hung on starting.2/11/2012 8:13:49 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.2/11/2012 5:30:26 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.2/11/2012 5:30:13 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service hpqddsvc with arguments "" in order to run the server: {2C82180E-8C3C-4A1B-BEB1-B9140713E701}.==== End Of File =========================== Link to post Share on other sites More sharing options...
Staff gringo_pr Posted November 4, 2012 Staff ID:609480 Share Posted November 4, 2012 Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.[*]Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.[*]Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.[*]Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.-Security Check-Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.-AdwCleaner-Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[s1].txt as well.--RogueKiller-- Download & SAVE to your Desktop RogueKiller or from here Quit all programs that you may have started. Please disconnect any USB or external drives from the computer before you run this scan! For Vista or Windows 7, right-click and select "Run as Administrator to start"For Windows XP, double-click to start. Wait until Prescan has finished ... Then Click on "Scan" button Wait until the Status box shows "Scan Finished"click on "delete" Wait until the Status box shows "Deleting Finished" Click on "Report" and copy/paste the content of the Notepad into your next reply.The log should be found in RKreport[1].txt on your DesktopExit/Close RogueKiller+Gringo Link to post Share on other sites More sharing options...
pb1947 Posted November 4, 2012 Author ID:609672 Share Posted November 4, 2012 Hi, I lost report for security check, I did not notice this until I ran other two programs my system crashed during this and some scans had too be done again. My browser was still diverting to ads after these 2 were run. I also had a block by AVG when I rebooted after all the processes you requested were ran. ie File Name :- qszmg.justdied.com/index.php? Threat Name :- Exploit Rogue Scanner (type831)Cheers and thanks Pete # AdwCleaner v2.006 - Logfile created 11/05/2012 at 09:56:35# Updated 30/10/2012 by Xplode# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)# User : peter smith - PB1947# Boot Mode : Normal# Running from : C:\Documents and Settings\peter smith\Desktop\adwcleaner.exe# Option [search]***** [services] ********** [Files / Folders] *****File Found : C:\Documents and Settings\peter smith\Application Data\Mozilla\Firefox\Profiles\lhrewx53.default\BrowserMngr_extensions.sqliteFile Found : C:\Documents and Settings\peter smith\Application Data\Mozilla\Firefox\Profiles\lhrewx53.default\browsermngr_prefs.jsFile Found : C:\Documents and Settings\peter smith\Application Data\Mozilla\Firefox\Profiles\lhrewx53.default\searchplugins\BabylonMngr.xmlFile Found : C:\Program Files\Mozilla FireFox\Components\AskSearch.jsFile Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xmlFile Found : C:\user.jsFile Found : C:\windows\Tasks\Browser Manager.jobFolder Found : C:\DOCUME~1\PETERS~1\LOCALS~1\Temp\CT2504091Folder Found : C:\Documents and Settings\All Users\Application Data\Browser ManagerFolder Found : C:\Documents and Settings\All Users\Application Data\InstallMateFolder Found : C:\Documents and Settings\All Users\Application Data\PremiumFolder Found : C:\Documents and Settings\All Users\Application Data\TrymediaFolder Found : C:\Documents and Settings\All Users\Start Menu\Programs\iWinFolder Found : C:\Documents and Settings\peter smith\Application Data\BabylonFolder Found : C:\Documents and Settings\peter smith\Application Data\BabylonToolbarFolder Found : C:\Documents and Settings\peter smith\Application Data\iWinFolder Found : C:\Documents and Settings\peter smith\Application Data\Mozilla\Firefox\Profiles\lhrewx53.default\CT2504091Folder Found : C:\Documents and Settings\peter smith\Application Data\Mozilla\Firefox\Profiles\lhrewx53.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}Folder Found : C:\Documents and Settings\peter smith\Application Data\PriceGongFolder Found : C:\Documents and Settings\peter smith\Local Settings\Application Data\ConduitFolder Found : C:\Documents and Settings\peter smith\Local Settings\Application Data\ConduitEngineFolder Found : C:\Program Files\BabylonToolbarFolder Found : C:\Program Files\ConduitFolder Found : C:\Program Files\iWinFolder Found : C:\Program Files\Trymedia***** [Registry] *****Key Found : HKCU\Software\AppDataLow\SoftwareKey Found : HKCU\Software\AppDataLow\Software\ConduitKey Found : HKCU\Software\ConduitKey Found : HKCU\Software\HeadlightKey Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B0DE3308-5D5A-470D-81B9-634FC078393B}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D360201-FFF5-11D1-8D03-00A0C959BC0A}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B0DE3308-5D5A-470D-81B9-634FC078393B}Key Found : HKCU\Software\PriceGongKey Found : HKCU\Software\SmartBarKey Found : HKLM\SOFTWARE\Classes\CLSID\{2D360201-FFF5-11D1-8D03-00A0C959BC0A}Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Found : HKLM\SOFTWARE\Classes\Conduit.EngineKey Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2790392Key Found : HKLM\Software\ConduitKey Found : HKLM\Software\GamesBarSetupKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngineKey Found : HKLM\SOFTWARE\SoftwareKey Found : HKLM\Software\SoftwareKey Found : HKU\S-1-5-21-1409082233-1708537768-1801674531-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}***** [internet Browsers] *****-\\ Internet Explorer v8.0.6001.18702[OK] Registry is clean.-\\ Mozilla Firefox v8.0.1 (en-GB)Profile name : default File : C:\Documents and Settings\peter smith\Application Data\Mozilla\Firefox\Profiles\lhrewx53.default\prefs.jsFound : user_pref("CT2504091.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");Found : user_pref("CT2504091.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]Found : user_pref("CT2504091.FirstTime", "true");Found : user_pref("CT2504091.FirstTimeFF3", "true");Found : user_pref("CT2504091.UserID", "UN00269778162390743");Found : user_pref("CT2504091.addressBarTakeOverEnabledInHidden", "true");Found : user_pref("CT2504091.autoDisableScopes", -1);Found : user_pref("CT2504091.cbfirsttime", "Mon Aug 13 2012 18:06:13 GMT+1000 (AUS Eastern Standard Time)");Found : user_pref("CT2504091.defaultSearch", "false");Found : user_pref("CT2504091.embeddedsData", "[{\"appId\":\"129079840422026594\",\"apiPermissions\":{\"cross[...]Found : user_pref("CT2504091.enableAlerts", "false");Found : user_pref("CT2504091.enableSearchFromAddressBar", "true");Found : user_pref("CT2504091.firstTimeDialogOpened", "true");Found : user_pref("CT2504091.fixPageNotFoundError", "true");Found : user_pref("CT2504091.fixPageNotFoundErrorInHidden", "true");Found : user_pref("CT2504091.fixUrls", true);Found : user_pref("CT2504091.installId", "ConduitNSISIntegration");Found : user_pref("CT2504091.installType", "ConduitNSISIntegration");Found : user_pref("CT2504091.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");Found : user_pref("CT2504091.isNewTabEnabled", true);Found : user_pref("CT2504091.isPerformedSmartBarTransition", "true");Found : user_pref("CT2504091.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");Found : user_pref("CT2504091.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Ablank\",\"EB_MAIN_FRA[...]Found : user_pref("CT2504091.openThankYouPage", "false");Found : user_pref("CT2504091.openUninstallPage", "false");Found : user_pref("CT2504091.search.searchAppId", "129079840422026594");Found : user_pref("CT2504091.search.searchCount", "0");Found : user_pref("CT2504091.searchInNewTabEnabledInHidden", "true");Found : user_pref("CT2504091.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");Found : user_pref("CT2504091.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]Found : user_pref("CT2504091.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\[...]Found : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]Found : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]Found : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]Found : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]Found : user_pref("CT2504091.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1344845171657");Found : user_pref("CT2504091.serviceLayer_services_appsMetadata_lastUpdate", "1344845158127");Found : user_pref("CT2504091.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1344845156751");Found : user_pref("CT2504091.serviceLayer_services_login_10.10.20.14_lastUpdate", "1344845171783");Found : user_pref("CT2504091.serviceLayer_services_optimizer_lastUpdate", "1344845171279");Found : user_pref("CT2504091.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1344845156777");Found : user_pref("CT2504091.serviceLayer_services_searchAPI_lastUpdate", "1344845155668");Found : user_pref("CT2504091.serviceLayer_services_serviceMap_lastUpdate", "1344845154672");Found : user_pref("CT2504091.serviceLayer_services_toolbarContextMenu_lastUpdate", "1344845156727");Found : user_pref("CT2504091.serviceLayer_services_toolbarSettings_lastUpdate", "1344845155360");Found : user_pref("CT2504091.serviceLayer_services_translation_lastUpdate", "1344845170806");Found : user_pref("CT2504091.settingsINI", true);Found : user_pref("CT2504091.shouldFirstTimeDialog", "false");Found : user_pref("CT2504091.smartbar.CTID", "CT2504091");Found : user_pref("CT2504091.smartbar.Uninstall", "0");Found : user_pref("CT2504091.smartbar.toolbarName", "Vuze Remote ");Found : user_pref("CT2504091.startPage", "false");Found : user_pref("CT2504091.toolbarBornServerTime", "13-8-2012");Found : user_pref("CT2504091.toolbarCurrentServerTime", "13-8-2012");Found : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=109217&tt=120812_bandext_3312_8&ba[...]Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");Found : user_pref("browser.search.order.1", "Search the web (Babylon)");Found : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");Found : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=109217&tt=120812_bandext_331[...]Found : user_pref("extensions.BabylonToolbar.admin", false);Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");Found : user_pref("extensions.BabylonToolbar.excTlbr", false);Found : user_pref("extensions.BabylonToolbar.id", "08262c03000000000000001cc0a94c4d");Found : user_pref("extensions.BabylonToolbar.instlDay", "15565");Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");Found : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");Found : user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6");Found : user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6");Found : user_pref("extensions.BabylonToolbar_i.babExt", "");Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109217&tt=120812_bandext_3312_8");Found : user_pref("extensions.BabylonToolbar_i.newTab", true);Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=109217&tt=12081[...]Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.618:05:21");Found : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=109217&tt=120812_bandext_3312_8&babsrc=KW[...]-\\ Google Chrome v22.0.1229.94File : C:\Documents and Settings\peter smith\Local Settings\Application Data\Google\Chrome\User Data\Default\PreferencesFound [l.13] : homepage = "hxxp://search.babylon.com/?affID=109217&tt=120812_bandext_3312_8&babsrc=HP_ss&mntrId=08262c03000000000000001cc0a94c4d",Found [l.1586] : homepage = "hxxp://search.babylon.com/?affID=109217&tt=120812_bandext_3312_8&babsrc=HP_ss&mntrId=08262c03000000000000001cc0a94c4d",-\\ Opera v11.60.1185.0File : C:\Documents and Settings\peter smith\Application Data\Opera\Opera\operaprefs.ini[OK] File is clean.*************************AdwCleaner[R1].txt - [12311 octets] - [05/11/2012 09:39:30]AdwCleaner[s1].txt - [349 octets] - [05/11/2012 09:42:46]AdwCleaner[R2].txt - [11997 octets] - [05/11/2012 09:56:35]########## EOF - C:\AdwCleaner[R2].txt - [12058 octets] ##########RogueKiller V8.2.2 [11/03/2012] by Tigzymail: tigzyRK<at>gmail<dot>comFeedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/Website: http://tigzy.geekstogo.com/roguekiller.phpBlog: http://tigzyrk.blogspot.comOperating System: Windows XP (5.1.2600 Service Pack 3) 32 bits versionStarted in : Normal modeUser : peter smith [Admin rights]Mode : Scan -- Date : 11/05/2012 09:29:33¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 2 ¤¤¤[TASK][sUSP PATH] NSSstub.job : C:\DOCUME~1\PETERS~1\LOCALS~1\Temp\{887A5008-70E1-4FC7-812F-9B0B772FF3CE}\nssstub.exe -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [LOADED] ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\windows\system32\drivers\etc\hosts127.0.0.1 localhost127.0.0.1 www.007guard.com127.0.0.1 007guard.com127.0.0.1 008i.com127.0.0.1 www.008k.com127.0.0.1 008k.com127.0.0.1 www.00hq.com127.0.0.1 00hq.com127.0.0.1 010402.com127.0.0.1 www.032439.com127.0.0.1 032439.com127.0.0.1 www.0scan.com127.0.0.1 0scan.com127.0.0.1 www.1000gratisproben.com127.0.0.1 1000gratisproben.com127.0.0.1 www.1001namen.com127.0.0.1 1001namen.com127.0.0.1 100888290cs.com127.0.0.1 www.100888290cs.com127.0.0.1 100sexlinks.com[...]¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: ST31000333AS +++++--- User ---[MBR] ea784c8cab1d412493f0e8296eb075de[bSP] 5810d739f7f69ddc51f4cc775ca8f251 : Windows XP MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 976752000 | Size: 476929 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[1]_S_11052012_02d0929.txt >>RKreport[1]_S_11052012_02d0929.txt Link to post Share on other sites More sharing options...
Staff gringo_pr Posted November 5, 2012 Staff ID:609701 Share Posted November 5, 2012 HelloI Would like you to do the following.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts.When finished, it will produce a report for you.Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the followingLog from Combofixlet me know of any problems you may have hadHow is the computer doing now?Gringo Link to post Share on other sites More sharing options...
pb1947 Posted November 5, 2012 Author ID:609903 Share Posted November 5, 2012 Hi and once again thank you for your time Gringo. I once again had hiccups. I have AVG 2012 and it is slightly different to the advice for disabling 2011. Never the less I tempory disabled AVG, after this was applied the next window had the time limit which I set to 15 minutes, the only check box in this window was disable firewall which I also checked and okayed, AVG showed all function icons in red. I then followed instructions and ran combofix and combo fix said AVG was still running real time protection??? I still ran combofix as I know I disabled AVG 2012, combofix after the scan rebooted and did over 40 stages, it then started to delete files in my personal settings etc and deleted folders and then just stopped. After one hour I had to make the decision to enable task manager as it was the only function I had to reboot the system. I have gone no further at this stage and once again I am unable to provide you with a log file. Currently I have noticed that the ethernet LED has stopped thrashing but the HD is still thrashing. I decided to be patient and await your next reply instead of trying with combo fix again. Cheers and thanks Pete Link to post Share on other sites More sharing options...
pb1947 Posted November 5, 2012 Author ID:609906 Share Posted November 5, 2012 My apologies, I forgot to inform you that combofix did find a nasty that it said would be difficult to remove and also the browser diversions seem to have stopped, I am disappointed that this system would not let me to get to the combofix log stage. I also know that I have damaged files but I will not repair with xp cd or touch anything until your reply, cheers Pete Link to post Share on other sites More sharing options...
Staff gringo_pr Posted November 5, 2012 Staff ID:609912 Share Posted November 5, 2012 HelloOk lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan. Boot into Safe ModeReboot your computer in Safe Mode.If the computer is running, shut down Windows, and then turn off the power.Wait 30 seconds, and then turn the computer on.Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.Ensure that the Safe Mode option is selected.Press Enter. The computer then begins to start in Safe mode.Login on your usual account.after combofix has finished its scan please post the report back here.Gringo Link to post Share on other sites More sharing options...
pb1947 Posted November 7, 2012 Author ID:610194 Share Posted November 7, 2012 Hi Gringo and thank you, your time is appreciated.I followed your instructions re safe mode, but not without hiccups. In safe mode combofix still flagged me that AVG2012 real time shields were still active.I ignored this as I did a barefoot safe mode boot. while running combofix I got flagged again :- pev-application error - Memory at 0x006f0072 could not be read while I was pondering this, combofix ran on again and continued to finish and the attached log was provided.I then rebooted to normal and after breakfast I came back and the system had an AVG flag that it had detected a trojan the following is the AVG flag info:-File name - c:\system volume information\_restore{34ea6b75-dfbf-4096-962b-86b79104cbda}\rp759\a0471039.sysThreat Name - Trojan Horse Rootkit - Pakes.CDProcess Name - c:\windows\system32\svhost.exeProcess ID -1704Cheers PeteComboFix 12-11-05.03 - Administrator 07/11/2012 9:37.2.4 - x86 MINIMALMicrosoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3068.2740 [GMT 11:00]Running from: c:\downloads\new\ComboFix.exeAV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}FW: AVG Internet Security 2012 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}.WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\$NtUninstallKB28281$\2509306838.---- Previous Run -------.c:\documents and settings\All Users\Application Data\Herofyc:\documents and settings\All Users\Application Data\Herofy\save.apsc:\documents and settings\All Users\Application Data\TEMPc:\documents and settings\peter smith\Application Data\.#c:\documents and settings\peter smith\Application Data\inst.exec:\documents and settings\peter smith\Application Data\log.txtc:\documents and settings\peter smith\Application Data\vso_ts_preview.xmlc:\documents and settings\peter smith\My Documents\~WRL3877.tmpc:\windows\$NtUninstallKB28281$c:\windows\$NtUninstallKB28281$\3496787477\@c:\windows\$NtUninstallKB28281$\3496787477\Desktop.inic:\windows\$NtUninstallKB28281$\3496787477\L\00000004.@c:\windows\$NtUninstallKB28281$\3496787477\L\201d3ddec:\windows\$NtUninstallKB28281$\3496787477\L\vxpsoriic:\windows\$NtUninstallKB28281$\3496787477\U\00000004.@c:\windows\$NtUninstallKB28281$\3496787477\U\00000008.@c:\windows\$NtUninstallKB28281$\3496787477\U\000000cb.@c:\windows\$NtUninstallKB28281$\3496787477\U\80000000.@c:\windows\$NtUninstallKB28281$\3496787477\U\80000032.@c:\windows\desktopc:\windows\desktop\185.85_desktop_winxp_32bit_english_whql.exe.FDPARTc:\windows\Downloaded Program Files\ODCTOOLSc:\windows\Downloaded Program Files\ODCTOOLS\ef6b26db-344d-4ad3-ba24-aca0bdaa999a.cabc:\windows\Downloaded Program Files\ODCTOOLS\f04d289f-c60a-422b-8396-6c372047042e.cabc:\windows\Downloaded Program Files\popcaploader.infc:\windows\ST6UNST.000c:\windows\system32\AutoRun.infc:\windows\system32\avgfwdx.dllc:\windows\system32\ctfmon_D.exec:\windows\system32\drivers\etc\hosts.icsc:\windows\system32\URTTempc:\windows\system32\URTTemp\regtlib.exeD:\install.exe..((((((((((((((((((((((((( Files Created from 2012-10-06 to 2012-11-06 )))))))))))))))))))))))))))))))..2012-11-05 20:47 . 2008-04-14 12:00 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys2012-11-05 20:47 . 2008-04-14 12:00 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys2012-11-04 22:42 . 2012-11-04 22:42 161 ----a-w- c:\windows\DeleteOnReboot.bat2012-11-03 04:37 . 2003-10-01 02:48 33280 ----a-w- c:\program files\Microsoft Games\Halo\trainer.exe2012-11-03 04:18 . 2012-11-03 04:32 -------- d-----w- C:\Halo2012-11-02 03:53 . 2012-11-02 03:53 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache2012-11-01 10:30 . 2012-11-01 10:30 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache2012-10-31 08:27 . 2012-11-03 22:01 -------- d-----w- C:\extract2012-10-29 23:35 . 2012-11-01 10:25 -------- d-----w- c:\program files\Aveyond - Gates of Night2012-10-27 00:10 . 2012-10-29 23:35 -------- d-----w- c:\documents and settings\peter smith\Application Data\Aveyond 32012-10-26 23:46 . 2012-10-26 23:46 441 ----a-w- c:\program files\2710201210460739.bat2012-10-26 13:47 . 2012-10-26 13:47 -------- d-----w- c:\documents and settings\peter smith\Local Settings\Application Data\Buried In Time2012-10-26 12:40 . 2012-10-26 12:40 -------- d-----w- c:\documents and settings\peter smith\Application Data\Mud Puddle Games2012-10-23 12:56 . 2012-10-23 12:56 -------- d-----w- c:\program files\Common Files\Java2012-10-23 12:56 . 2012-10-23 12:56 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll2012-10-20 23:11 . 2012-10-20 23:11 -------- d-----w- c:\documents and settings\peter smith\Application Data\Oberon Media2012-10-20 23:11 . 2012-10-20 23:11 -------- d-----w- c:\program files\Common Files\Oberon Media2012-10-20 23:09 . 2012-10-20 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Oberon Media2012-10-20 23:09 . 2012-10-27 00:09 -------- d-----w- c:\program files\Oberon Media2012-10-20 23:09 . 2012-10-27 00:09 -------- d-----w- c:\program files\MSN Games...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-10-23 12:56 . 2012-02-24 02:22 821736 ----a-w- c:\windows\system32\npdeployJava1.dll2012-10-23 12:56 . 2011-09-21 07:55 143872 ----a-w- c:\windows\system32\javacpl.cpl2012-10-23 12:56 . 2010-05-08 15:01 746984 ----a-w- c:\windows\system32\deployJava1.dll2012-09-29 08:54 . 2010-04-04 08:47 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2012-08-28 15:14 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll2012-08-28 15:14 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll2012-08-28 15:14 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl2012-08-28 12:07 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec2012-08-24 13:53 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll2012-08-24 05:43 . 2012-02-21 19:25 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys2012-08-21 13:33 . 2008-04-14 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe2012-08-21 12:58 . 2008-04-14 00:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe2011-12-03 18:21 . 2011-08-27 05:16 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]"VX3000"="c:\windows\vVX3000.exe" [2009-06-26 757248]"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-11-05 570664]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-01 59240]"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-03 25600]"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]"NBAgent"="c:\program files\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2012-01-13 1493288]"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-30 2596984]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-03-07 13879192]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-02 252848].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360].c:\documents and settings\peter smith\Start Menu\Programs\Startup\hpqtra08.exe [2008-3-25 214360]MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2012-8-5 576000]PowerReg Scheduler.exe [2012-8-5 256000].c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableLinkedConnections"= 1 (0x1).[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128].[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver".[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ComproRemote.lnk]backup=c:\windows\pss\ComproRemote.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ComproSchedulerDTV.lnk]backup=c:\windows\pss\ComproSchedulerDTV.lnkCommon Startup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]2012-10-17 01:29 1353080 ----a-w- c:\program files\Steam\steam.exe.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]"AllowInboundEchoRequest"= 1 (0x1).R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 5:50 AM 24896]R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [31/01/2012 5:46 AM 31952]R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/07/2010 2:06 PM 64288]R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [18/04/2012 5:07 PM 56496]R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [18/04/2012 5:07 PM 12464]R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2/02/2012 10:24 PM 14776]R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [28/10/2009 11:02 PM 98392]S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [22/02/2012 6:25 AM 237408]S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [22/02/2012 6:25 AM 301920]S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [13/06/2012 4:48 AM 2321560]S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [13/08/2012 4:24 AM 5167736]S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14/02/2012 5:53 AM 193288]S2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [19/09/2011 3:58 PM 87368]S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [3/11/2012 10:33 PM 399432]S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/04/2010 7:47 PM 676936]S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [7/12/2011 8:00 AM 214896]S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [25/11/2011 5:32 PM 687400]S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [26/06/2010 4:07 AM 35088]S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/07/2012 2:28 PM 160944]S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12/01/2012 8:52 PM 30944]S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12/01/2012 8:52 PM 30944]S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 2:32 PM 139856]S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23/12/2011 2:32 PM 24144]S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 2:32 PM 17232]S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys --> c:\windows\system32\DRIVERS\motfilt.sys [?]S3 ComproHID;VideoMate Root Enumerated Hid Device;c:\windows\system32\drivers\ComproHID.sys [22/05/2009 8:41 PM 7040]S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [18/07/2009 11:58 AM 79360]S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [4/06/2009 3:46 AM 171032]S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [4/06/2009 3:46 AM 171032]S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [4/06/2009 3:46 AM 1324056]S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [4/06/2009 3:46 AM 1324056]S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [4/06/2009 3:46 AM 72728]S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [4/06/2009 3:46 AM 72728]S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 10:09 PM 267568]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/04/2010 7:47 PM 22856]S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys --> c:\windows\system32\DRIVERS\Motousbnet.sys [?]S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys --> c:\windows\system32\DRIVERS\motusbdevice.sys [?]S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [16/11/2009 10:22 AM 47360]S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [21/08/2009 3:14 PM 36928]S3 VMHybrid;VMHybrid service;c:\windows\system32\drivers\VMHybrid.sys [1/09/2008 3:05 AM 1060224].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.Contents of the 'Scheduled Tasks' folder.2012-10-25 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 07:57].2012-11-03 c:\windows\Tasks\Driver Robot.job- c:\program files\Driver Robot\1.2.0.5\DriverRobot.exe [2009-12-20 06:29].2012-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-25 04:12].2012-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-25 04:12].2012-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1708537768-1801674531-1003Core.job- c:\documents and settings\peter smith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-12 15:32].2012-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1708537768-1801674531-1003UA.job- c:\documents and settings\peter smith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-12 15:32].2009-10-24 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job- c:\program files\Microsoft LifeCam\LifeExp.exe [2007-05-17 21:45].2012-11-04 c:\windows\Tasks\MotoHelper MUM.job- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00].2012-11-06 c:\windows\Tasks\MotoHelper Routing.job- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00].2012-11-04 c:\windows\Tasks\MotoHelper Update.job- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00].2012-11-06 c:\windows\Tasks\SmartDefrag_Startup.job- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-04-03 03:26].2012-11-06 c:\windows\Tasks\User_Feed_Synchronization-{FDA492B4-C921-4A9E-B111-88B14DFCFF35}.job- c:\windows\system32\msfeedssync.exe [2009-03-07 17:31]..------- Supplementary Scan -------.IE: {{87989A8E-F587-43A4-9315-34A4E4F4B3F9}TCP: DhcpNameServer = 10.0.0.138DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CABDPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} - hxxp://games.bigfishgames.com/en_big-city-adventure-sydney-australia/online/JBGamePlayer.cabFF - ProfilePath - c:\documents and settings\peter smith\Application Data\Mozilla\Firefox\Profiles\lhrewx53.default\FF - prefs.js: network.proxy.type - 0FF - ExtSQL: !HIDDEN! 2009-07-11 00:24; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension.- - - - ORPHANS REMOVED - - - -.AddRemove-Coconut Queen - c:\program files\iWin\Coconut Queen\Uninstall.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2012-11-07 09:53Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTxfiHlp = CTXFIHLP.EXE? .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]"ImagePath"="c:\windows\system32\GameMon.des -service".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (LocalSystem)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2a,ad,8f,d6,8b,c3,82,4d,96,33,cd,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2a,ad,8f,d6,8b,c3,82,4d,96,33,cd,\.[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]"value"="?\08\00\05\05,,?".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'explorer.exe'(1140)c:\windows\system32\WININET.dllc:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odfc:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dllc:\windows\system32\msi.dllc:\windows\system32\ieframe.dll.Completion time: 2012-11-07 09:58:33 - machine was rebootedComboFix-quarantined-files.txt 2012-11-06 22:58.Pre-Run: 97,934,557,184 bytes freePost-Run: 97,891,307,520 bytes free.- - End Of File - - 232F7079BF2D8EB48DFE753FC81348FD Link to post Share on other sites More sharing options...
Staff gringo_pr Posted November 7, 2012 Staff ID:610235 Share Posted November 7, 2012 GreetingsI want you to run these next,tdsskiller:Please read carefully and follow these steps.Download TDSSKiller and save it to your Desktop.doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.Please download aswMBR to your desktop.Double click the aswMBR.exe icon to run it it will ask to download extra definitions - ALLOW ITClick the Scan button to start the scanOn completion of the scan, click the save log button, save it to your desktop and post it in your next reply.If you have any problems running either one come back and let me knowplease reply with the reports from TDSSKiller and aswMBRGringo Link to post Share on other sites More sharing options...
pb1947 Posted November 7, 2012 Author ID:610413 Share Posted November 7, 2012 Hi Gringo and thanks again for your attention.System has been very quiet and is running goodCheers Pete02:06:58.0078 4836 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:3502:07:00.0093 4836 ============================================================02:07:00.0093 4836 Current date / time: 2012/11/08 02:07:00.009302:07:00.0093 4836 SystemInfo:02:07:00.0093 4836 02:07:00.0093 4836 OS Version: 5.1.2600 ServicePack: 3.002:07:00.0093 4836 Product type: Workstation02:07:00.0093 4836 ComputerName: PB194702:07:00.0093 4836 UserName: peter smith02:07:00.0093 4836 Windows directory: C:\windows02:07:00.0093 4836 System windows directory: C:\windows02:07:00.0093 4836 Processor architecture: Intel x8602:07:00.0093 4836 Number of processors: 402:07:00.0093 4836 Page size: 0x100002:07:00.0093 4836 Boot type: Normal boot02:07:00.0093 4836 ============================================================02:07:02.0796 4836 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000005402:07:02.0812 4836 ============================================================02:07:02.0812 4836 \Device\Harddisk0\DR0:02:07:02.0828 4836 MBR partitions:02:07:02.0828 4836 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D4102:07:02.0843 4836 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3A380DBF, BlocksNum 0x3A380D4102:07:02.0843 4836 ============================================================02:07:03.0187 4836 D: <-> \Device\Harddisk0\DR0\Partition202:07:03.0281 4836 C: <-> \Device\Harddisk0\DR0\Partition102:07:03.0281 4836 ============================================================02:07:03.0281 4836 Initialize success02:07:03.0281 4836 ============================================================02:07:15.0328 3936 ============================================================02:07:15.0328 3936 Scan started02:07:15.0328 3936 Mode: Manual; 02:07:15.0328 3936 ============================================================02:07:16.0671 3936 ================ Scan system memory ========================02:07:16.0671 3936 System memory - ok02:07:16.0671 3936 ================ Scan services =============================02:07:16.0796 3936 [ C07D5197410AAB28D0D93F943F59656D ] 6to4 C:\windows\System32\6to4svc.dll02:07:16.0796 3936 6to4 - ok02:07:16.0812 3936 Abiosdsk - ok02:07:16.0812 3936 abp480n5 - ok02:07:16.0875 3936 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\windows\system32\DRIVERS\ACPI.sys02:07:16.0875 3936 ACPI - ok02:07:16.0921 3936 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\windows\system32\drivers\ACPIEC.sys02:07:16.0921 3936 ACPIEC - ok02:07:16.0921 3936 adpu160m - ok02:07:16.0953 3936 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\windows\system32\drivers\aec.sys02:07:16.0953 3936 aec - ok02:07:16.0984 3936 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\windows\System32\drivers\afd.sys02:07:16.0984 3936 AFD - ok02:07:16.0984 3936 Aha154x - ok02:07:16.0984 3936 aic78u2 - ok02:07:17.0000 3936 aic78xx - ok02:07:17.0031 3936 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\windows\system32\alrsvc.dll02:07:17.0046 3936 Alerter - ok02:07:17.0062 3936 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\windows\System32\alg.exe02:07:17.0062 3936 ALG - ok02:07:17.0078 3936 AliIde - ok02:07:17.0078 3936 amsint - ok02:07:17.0171 3936 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe02:07:17.0187 3936 Apple Mobile Device - ok02:07:17.0203 3936 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\windows\System32\appmgmts.dll02:07:17.0203 3936 AppMgmt - ok02:07:17.0218 3936 asc - ok02:07:17.0218 3936 asc3350p - ok02:07:17.0218 3936 asc3550 - ok02:07:17.0312 3936 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe02:07:17.0312 3936 aspnet_state - ok02:07:17.0328 3936 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys02:07:17.0328 3936 AsyncMac - ok02:07:17.0343 3936 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\windows\system32\DRIVERS\atapi.sys02:07:17.0343 3936 atapi - ok02:07:17.0343 3936 Atdisk - ok02:07:17.0390 3936 [ F0D933B42CD0594048E4D5200AE9E417 ] atksgt C:\windows\system32\DRIVERS\atksgt.sys02:07:17.0390 3936 atksgt - ok02:07:17.0421 3936 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\windows\system32\DRIVERS\atmarpc.sys02:07:17.0421 3936 Atmarpc - ok02:07:17.0437 3936 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\windows\System32\audiosrv.dll02:07:17.0437 3936 AudioSrv - ok02:07:17.0468 3936 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\windows\system32\DRIVERS\audstub.sys02:07:17.0484 3936 audstub - ok02:07:17.0515 3936 [ 8BE661C16FBF84A73BCEC84B6B4A9DB5 ] Avgfwdx C:\windows\system32\DRIVERS\avgfwdx.sys02:07:17.0515 3936 Avgfwdx - ok02:07:17.0515 3936 [ 8BE661C16FBF84A73BCEC84B6B4A9DB5 ] Avgfwfd C:\windows\system32\DRIVERS\avgfwdx.sys02:07:17.0515 3936 Avgfwfd - ok02:07:17.0593 3936 [ BD5D11CEDBCDE4FA97D2387E7069B1FF ] avgfws C:\Program Files\AVG\AVG2012\avgfws.exe02:07:17.0609 3936 avgfws - ok02:07:17.0718 3936 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files\AVG\AVG2012\avgidsagent.exe02:07:17.0890 3936 AVGIDSAgent - ok02:07:17.0921 3936 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\windows\system32\DRIVERS\avgidsdriverx.sys02:07:17.0937 3936 AVGIDSDriver - ok02:07:17.0937 3936 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\windows\system32\DRIVERS\avgidsfilterx.sys02:07:17.0937 3936 AVGIDSFilter - ok02:07:17.0953 3936 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\windows\system32\DRIVERS\avgidshx.sys02:07:17.0953 3936 AVGIDSHX - ok02:07:17.0953 3936 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\windows\system32\DRIVERS\avgidsshimx.sys02:07:17.0968 3936 AVGIDSShim - ok02:07:17.0984 3936 [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86 C:\windows\system32\DRIVERS\avgldx86.sys02:07:17.0984 3936 Avgldx86 - ok02:07:17.0984 3936 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\windows\system32\DRIVERS\avgmfx86.sys02:07:17.0984 3936 Avgmfx86 - ok02:07:18.0000 3936 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\windows\system32\DRIVERS\avgrkx86.sys02:07:18.0000 3936 Avgrkx86 - ok02:07:18.0015 3936 [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix C:\windows\system32\DRIVERS\avgtdix.sys02:07:18.0015 3936 Avgtdix - ok02:07:18.0031 3936 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe02:07:18.0031 3936 avgwd - ok02:07:18.0078 3936 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\windows\system32\drivers\Beep.sys02:07:18.0078 3936 Beep - ok02:07:18.0125 3936 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\windows\system32\qmgr.dll02:07:18.0281 3936 BITS - ok02:07:18.0343 3936 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe02:07:18.0343 3936 Bonjour Service - ok02:07:18.0359 3936 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\windows\System32\browser.dll02:07:18.0375 3936 Browser - ok02:07:18.0375 3936 BTCFilterService - ok02:07:18.0375 3936 catchme - ok02:07:18.0406 3936 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\windows\system32\drivers\cbidf2k.sys02:07:18.0406 3936 cbidf2k - ok02:07:18.0421 3936 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\windows\system32\DRIVERS\CCDECODE.sys02:07:18.0421 3936 CCDECODE - ok02:07:18.0437 3936 cd20xrnt - ok02:07:18.0437 3936 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\windows\system32\drivers\Cdaudio.sys02:07:18.0437 3936 Cdaudio - ok02:07:18.0453 3936 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\windows\system32\drivers\Cdfs.sys02:07:18.0453 3936 Cdfs - ok02:07:18.0531 3936 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\windows\system32\DRIVERS\cdrom.sys02:07:18.0562 3936 Cdrom - ok02:07:18.0562 3936 Changer - ok02:07:18.0578 3936 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\windows\system32\cisvc.exe02:07:18.0578 3936 CiSvc - ok02:07:18.0609 3936 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\windows\system32\clipsrv.exe02:07:18.0609 3936 ClipSrv - ok02:07:18.0640 3936 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe02:07:18.0656 3936 clr_optimization_v2.0.50727_32 - ok02:07:18.0671 3936 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe02:07:18.0734 3936 clr_optimization_v4.0.30319_32 - ok02:07:18.0734 3936 CmdIde - ok02:07:18.0765 3936 [ A70069CDAB2A033DACF4914F49542550 ] ComproHID C:\windows\system32\DRIVERS\ComproHID.sys02:07:18.0765 3936 ComproHID - ok02:07:18.0765 3936 COMSysApp - ok02:07:18.0781 3936 Cpqarray - ok02:07:18.0828 3936 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe02:07:18.0828 3936 Creative Audio Engine Licensing Service - ok02:07:18.0859 3936 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\windows\system32\CTsvcCDA.exe02:07:18.0859 3936 Creative Service for CDROM Access - ok02:07:18.0875 3936 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\windows\System32\cryptsvc.dll02:07:18.0875 3936 CryptSvc - ok02:07:18.0921 3936 [ 134CDD242AF1AE9961F065FBA3508A7B ] CT20XUT C:\windows\system32\drivers\CT20XUT.SYS02:07:18.0921 3936 CT20XUT - ok02:07:18.0937 3936 [ 134CDD242AF1AE9961F065FBA3508A7B ] CT20XUT.SYS C:\windows\System32\drivers\CT20XUT.SYS02:07:18.0937 3936 CT20XUT.SYS - ok02:07:18.0984 3936 [ 93439BAF09CE3C6D4CE55DA5B07D1B6A ] ctac32k C:\windows\system32\drivers\ctac32k.sys02:07:18.0984 3936 ctac32k - ok02:07:19.0000 3936 [ 6AB74512F09D673452D63DDEC9014DB5 ] ctaud2k C:\windows\system32\drivers\ctaud2k.sys02:07:19.0000 3936 ctaud2k - ok02:07:19.0078 3936 [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files\Creative\Shared Files\CTAudSvc.exe02:07:19.0093 3936 CTAudSvcService - ok02:07:19.0125 3936 [ 788DB5D99B2CA44FF61D8ED7B3C67C2E ] ctdvda2k C:\windows\system32\drivers\ctdvda2k.sys02:07:19.0140 3936 ctdvda2k - ok02:07:19.0171 3936 [ 3A9AD039D94BE8D955AD0B2CB207378D ] CTEXFIFX C:\windows\system32\drivers\CTEXFIFX.SYS02:07:19.0203 3936 CTEXFIFX - ok02:07:19.0234 3936 [ 3A9AD039D94BE8D955AD0B2CB207378D ] CTEXFIFX.SYS C:\windows\System32\drivers\CTEXFIFX.SYS02:07:19.0250 3936 CTEXFIFX.SYS - ok02:07:19.0265 3936 [ 4602AD8C8E1B285E1A23A957F487DA86 ] CTHWIUT C:\windows\system32\drivers\CTHWIUT.SYS02:07:19.0281 3936 CTHWIUT - ok02:07:19.0281 3936 [ 4602AD8C8E1B285E1A23A957F487DA86 ] CTHWIUT.SYS C:\windows\System32\drivers\CTHWIUT.SYS02:07:19.0281 3936 CTHWIUT.SYS - ok02:07:19.0281 3936 [ D42B84671F2193330215D3C375A2E948 ] ctprxy2k C:\windows\system32\drivers\ctprxy2k.sys02:07:19.0281 3936 ctprxy2k - ok02:07:19.0328 3936 [ 974CFCBE3206367BEC1D527D9DADE998 ] ctsfm2k C:\windows\system32\drivers\ctsfm2k.sys02:07:19.0328 3936 ctsfm2k - ok02:07:19.0328 3936 dac2w2k - ok02:07:19.0328 3936 dac960nt - ok02:07:19.0390 3936 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\windows\system32\rpcss.dll02:07:19.0406 3936 DcomLaunch - ok02:07:19.0437 3936 [ 74C1305F6F784A725B0A40D693FF4A09 ] DeviceMonitorService C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe02:07:19.0437 3936 DeviceMonitorService - ok02:07:19.0453 3936 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\windows\System32\dhcpcsvc.dll02:07:19.0453 3936 Dhcp - ok02:07:19.0453 3936 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\windows\system32\DRIVERS\disk.sys02:07:19.0453 3936 Disk - ok02:07:19.0468 3936 dmadmin - ok02:07:19.0500 3936 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\windows\system32\drivers\dmboot.sys02:07:19.0515 3936 dmboot - ok02:07:19.0531 3936 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\windows\system32\drivers\dmio.sys02:07:19.0546 3936 dmio - ok02:07:19.0562 3936 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\windows\system32\drivers\dmload.sys02:07:19.0562 3936 dmload - ok02:07:19.0562 3936 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\windows\System32\dmserver.dll02:07:19.0562 3936 dmserver - ok02:07:19.0593 3936 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\windows\system32\drivers\DMusic.sys02:07:19.0593 3936 DMusic - ok02:07:19.0609 3936 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\windows\System32\dnsrslvr.dll02:07:19.0609 3936 Dnscache - ok02:07:19.0625 3936 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\windows\System32\dot3svc.dll02:07:19.0625 3936 Dot3svc - ok02:07:19.0625 3936 dpti2o - ok02:07:19.0640 3936 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\windows\system32\drivers\drmkaud.sys02:07:19.0656 3936 drmkaud - ok02:07:19.0656 3936 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\windows\System32\eapsvc.dll02:07:19.0656 3936 EapHost - ok02:07:19.0656 3936 [ 04AFE5C11777E33178EC11E1FAC47B07 ] emupia C:\windows\system32\drivers\emupia2k.sys02:07:19.0671 3936 emupia - ok02:07:19.0671 3936 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\windows\System32\ersvc.dll02:07:19.0671 3936 ERSvc - ok02:07:19.0703 3936 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\windows\system32\services.exe02:07:19.0703 3936 Eventlog - ok02:07:19.0718 3936 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll02:07:19.0734 3936 EventSystem - ok02:07:19.0750 3936 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\windows\system32\drivers\Fastfat.sys02:07:19.0750 3936 Fastfat - ok02:07:19.0781 3936 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\windows\System32\shsvcs.dll02:07:19.0781 3936 FastUserSwitchingCompatibility - ok02:07:19.0796 3936 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\windows\system32\DRIVERS\fdc.sys02:07:19.0796 3936 Fdc - ok02:07:19.0812 3936 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\windows\system32\drivers\Fips.sys02:07:19.0812 3936 Fips - ok02:07:19.0812 3936 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\windows\system32\drivers\Flpydisk.sys02:07:19.0812 3936 Flpydisk - ok02:07:19.0843 3936 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\windows\system32\drivers\fltmgr.sys02:07:19.0843 3936 FltMgr - ok02:07:19.0875 3936 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe02:07:19.0906 3936 FontCache3.0.0.0 - ok02:07:19.0906 3936 [ E0087225B137E57239FF40F8AE82059B ] fssfltr C:\windows\system32\DRIVERS\fssfltr_tdi.sys02:07:19.0921 3936 fssfltr - ok02:07:20.0000 3936 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe02:07:20.0015 3936 fsssvc - ok02:07:20.0015 3936 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys02:07:20.0015 3936 Fs_Rec - ok02:07:20.0031 3936 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\windows\system32\DRIVERS\ftdisk.sys02:07:20.0031 3936 Ftdisk - ok02:07:20.0062 3936 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\windows\system32\Drivers\GEARAspiWDM.sys02:07:20.0062 3936 GEARAspiWDM - ok02:07:20.0078 3936 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\windows\system32\DRIVERS\msgpc.sys02:07:20.0078 3936 Gpc - ok02:07:20.0171 3936 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe02:07:20.0171 3936 gupdate - ok02:07:20.0171 3936 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe02:07:20.0171 3936 gupdatem - ok02:07:20.0234 3936 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe02:07:20.0234 3936 gusvc - ok02:07:20.0312 3936 [ 41FCE1833D8F659ACC56CB0EE43B2CED ] ha20x2k C:\windows\system32\drivers\ha20x2k.sys02:07:20.0328 3936 ha20x2k - ok02:07:20.0343 3936 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys02:07:20.0359 3936 HDAudBus - ok02:07:20.0421 3936 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll02:07:20.0421 3936 helpsvc - ok02:07:20.0437 3936 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\windows\System32\hidserv.dll02:07:20.0437 3936 HidServ - ok02:07:20.0468 3936 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys02:07:20.0468 3936 HidUsb - ok02:07:20.0484 3936 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\windows\System32\kmsvc.dll02:07:20.0484 3936 hkmsvc - ok02:07:20.0484 3936 hpn - ok02:07:20.0609 3936 [ E4E285A3766B4A57401FEEAF66CB07B5 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll02:07:20.0640 3936 hpqcxs08 - ok02:07:20.0640 3936 [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll02:07:20.0640 3936 hpqddsvc - ok02:07:20.0671 3936 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\windows\system32\DRIVERS\HPZid412.sys02:07:20.0687 3936 HPZid412 - ok02:07:20.0703 3936 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\windows\system32\DRIVERS\HPZipr12.sys02:07:20.0703 3936 HPZipr12 - ok02:07:20.0718 3936 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\windows\system32\DRIVERS\HPZius12.sys02:07:20.0734 3936 HPZius12 - ok02:07:20.0781 3936 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\windows\system32\Drivers\HTTP.sys02:07:20.0781 3936 HTTP - ok02:07:20.0812 3936 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\windows\System32\w3ssl.dll02:07:20.0812 3936 HTTPFilter - ok02:07:20.0812 3936 i2omgmt - ok02:07:20.0828 3936 i2omp - ok02:07:20.0875 3936 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys02:07:20.0875 3936 i8042prt - ok02:07:20.0953 3936 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe02:07:20.0953 3936 IDriverT - ok02:07:21.0000 3936 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe02:07:21.0015 3936 idsvc - ok02:07:21.0046 3936 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\windows\system32\DRIVERS\imapi.sys02:07:21.0046 3936 Imapi - ok02:07:21.0046 3936 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\windows\system32\imapi.exe02:07:21.0062 3936 ImapiService - ok02:07:21.0062 3936 ini910u - ok02:07:21.0187 3936 [ 12A9DAFE2266B6FA6DDBCE1847347751 ] IntcAzAudAddService C:\windows\system32\drivers\RtkHDAud.sys02:07:21.0281 3936 IntcAzAudAddService - ok02:07:21.0281 3936 IntelIde - ok02:07:21.0312 3936 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\windows\system32\DRIVERS\intelppm.sys02:07:21.0312 3936 intelppm - ok02:07:21.0328 3936 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\windows\system32\drivers\ip6fw.sys02:07:21.0328 3936 Ip6Fw - ok02:07:21.0359 3936 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys02:07:21.0359 3936 IpFilterDriver - ok02:07:21.0359 3936 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\windows\system32\DRIVERS\ipinip.sys02:07:21.0359 3936 IpInIp - ok02:07:21.0390 3936 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\windows\system32\DRIVERS\ipnat.sys02:07:21.0390 3936 IpNat - ok02:07:21.0421 3936 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe02:07:21.0437 3936 iPod Service - ok02:07:21.0453 3936 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\windows\system32\DRIVERS\ipsec.sys02:07:21.0468 3936 IPSec - ok02:07:21.0500 3936 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\windows\system32\DRIVERS\irenum.sys02:07:21.0515 3936 IRENUM - ok02:07:21.0531 3936 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\windows\system32\DRIVERS\isapnp.sys02:07:21.0531 3936 isapnp - ok02:07:21.0609 3936 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe02:07:21.0625 3936 JavaQuickStarterService - ok02:07:21.0640 3936 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\windows\system32\DRIVERS\kbdclass.sys02:07:21.0640 3936 Kbdclass - ok02:07:21.0656 3936 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys02:07:21.0656 3936 kbdhid - ok02:07:21.0671 3936 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\windows\system32\drivers\kmixer.sys02:07:21.0671 3936 kmixer - ok02:07:21.0687 3936 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\windows\system32\drivers\KSecDD.sys02:07:21.0703 3936 KSecDD - ok02:07:21.0718 3936 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\windows\System32\srvsvc.dll02:07:21.0718 3936 LanmanServer - ok02:07:21.0765 3936 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\windows\System32\wkssvc.dll02:07:21.0812 3936 lanmanworkstation - ok02:07:21.0812 3936 Lavasoft Kernexplorer - ok02:07:21.0828 3936 [ B7C19EC8B0DD7EFA58AD41FFEB8B8CDA ] Lbd C:\windows\system32\DRIVERS\Lbd.sys02:07:21.0828 3936 Lbd - ok02:07:21.0828 3936 lbrtfdc - ok02:07:21.0875 3936 [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt C:\windows\system32\DRIVERS\lirsgt.sys02:07:21.0875 3936 lirsgt - ok02:07:21.0921 3936 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\windows\System32\lmhsvc.dll02:07:21.0921 3936 LmHosts - ok02:07:22.0000 3936 [ DDF15A42E27E8EFE27B18FD403151A86 ] MatSvc C:\Program Files\Microsoft Fix it Center\Matsvc.exe02:07:22.0015 3936 MatSvc - ok02:07:22.0031 3936 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\windows\system32\drivers\mbam.sys02:07:22.0031 3936 MBAMProtector - ok02:07:22.0093 3936 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe02:07:22.0093 3936 MBAMScheduler - ok02:07:22.0125 3936 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe02:07:22.0140 3936 MBAMService - ok02:07:22.0171 3936 [ 8FD868E32459ECE2A1BB0169F513D31E ] mcdbus C:\windows\system32\DRIVERS\mcdbus.sys02:07:22.0171 3936 mcdbus - ok02:07:22.0234 3936 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE02:07:22.0250 3936 MDM - ok02:07:22.0265 3936 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\windows\System32\msgsvc.dll02:07:22.0265 3936 Messenger - ok02:07:22.0312 3936 Microsoft SharePoint Workspace Audit Service - ok02:07:22.0343 3936 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\windows\system32\drivers\mnmdd.sys02:07:22.0343 3936 mnmdd - ok02:07:22.0375 3936 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe02:07:22.0375 3936 mnmsrvc - ok02:07:22.0390 3936 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\windows\system32\drivers\Modem.sys02:07:22.0406 3936 Modem - ok02:07:22.0406 3936 motccgp - ok02:07:22.0406 3936 motccgpfl - ok02:07:22.0421 3936 motmodem - ok02:07:22.0484 3936 [ 9DFD34E6841C460B5D992A1C5327AE69 ] MotoHelper C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe02:07:22.0515 3936 MotoHelper - ok02:07:22.0515 3936 MotoSwitchService - ok02:07:22.0515 3936 Motousbnet - ok02:07:22.0531 3936 motusbdevice - ok02:07:22.0546 3936 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\windows\system32\DRIVERS\mouclass.sys02:07:22.0562 3936 Mouclass - ok02:07:22.0593 3936 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys02:07:22.0593 3936 mouhid - ok02:07:22.0609 3936 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\windows\system32\drivers\MountMgr.sys02:07:22.0609 3936 MountMgr - ok02:07:22.0625 3936 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\windows\system32\DRIVERS\MPE.sys02:07:22.0625 3936 MPE - ok02:07:22.0625 3936 mraid35x - ok02:07:22.0656 3936 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\windows\system32\DRIVERS\mrxdav.sys02:07:22.0656 3936 MRxDAV - ok02:07:22.0671 3936 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\windows\system32\DRIVERS\mrxsmb.sys02:07:22.0671 3936 MRxSmb - ok02:07:22.0718 3936 [ 641199534871783DD74138FE0BCFDAE7 ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe02:07:22.0734 3936 MSCamSvc - ok02:07:22.0750 3936 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe02:07:22.0765 3936 MSDTC - ok02:07:22.0781 3936 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\windows\system32\drivers\Msfs.sys02:07:22.0781 3936 Msfs - ok02:07:22.0781 3936 MSIServer - ok02:07:22.0828 3936 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys02:07:22.0828 3936 MSKSSRV - ok02:07:22.0828 3936 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys02:07:22.0828 3936 MSPCLOCK - ok02:07:22.0843 3936 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\windows\system32\drivers\MSPQM.sys02:07:22.0843 3936 MSPQM - ok02:07:22.0890 3936 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys02:07:22.0890 3936 mssmbios - ok02:07:22.0906 3936 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\windows\system32\drivers\MSTEE.sys02:07:22.0906 3936 MSTEE - ok02:07:22.0921 3936 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\windows\system32\drivers\Mup.sys02:07:22.0921 3936 Mup - ok02:07:22.0937 3936 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\windows\system32\DRIVERS\NABTSFEC.sys02:07:22.0937 3936 NABTSFEC - ok02:07:22.0984 3936 [ 0102140028FAD045756796E1C685D695 ] napagent C:\windows\System32\qagentrt.dll02:07:23.0000 3936 napagent - ok02:07:23.0062 3936 [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe02:07:23.0078 3936 NAUpdate - ok02:07:23.0093 3936 [ 0AE25530894A934C6CA600865C6E9D7C ] NBVol C:\windows\system32\DRIVERS\NBVol.sys02:07:23.0093 3936 NBVol - ok02:07:23.0093 3936 [ 1DDCEF3039C9D90AF3529DEE6699967D ] NBVolUp C:\windows\system32\DRIVERS\NBVolUp.sys02:07:23.0093 3936 NBVolUp - ok02:07:23.0109 3936 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\windows\system32\drivers\NDIS.sys02:07:23.0125 3936 NDIS - ok02:07:23.0125 3936 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\windows\system32\DRIVERS\NdisIP.sys02:07:23.0125 3936 NdisIP - ok02:07:23.0140 3936 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys02:07:23.0140 3936 NdisTapi - ok02:07:23.0187 3936 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys02:07:23.0187 3936 Ndisuio - ok02:07:23.0187 3936 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys02:07:23.0187 3936 NdisWan - ok02:07:23.0203 3936 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\windows\system32\drivers\NDProxy.sys02:07:23.0203 3936 NDProxy - ok02:07:23.0281 3936 [ 78073F606AE3B24F6C1F555759AA8511 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe02:07:23.0312 3936 Nero BackItUp Scheduler 3 - ok02:07:23.0343 3936 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll02:07:23.0343 3936 Net Driver HPZ12 - ok02:07:23.0343 3936 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys02:07:23.0359 3936 NetBIOS - ok02:07:23.0375 3936 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\windows\system32\DRIVERS\netbt.sys02:07:23.0375 3936 NetBT - ok02:07:23.0406 3936 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\windows\system32\netdde.exe02:07:23.0406 3936 NetDDE - ok02:07:23.0406 3936 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\windows\system32\netdde.exe02:07:23.0406 3936 NetDDEdsdm - ok02:07:23.0421 3936 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\windows\system32\lsass.exe02:07:23.0437 3936 Netlogon - ok02:07:23.0437 3936 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\windows\System32\netman.dll02:07:23.0437 3936 Netman - ok02:07:23.0468 3936 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe02:07:23.0500 3936 NetTcpPortSharing - ok02:07:23.0546 3936 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\windows\System32\mswsock.dll02:07:23.0546 3936 Nla - ok02:07:23.0625 3936 [ 62F68443D244024845B875B44D76A92F ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe02:07:23.0640 3936 NMIndexingService - ok02:07:23.0687 3936 [ 28E36E677849174C910FAAEAD3E60E9E ] nmwcd C:\windows\system32\drivers\ccdcmb.sys02:07:23.0687 3936 nmwcd - ok02:07:23.0687 3936 [ 3823DEB17F9F6775DE0187A98FA0536D ] nmwcdc C:\windows\system32\drivers\ccdcmbo.sys02:07:23.0687 3936 nmwcdc - ok02:07:23.0718 3936 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF C:\windows\system32\drivers\npf.sys02:07:23.0734 3936 NPF - ok02:07:23.0734 3936 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\windows\system32\drivers\Npfs.sys02:07:23.0734 3936 Npfs - ok02:07:23.0734 3936 npggsvc - ok02:07:23.0765 3936 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\windows\system32\drivers\Ntfs.sys02:07:23.0781 3936 Ntfs - ok02:07:23.0781 3936 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\windows\system32\lsass.exe02:07:23.0781 3936 NtLmSsp - ok02:07:23.0812 3936 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\windows\system32\ntmssvc.dll02:07:23.0812 3936 NtmsSvc - ok02:07:23.0828 3936 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\windows\system32\drivers\Null.sys02:07:23.0828 3936 Null - ok02:07:24.0015 3936 [ 7D08E0BC44B14EC0FB144FF1DE05B724 ] nv C:\windows\system32\DRIVERS\nv4_mini.sys02:07:24.0171 3936 nv - ok02:07:24.0218 3936 [ 50ACB7253D1104E5917E15A0670D63D5 ] NVHDA C:\windows\system32\drivers\nvhda32.sys02:07:24.0218 3936 NVHDA - ok02:07:24.0265 3936 [ B3B259E5CF0B7BC98313F03A80975B04 ] NVSvc C:\windows\system32\nvsvc32.exe02:07:24.0265 3936 NVSvc - ok02:07:24.0375 3936 [ 844A25C9E3076EDEF2B12E0BEDED755D ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe02:07:24.0421 3936 nvUpdatusService - ok02:07:24.0453 3936 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\windows\system32\DRIVERS\nwlnkflt.sys02:07:24.0453 3936 NwlnkFlt - ok02:07:24.0468 3936 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\windows\system32\DRIVERS\nwlnkfwd.sys02:07:24.0468 3936 NwlnkFwd - ok02:07:24.0515 3936 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE02:07:24.0515 3936 ose - ok02:07:24.0671 3936 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE02:07:24.0734 3936 osppsvc - ok02:07:24.0765 3936 [ 11B3328D84ED6C11BAF4F4F115459AB6 ] ossrv C:\windows\system32\drivers\ctoss2k.sys02:07:24.0765 3936 ossrv - ok02:07:24.0781 3936 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\windows\system32\DRIVERS\parport.sys02:07:24.0781 3936 Parport - ok02:07:24.0781 3936 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\windows\system32\drivers\PartMgr.sys02:07:24.0781 3936 PartMgr - ok02:07:24.0828 3936 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\windows\system32\drivers\ParVdm.sys02:07:24.0828 3936 ParVdm - ok02:07:24.0859 3936 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\windows\system32\DRIVERS\pccsmcfd.sys02:07:24.0859 3936 pccsmcfd - ok02:07:24.0875 3936 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\windows\system32\DRIVERS\pci.sys02:07:24.0875 3936 PCI - ok02:07:24.0875 3936 PCIDump - ok02:07:24.0890 3936 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\windows\system32\DRIVERS\pciide.sys02:07:24.0890 3936 PCIIde - ok02:07:24.0921 3936 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\windows\system32\drivers\Pcmcia.sys02:07:24.0937 3936 Pcmcia - ok02:07:24.0953 3936 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\windows\system32\Drivers\pcouffin.sys02:07:24.0968 3936 pcouffin - ok02:07:24.0968 3936 PDCOMP - ok02:07:24.0968 3936 PDFRAME - ok02:07:24.0968 3936 PDRELI - ok02:07:24.0984 3936 PDRFRAME - ok02:07:25.0000 3936 perc2 - ok02:07:25.0000 3936 perc2hib - ok02:07:25.0062 3936 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\windows\system32\IoctlSvc.exe02:07:25.0062 3936 PLFlash DeviceIoControl Service - ok02:07:25.0078 3936 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\windows\system32\services.exe02:07:25.0078 3936 PlugPlay - ok02:07:25.0093 3936 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll02:07:25.0093 3936 Pml Driver HPZ12 - ok02:07:25.0125 3936 [ 3A2BDD76E7D2A5F40A7174793D1BA794 ] PnkBstrA C:\windows\system32\PnkBstrA.exe02:07:25.0156 3936 PnkBstrA - ok02:07:25.0187 3936 [ 27F1BE4A53441C9F1F48B9ADC145B0A5 ] PnkBstrB C:\windows\system32\PnkBstrB.exe02:07:25.0187 3936 PnkBstrB - ok02:07:25.0187 3936 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\windows\system32\lsass.exe02:07:25.0187 3936 PolicyAgent - ok02:07:25.0203 3936 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys02:07:25.0203 3936 PptpMiniport - ok02:07:25.0218 3936 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\windows\system32\lsass.exe02:07:25.0218 3936 ProtectedStorage - ok02:07:25.0218 3936 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\windows\system32\DRIVERS\psched.sys02:07:25.0218 3936 PSched - ok02:07:25.0656 3936 [ 0C234A4A2FBAB98E5E1BAFAF3E3E403A ] PsSdk41 C:\windows\system32\Drivers\pssdk41.sys02:07:25.0656 3936 PsSdk41 - ok02:07:25.0671 3936 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\windows\system32\DRIVERS\ptilink.sys02:07:25.0671 3936 Ptilink - ok02:07:25.0687 3936 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\windows\system32\Drivers\PxHelp20.sys02:07:25.0687 3936 PxHelp20 - ok02:07:25.0703 3936 ql1080 - ok02:07:25.0703 3936 Ql10wnt - ok02:07:25.0703 3936 ql12160 - ok02:07:25.0718 3936 ql1240 - ok02:07:25.0718 3936 ql1280 - ok02:07:25.0750 3936 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys02:07:25.0750 3936 RasAcd - ok02:07:25.0781 3936 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\windows\System32\rasauto.dll02:07:25.0781 3936 RasAuto - ok02:07:25.0781 3936 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys02:07:25.0781 3936 Rasl2tp - ok02:07:25.0796 3936 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\windows\System32\rasmans.dll02:07:25.0796 3936 RasMan - ok02:07:25.0796 3936 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys02:07:25.0796 3936 RasPppoe - ok02:07:25.0796 3936 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\windows\system32\DRIVERS\raspti.sys02:07:25.0796 3936 Raspti - ok02:07:25.0812 3936 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\windows\system32\DRIVERS\rdbss.sys02:07:25.0812 3936 Rdbss - ok02:07:25.0828 3936 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys02:07:25.0828 3936 RDPCDD - ok02:07:25.0875 3936 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\windows\system32\DRIVERS\rdpdr.sys02:07:25.0890 3936 rdpdr - ok02:07:25.0906 3936 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\windows\system32\drivers\RDPWD.sys02:07:25.0921 3936 RDPWD - ok02:07:25.0921 3936 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe02:07:25.0921 3936 RDSessMgr - ok02:07:25.0937 3936 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\windows\system32\DRIVERS\redbook.sys02:07:25.0937 3936 redbook - ok02:07:25.0968 3936 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\windows\System32\mprdim.dll02:07:25.0984 3936 RemoteAccess - ok02:07:26.0000 3936 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\windows\system32\regsvc.dll02:07:26.0015 3936 RemoteRegistry - ok02:07:26.0031 3936 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe02:07:26.0031 3936 rpcapd - ok02:07:26.0046 3936 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\windows\system32\locator.exe02:07:26.0046 3936 RpcLocator - ok02:07:26.0078 3936 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\windows\System32\rpcss.dll02:07:26.0093 3936 RpcSs - ok02:07:26.0125 3936 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\windows\system32\rsvp.exe02:07:26.0125 3936 RSVP - ok02:07:26.0156 3936 [ B52B25F41BF3511071A0E7D10D659C56 ] RTLE8023xp C:\windows\system32\DRIVERS\Rtenicxp.sys02:07:26.0171 3936 RTLE8023xp - ok02:07:26.0171 3936 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\windows\system32\lsass.exe02:07:26.0171 3936 SamSs - ok02:07:26.0218 3936 [ C1AE5D1F53285D79A0B73A62AF20734F ] SBRE C:\windows\system32\drivers\SBREdrv.sys02:07:26.0218 3936 SBRE - ok02:07:26.0234 3936 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\windows\System32\SCardSvr.exe02:07:26.0234 3936 SCardSvr - ok02:07:26.0265 3936 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\windows\system32\schedsvc.dll02:07:26.0265 3936 Schedule - ok02:07:26.0281 3936 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\windows\system32\DRIVERS\secdrv.sys02:07:26.0281 3936 Secdrv - ok02:07:26.0296 3936 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\windows\System32\seclogon.dll02:07:26.0296 3936 seclogon - ok02:07:26.0296 3936 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\windows\system32\sens.dll02:07:26.0312 3936 SENS - ok02:07:26.0328 3936 [ 6CE397C482BEDE91A38E56A8C4A0DC6D ] Ser2pl C:\windows\system32\DRIVERS\ser2pl.sys02:07:26.0328 3936 Ser2pl - ok02:07:26.0359 3936 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\windows\system32\DRIVERS\serenum.sys02:07:26.0359 3936 serenum - ok02:07:26.0359 3936 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\windows\system32\DRIVERS\serial.sys02:07:26.0359 3936 Serial - ok02:07:26.0453 3936 [ 5BF59C6BC737BAAF541168E5CB2EC1D9 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe02:07:26.0468 3936 ServiceLayer - ok02:07:26.0484 3936 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\windows\system32\drivers\Sfloppy.sys02:07:26.0484 3936 Sfloppy - ok02:07:26.0546 3936 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\windows\System32\ipnathlp.dll02:07:26.0562 3936 SharedAccess - ok02:07:26.0578 3936 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\windows\System32\shsvcs.dll02:07:26.0578 3936 ShellHWDetection - ok02:07:26.0578 3936 Simbad - ok02:07:26.0625 3936 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe02:07:26.0625 3936 SkypeUpdate - ok02:07:26.0656 3936 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\windows\system32\DRIVERS\SLIP.sys02:07:26.0656 3936 SLIP - ok02:07:26.0703 3936 [ 14BB60A4F1C5291217A05D5728C403E6 ] SmartDefragDriver C:\windows\system32\Drivers\SmartDefragDriver.sys02:07:26.0703 3936 SmartDefragDriver - ok02:07:26.0703 3936 Sparrow - ok02:07:26.0750 3936 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\windows\system32\drivers\splitter.sys02:07:26.0750 3936 splitter - ok02:07:26.0765 3936 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\windows\system32\spoolsv.exe02:07:26.0765 3936 Spooler - ok02:07:26.0781 3936 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\windows\system32\DRIVERS\sr.sys02:07:26.0781 3936 sr - ok02:07:26.0812 3936 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\windows\system32\srsvc.dll02:07:26.0812 3936 srservice - ok02:07:26.0859 3936 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\windows\system32\DRIVERS\srv.sys02:07:26.0859 3936 Srv - ok02:07:26.0875 3936 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\windows\System32\ssdpsrv.dll02:07:26.0875 3936 SSDPSRV - ok02:07:26.0906 3936 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\windows\system32\wiaservc.dll02:07:26.0906 3936 stisvc - ok02:07:26.0921 3936 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\windows\system32\DRIVERS\StreamIP.sys02:07:26.0921 3936 streamip - ok02:07:26.0953 3936 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\windows\system32\DRIVERS\swenum.sys02:07:26.0953 3936 swenum - ok02:07:26.0968 3936 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\windows\system32\drivers\swmidi.sys02:07:26.0968 3936 swmidi - ok02:07:26.0968 3936 SwPrv - ok02:07:26.0968 3936 symc810 - ok02:07:27.0000 3936 symc8xx - ok02:07:27.0000 3936 sym_hi - ok02:07:27.0000 3936 sym_u3 - ok02:07:27.0015 3936 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\windows\system32\drivers\sysaudio.sys02:07:27.0015 3936 sysaudio - ok02:07:27.0031 3936 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\windows\system32\smlogsvc.exe02:07:27.0031 3936 SysmonLog - ok02:07:27.0046 3936 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\windows\System32\tapisrv.dll02:07:27.0046 3936 TapiSrv - ok02:07:27.0078 3936 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\windows\system32\DRIVERS\tcpip.sys02:07:27.0093 3936 Tcpip - ok02:07:27.0109 3936 [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7 ] Tcpip6 C:\windows\system32\DRIVERS\tcpip6.sys02:07:27.0109 3936 Tcpip6 - ok02:07:27.0140 3936 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\windows\system32\drivers\TDPIPE.sys02:07:27.0140 3936 TDPIPE - ok02:07:27.0156 3936 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\windows\system32\drivers\TDTCP.sys02:07:27.0156 3936 TDTCP - ok02:07:27.0156 3936 [ 88155247177638048422893737429D9E ] TermDD C:\windows\system32\DRIVERS\termdd.sys02:07:27.0156 3936 TermDD - ok02:07:27.0187 3936 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\windows\System32\termsrv.dll02:07:27.0187 3936 TermService - ok02:07:27.0187 3936 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\windows\System32\shsvcs.dll02:07:27.0187 3936 Themes - ok02:07:27.0218 3936 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe02:07:27.0218 3936 TlntSvr - ok02:07:27.0218 3936 TosIde - ok02:07:27.0250 3936 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\windows\system32\trkwks.dll02:07:27.0250 3936 TrkWks - ok02:07:27.0281 3936 [ 8F861EDA21C05857EB8197300A92501C ] tunmp C:\windows\system32\DRIVERS\tunmp.sys02:07:27.0281 3936 tunmp - ok02:07:27.0296 3936 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\windows\system32\drivers\Udfs.sys02:07:27.0296 3936 Udfs - ok02:07:27.0296 3936 ultra - ok02:07:27.0328 3936 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\windows\system32\DRIVERS\update.sys02:07:27.0343 3936 Update - ok02:07:27.0359 3936 [ 325FB38C323C63C7F57885B4DFB1B91E ] UPHClean C:\Program Files\UPHClean\uphclean.exe02:07:27.0359 3936 UPHClean - ok02:07:27.0375 3936 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\windows\System32\upnphost.dll02:07:27.0390 3936 upnphost - ok02:07:27.0437 3936 [ B1B8BEE26227DAD9835019201552CB05 ] upperdev C:\windows\system32\DRIVERS\usbser_lowerflt.sys02:07:27.0437 3936 upperdev - ok02:07:27.0453 3936 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\windows\System32\ups.exe02:07:27.0453 3936 UPS - ok02:07:27.0453 3936 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\windows\system32\Drivers\usbaapl.sys02:07:27.0468 3936 USBAAPL - ok02:07:27.0484 3936 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\windows\system32\drivers\usbaudio.sys02:07:27.0484 3936 usbaudio - ok02:07:27.0515 3936 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys02:07:27.0515 3936 usbccgp - ok02:07:27.0546 3936 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\windows\system32\DRIVERS\usbehci.sys02:07:27.0562 3936 usbehci - ok02:07:27.0562 3936 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\windows\system32\DRIVERS\usbhub.sys02:07:27.0562 3936 usbhub - ok02:07:27.0562 3936 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys02:07:27.0578 3936 usbprint - ok02:07:27.0578 3936 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys02:07:27.0578 3936 usbscan - ok02:07:27.0625 3936 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\windows\system32\drivers\usbser.sys02:07:27.0625 3936 usbser - ok02:07:27.0625 3936 [ 98E1FF1D732C6C7200B6C59D4FF8C1C3 ] UsbserFilt C:\windows\system32\DRIVERS\usbser_lowerfltj.sys02:07:27.0625 3936 UsbserFilt - ok02:07:27.0671 3936 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS02:07:27.0671 3936 USBSTOR - ok02:07:27.0671 3936 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys02:07:27.0671 3936 usbuhci - ok02:07:27.0671 3936 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\windows\System32\drivers\vga.sys02:07:27.0687 3936 VgaSave - ok02:07:27.0687 3936 ViaIde - ok02:07:27.0734 3936 [ 210235B818921866A0BC1ECA1BE07EDA ] VMHybrid C:\windows\system32\DRIVERS\VMHybrid.sys02:07:27.0765 3936 VMHybrid - ok02:07:27.0781 3936 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\windows\system32\drivers\VolSnap.sys02:07:27.0781 3936 VolSnap - ok02:07:27.0796 3936 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\windows\System32\vssvc.exe02:07:27.0796 3936 VSS - ok02:07:27.0859 3936 [ 42870675B4D84ACD81A9DA69B83F14C5 ] VX3000 C:\windows\system32\DRIVERS\VX3000.sys02:07:27.0890 3936 VX3000 - ok02:07:27.0953 3936 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\windows\system32\w32time.dll02:07:27.0953 3936 W32Time - ok02:07:27.0968 3936 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\windows\system32\DRIVERS\wanarp.sys02:07:27.0968 3936 Wanarp - ok02:07:27.0984 3936 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\windows\system32\Drivers\wdf01000.sys02:07:28.0000 3936 Wdf01000 - ok02:07:28.0000 3936 WDICA - ok02:07:28.0031 3936 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\windows\system32\drivers\wdmaud.sys02:07:28.0031 3936 wdmaud - ok02:07:28.0046 3936 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\windows\System32\webclnt.dll02:07:28.0046 3936 WebClient - ok02:07:28.0125 3936 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\windows\system32\wbem\WMIsvc.dll02:07:28.0125 3936 winmgmt - ok02:07:28.0171 3936 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\windows\system32\WsmSvc.dll02:07:28.0203 3936 WinRM - ok02:07:28.0250 3936 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE02:07:28.0281 3936 wlidsvc - ok02:07:28.0312 3936 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\windows\system32\MsPMSNSv.dll02:07:28.0328 3936 WmdmPmSN - ok02:07:28.0375 3936 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\windows\System32\advapi32.dll02:07:28.0375 3936 Wmi - ok02:07:28.0390 3936 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe02:07:28.0390 3936 WmiApSrv - ok02:07:28.0437 3936 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe02:07:28.0468 3936 WMPNetworkSvc - ok02:07:28.0531 3936 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe02:07:28.0562 3936 WPFFontCache_v0400 - ok02:07:28.0593 3936 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\windows\System32\drivers\ws2ifsl.sys02:07:28.0609 3936 WS2IFSL - ok02:07:28.0640 3936 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\windows\system32\wscsvc.dll02:07:28.0640 3936 wscsvc - ok02:07:28.0640 3936 WSearch - ok02:07:28.0656 3936 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\windows\system32\DRIVERS\WSTCODEC.SYS02:07:28.0656 3936 WSTCODEC - ok02:07:28.0703 3936 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\windows\system32\wuauserv.dll02:07:28.0718 3936 wuauserv - ok02:07:28.0734 3936 [ 6FF66513D372D479EF1810223C8D20CE ] WudfPf C:\windows\system32\DRIVERS\WudfPf.sys02:07:28.0750 3936 WudfPf - ok02:07:28.0750 3936 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WudfRd C:\windows\system32\DRIVERS\wudfrd.sys02:07:28.0750 3936 WudfRd - ok02:07:28.0765 3936 [ 575A4190D989F64732119E4114045A4F ] WudfSvc C:\windows\System32\WUDFSvc.dll02:07:28.0765 3936 WudfSvc - ok02:07:28.0781 3936 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\windows\System32\wzcsvc.dll02:07:28.0796 3936 WZCSVC - ok02:07:28.0796 3936 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\windows\System32\xmlprov.dll02:07:28.0812 3936 xmlprov - ok02:07:28.0812 3936 ================ Scan global ===============================02:07:28.0859 3936 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\windows\system32\basesrv.dll02:07:28.0875 3936 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\windows\system32\winsrv.dll02:07:28.0906 3936 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\windows\system32\winsrv.dll02:07:28.0937 3936 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\windows\system32\services.exe02:07:28.0937 3936 [Global] - ok02:07:28.0937 3936 ================ Scan MBR ==================================02:07:28.0953 3936 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR002:07:29.0078 3936 \Device\Harddisk0\DR0 - ok02:07:29.0078 3936 ================ Scan VBR ==================================02:07:29.0093 3936 [ 262C7F1C2807B1CC91717751F15C91BB ] \Device\Harddisk0\DR0\Partition102:07:29.0093 3936 \Device\Harddisk0\DR0\Partition1 - ok02:07:29.0109 3936 [ A9C19AA60E85E91C3C126C03A4AB0EB5 ] \Device\Harddisk0\DR0\Partition202:07:29.0109 3936 \Device\Harddisk0\DR0\Partition2 - ok02:07:29.0109 3936 ============================================================02:07:29.0109 3936 Scan finished02:07:29.0109 3936 ============================================================02:07:29.0125 0932 Detected object count: 002:07:29.0125 0932 Actual detected object count: 0aswMBR version 0.9.9.1665 Copyright© 2011 AVAST SoftwareRun date: 2012-11-08 02:18:27-----------------------------02:18:27.984 OS Version: Windows 5.1.2600 Service Pack 302:18:27.984 Number of processors: 4 586 0x170702:18:27.984 ComputerName: PB1947 UserName: 02:18:30.312 Initialize success02:23:12.187 AVAST engine defs: 1211070002:23:25.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-502:23:25.515 Disk 0 Vendor: ST31000333AS CC1H Size: 953869MB BusType: 302:23:25.515 Disk 0 MBR read successfully02:23:25.515 Disk 0 MBR scan02:23:25.531 Disk 0 Windows XP default MBR code02:23:25.531 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 6302:23:25.531 Disk 0 Partition - 00 0F Extended LBA 476929 MB offset 97675200002:23:25.546 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476929 MB offset 97675206302:23:25.562 Disk 0 scanning sectors +195350400002:23:25.640 Disk 0 scanning C:\windows\system32\drivers02:23:36.265 Service scanning02:23:53.515 Modules scanning02:23:57.218 Disk 0 trace - called modules:02:23:57.250 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 02:23:57.250 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b22aab8]02:23:57.250 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000086[0x8b1c49e8]02:23:57.250 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-5[0x8b238d98]02:24:02.906 AVAST engine scan C:\windows02:24:14.140 AVAST engine scan C:\windows\system3202:27:30.718 AVAST engine scan C:\windows\system32\drivers02:27:55.500 AVAST engine scan C:\Documents and Settings\peter smith02:35:53.734 AVAST engine scan C:\Documents and Settings\All Users02:39:17.671 Scan finished successfully02:40:22.781 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\peter smith\Desktop\MBR.dat"02:40:22.781 The log file has been saved successfully to "C:\Documents and Settings\peter smith\Desktop\aswMBR.txt" Link to post Share on other sites More sharing options...
Staff gringo_pr Posted November 7, 2012 Staff ID:610456 Share Posted November 7, 2012 GreetingsAt this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.:Run CFScript:Open Notepad and copy/paste the text in the box into the window: ClearJavaCache:: Save it to your desktop as CFScript.txtRefering to the picture above, drag CFScript.txt into ComboFix.exeThis will let ComboFix run again.Restart if you have to.Save the produced logfile to your desktop.Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the followingreport from Combofixlet me know of any problems you may have hadHow is the computer doing now after running the script?Gringo Link to post Share on other sites More sharing options...
pb1947 Posted November 7, 2012 Author ID:610547 Share Posted November 7, 2012 HI Gringo and thanks once again for your support. This went again with hiccups. The AVG real time scanners flag came up again, I ignored this flag and combofix did its own thing. A flag again came up pev application error, Also a file was deleted from my AVG privacy protection, this does not bother me as I have full registered version and will re-install later. cheers PeteComboFix 12-11-06.03 - peter smith 08/11/2012 9:53.3.4 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3068.2237 [GMT 11:00]Running from: c:\documents and settings\peter smith\Desktop\ComboFix.exeAV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}FW: AVG Internet Security 2012 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF} * Created a new restore point.WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\All Users\Application Data\TEMP..((((((((((((((((((((((((( Files Created from 2012-10-07 to 2012-11-07 )))))))))))))))))))))))))))))))..2012-11-05 20:47 . 2008-04-14 12:00 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys2012-11-05 20:47 . 2008-04-14 12:00 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys2012-11-04 22:42 . 2012-11-04 22:42 161 ----a-w- c:\windows\DeleteOnReboot.bat2012-11-03 04:37 . 2003-10-01 02:48 33280 ----a-w- c:\program files\Microsoft Games\Halo\trainer.exe2012-11-03 04:18 . 2012-11-03 04:32 -------- d-----w- C:\Halo2012-11-02 03:53 . 2012-11-02 03:53 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache2012-11-01 10:30 . 2012-11-01 10:30 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache2012-10-31 08:27 . 2012-11-03 22:01 -------- d-----w- C:\extract2012-10-29 23:35 . 2012-11-01 10:25 -------- d-----w- c:\program files\Aveyond - Gates of Night2012-10-27 00:10 . 2012-10-29 23:35 -------- d-----w- c:\documents and settings\peter smith\Application Data\Aveyond 32012-10-26 23:46 . 2012-10-26 23:46 441 ----a-w- c:\program files\2710201210460739.bat2012-10-26 13:47 . 2012-10-26 13:47 -------- d-----w- c:\documents and settings\peter smith\Local Settings\Application Data\Buried In Time2012-10-26 12:40 . 2012-10-26 12:40 -------- d-----w- c:\documents and settings\peter smith\Application Data\Mud Puddle Games2012-10-23 12:56 . 2012-10-23 12:56 -------- d-----w- c:\program files\Common Files\Java2012-10-23 12:56 . 2012-10-23 12:56 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll2012-10-20 23:11 . 2012-10-20 23:11 -------- d-----w- c:\documents and settings\peter smith\Application Data\Oberon Media2012-10-20 23:11 . 2012-10-20 23:11 -------- d-----w- c:\program files\Common Files\Oberon Media2012-10-20 23:09 . 2012-10-20 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Oberon Media2012-10-20 23:09 . 2012-10-27 00:09 -------- d-----w- c:\program files\Oberon Media2012-10-20 23:09 . 2012-10-27 00:09 -------- d-----w- c:\program files\MSN Games...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-10-23 12:56 . 2012-02-24 02:22 821736 ----a-w- c:\windows\system32\npdeployJava1.dll2012-10-23 12:56 . 2011-09-21 07:55 143872 ----a-w- c:\windows\system32\javacpl.cpl2012-10-23 12:56 . 2010-05-08 15:01 746984 ----a-w- c:\windows\system32\deployJava1.dll2012-09-29 08:54 . 2010-04-04 08:47 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2012-08-28 15:14 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll2012-08-28 15:14 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll2012-08-28 15:14 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl2012-08-28 12:07 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec2012-08-24 13:53 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll2012-08-24 05:43 . 2012-02-21 19:25 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys2012-08-21 13:33 . 2008-04-14 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe2012-08-21 12:58 . 2008-04-14 00:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe2011-12-03 18:21 . 2011-08-27 05:16 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]"VX3000"="c:\windows\vVX3000.exe" [2009-06-26 757248]"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-11-05 570664]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-01 59240]"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-03 25600]"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]"NBAgent"="c:\program files\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2012-01-13 1493288]"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-30 2596984]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-03-07 13879192]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-02 252848].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360].c:\documents and settings\peter smith\Start Menu\Programs\Startup\hpqtra08.exe [2008-3-25 214360]MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2012-8-5 576000]PowerReg Scheduler.exe [2012-8-5 256000].c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableLinkedConnections"= 1 (0x1).[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128].[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver".[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ComproRemote.lnk]backup=c:\windows\pss\ComproRemote.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ComproSchedulerDTV.lnk]backup=c:\windows\pss\ComproSchedulerDTV.lnkCommon Startup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]2012-10-17 01:29 1353080 ----a-w- c:\program files\Steam\steam.exe.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead 2\\left4dead2.exe"="c:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead 2\\bin\\SDKLauncher.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]"AllowInboundEchoRequest"= 1 (0x1).R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 5:50 AM 24896]R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [31/01/2012 5:46 AM 31952]R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/07/2010 2:06 PM 64288]R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [18/04/2012 5:07 PM 56496]R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [18/04/2012 5:07 PM 12464]R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2/02/2012 10:24 PM 14776]R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [22/02/2012 6:25 AM 237408]R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [22/02/2012 6:25 AM 301920]R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [28/10/2009 11:02 PM 98392]R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [13/06/2012 4:48 AM 2321560]R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14/02/2012 5:53 AM 193288]R2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [19/09/2011 3:58 PM 87368]R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [3/11/2012 10:33 PM 399432]R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [7/12/2011 8:00 AM 214896]R2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [25/11/2011 5:32 PM 687400]R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [26/06/2010 4:07 AM 35088]R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12/01/2012 8:52 PM 30944]R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 2:32 PM 139856]R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23/12/2011 2:32 PM 24144]R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 2:32 PM 17232]R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [4/06/2009 3:46 AM 171032]R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [4/06/2009 3:46 AM 1324056]R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [4/06/2009 3:46 AM 72728]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/04/2010 7:47 PM 22856]R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [16/11/2009 10:22 AM 47360]R3 VMHybrid;VMHybrid service;c:\windows\system32\drivers\VMHybrid.sys [1/09/2008 3:05 AM 1060224]S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [13/08/2012 4:24 AM 5167736]S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/04/2010 7:47 PM 676936]S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/07/2012 2:28 PM 160944]S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12/01/2012 8:52 PM 30944]S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys --> c:\windows\system32\DRIVERS\motfilt.sys [?]S3 ComproHID;VideoMate Root Enumerated Hid Device;c:\windows\system32\drivers\ComproHID.sys [22/05/2009 8:41 PM 7040]S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [18/07/2009 11:58 AM 79360]S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [4/06/2009 3:46 AM 171032]S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [4/06/2009 3:46 AM 1324056]S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [4/06/2009 3:46 AM 72728]S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 10:09 PM 267568]S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys --> c:\windows\system32\DRIVERS\Motousbnet.sys [?]S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys --> c:\windows\system32\DRIVERS\motusbdevice.sys [?]S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [21/08/2009 3:14 PM 36928].--- Other Services/Drivers In Memory ---.*Deregistered* - uphcleanhlp.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.Contents of the 'Scheduled Tasks' folder.2012-10-25 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 07:57].2012-11-03 c:\windows\Tasks\Driver Robot.job- c:\program files\Driver Robot\1.2.0.5\DriverRobot.exe [2009-12-20 06:29].2012-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-25 04:12].2012-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-25 04:12].2012-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1708537768-1801674531-1003Core.job- c:\documents and settings\peter smith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-12 15:32].2012-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1708537768-1801674531-1003UA.job- c:\documents and settings\peter smith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-12 15:32].2009-10-24 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job- c:\program files\Microsoft LifeCam\LifeExp.exe [2007-05-17 21:45].2012-11-04 c:\windows\Tasks\MotoHelper MUM.job- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00].2012-11-07 c:\windows\Tasks\MotoHelper Routing.job- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00].2012-11-04 c:\windows\Tasks\MotoHelper Update.job- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00].2012-11-07 c:\windows\Tasks\SmartDefrag_Startup.job- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-04-03 03:26].2012-11-07 c:\windows\Tasks\User_Feed_Synchronization-{FDA492B4-C921-4A9E-B111-88B14DFCFF35}.job- c:\windows\system32\msfeedssync.exe [2009-03-07 17:31]..------- Supplementary Scan -------.ustart page = hxxp://go.bigpond.com/home/index.jspuInternet Connection Wizard,ShellNext = iexploreuInternet Settings,ProxyOverride = *.local;192.168.*.*uSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: Download All By FlashGet3 - c:\documents and settings\peter smith\Application Data\FlashGetBHO\GetAllUrl.htmIE: Download By FlashGet3 - c:\documents and settings\peter smith\Application Data\FlashGetBHO\GetUrl.htmIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.htmlIE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105IE: {{87989A8E-F587-43A4-9315-34A4E4F4B3F9}TCP: DhcpNameServer = 10.0.0.138DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CABDPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} - hxxp://games.bigfishgames.com/en_big-city-adventure-sydney-australia/online/JBGamePlayer.cabFF - ProfilePath - c:\documents and settings\peter smith\Application Data\Mozilla\Firefox\Profiles\lhrewx53.default\FF - prefs.js: network.proxy.type - 0FF - ExtSQL: !HIDDEN! 2009-07-11 00:24; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2012-11-08 10:04Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTxfiHlp = CTXFIHLP.EXE? .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]"ImagePath"="c:\windows\system32\GameMon.des -service".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (LocalSystem)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2a,ad,8f,d6,8b,c3,82,4d,96,33,cd,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2a,ad,8f,d6,8b,c3,82,4d,96,33,cd,\.[HKEY_USERS\S-1-5-21-1409082233-1708537768-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode).[HKEY_USERS\S-1-5-21-1409082233-1708537768-1801674531-1003\Software\SecuROM\License information*]"datasecu"=hex:f1,3c,38,84,87,bb,a7,a4,1c,62,51,97,01,ca,87,81,86,31,d3,f5,91, 2d,83,dc,48,58,1e,97,ca,d9,3d,ce,86,16,ab,21,c2,f6,a5,5b,0e,bb,39,cc,7d,b2,\"rkeysecu"=hex:db,d3,f3,66,ca,d9,a8,34,d6,90,2e,e1,52,d1,8b,ab.[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]"value"="?\08\00\05\05,,?".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'explorer.exe'(4648)c:\windows\system32\WININET.dllc:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odfc:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dllc:\windows\system32\msi.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.Completion time: 2012-11-08 10:06:32ComboFix-quarantined-files.txt 2012-11-07 23:06ComboFix2.txt 2012-11-06 22:58.Pre-Run: 97,621,241,856 bytes freePost-Run: 97,584,295,936 bytes free.- - End Of File - - 2F238C528E203DE8AE4C8388573380A3 Link to post Share on other sites More sharing options...
Staff gringo_pr Posted November 8, 2012 Staff ID:610558 Share Posted November 8, 2012 These logs are looking allot better. But we still have some work to do.Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..uninstall some programsNOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)Programs to remove Java™ 6 Update 29JavaFX 2.1.1Uniblue DriverScanner 2009Uniblue System Tweaker Please download and install Revo Uninstaller FreeDouble click Revo Uninstaller to run it.From the list of programs double click on The Program to removeWhen prompted if you want to uninstall click Yes.Be sure the Moderate option is selected then click Next.The program will run, If prompted again click Yes when the built-in uninstaller is finished click on Next.Once the program has searched for leftovers click Next.Check/tick the bolded items only on the list then click Deletewhen prompted click on Yes and then on next.put a check on any folders that are found and select deletewhen prompted select yes then on nextOnce done click Finish..Clean Out Temp FilesThis small application you may want to keep and use once a week to keep the computer clean.Download CCleaner from here http://www.ccleaner.com/Run the installer to install the application.When it gives you the option to install Yahoo toolbar uncheck the box next to it.Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).Click Run Cleaner.Close CCleaner.: Malwarebytes' Anti-Malware :I would like you to rerun MBAMDouble-click mbam icongo to the update tab at the topclick on check for updatesIf an update is found, it will download and install the latest version.Once the program has loaded, select Perform quick scan, then click Scan.When the scan is complete, click OK, then Show Results to view the results.Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.When completed, a log will open in Notepad. please copy and paste the log into your next reply If you accidentally close it, the log file is saved here and will be named like this:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txtNote: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.Click OK to either and let MBAM proceed with the disinfection process.If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.Download HijackThisIf you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...) Go Here to download HijackThis Installer Save HijackThis Installer to your desktop. Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin) By default it will install to C:\Program Files\Trend Micro\HijackThis . Click on Install. It will create a HijackThis icon on the desktop. Once installed it will launch Hijackthis. Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad. Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log. Come back here to this thread and Paste the log in your next reply.DO NOT use the Analyze This button its findings are dangerous if misinterpreted.DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.NOTE**sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bitand select to run as administrator"information and logs"In your next post I need the followingLog From MBAMreport from Hijackthislet me know of any problems you may have hadHow is the computer doing now?Gringo Link to post Share on other sites More sharing options...
pb1947 Posted November 8, 2012 Author ID:610566 Share Posted November 8, 2012 Hi Gringo, Like the other day, I left system running while having breakfast and came back to find thisAVG flag :- Threat detected - c:\System Volume Information\_restore{34EA6B75-DFBF-4096-8BB79104CBDA}\A0471057.sysThreat Name:- Trojan horse Rootkit-Pakes.CDProcess name :- C:\WINDOWS\system32\svchost.exeProcess ID:1724 This time I ignored the AVG action and will wait for your reply. Cheers Pete Link to post Share on other sites More sharing options...
pb1947 Posted November 8, 2012 Author ID:610572 Share Posted November 8, 2012 <p> </p><div><div>Hi Gringo don't you sleep?? lol, thanks once again for your help</div><div>cheers Pete</div><div> </div><div>Malwarebytes Anti-Malware (PRO) 1.65.1.1000</div><div>www.malwarebytes.org</div><div> </div><div>Database version: v2012.11.07.10</div><div> </div><div>Windows XP Service Pack 3 x86 NTFS</div><div>Internet Explorer 8.0.6001.18702</div><div>peter smith :: PB1947 [administrator]</div><div> </div><div>Protection: Disabled</div><div> </div><div>8/11/2012 12:18:58 PM</div><div>mbam-log-2012-11-08 (12-18-58).txt</div><div> </div><div>Scan type: Quick scan</div><div>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM</div><div>Scan options disabled: P2P</div><div>Objects scanned: 262818</div><div>Time elapsed: 4 minute(s), 52 second(s)</div><div> </div><div>Memory Processes Detected: 0</div><div>(No malicious items detected)</div><div> </div><div>Memory Modules Detected: 0</div><div>(No malicious items detected)</div><div> </div><div>Registry Keys Detected: 0</div><div>(No malicious items detected)</div><div> </div><div>Registry Values Detected: 0</div><div>(No malicious items detected)</div><div> </div><div>Registry Data Items Detected: 0</div><div>(No malicious items detected)</div><div> </div><div>Folders Detected: 0</div><div>(No malicious items detected)</div><div> </div><div>Files Detected: 0</div><div>(No malicious items detected)</div><div> </div><div>(end)</div><div> </div></div><div> </div><div>Logfile of Trend Micro HijackThis v2.0.4</div><div>Scan saved at 12:33:35 PM, on 8/11/2012</div><div>Platform: Windows XP SP3 (WinNT 5.01.2600)</div><div>MSIE: Internet Explorer v8.00 (8.00.6001.18702)</div><div>Boot mode: Normal</div><div> </div><div>Running processes:</div><div>C:\windows\System32\smss.exe</div><div>C:\windows\system32\winlogon.exe</div><div>C:\windows\system32\services.exe</div><div>C:\windows\system32\lsass.exe</div><div>C:\windows\system32\nvsvc32.exe</div><div>C:\windows\system32\svchost.exe</div><div>C:\windows\System32\svchost.exe</div><div>C:\windows\system32\svchost.exe</div><div>C:\windows\system32\spoolsv.exe</div><div>C:\Program Files\Creative\Shared Files\CTAudSvc.exe</div><div>C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe</div><div>C:\windows\Explorer.EXE</div><div>C:\windows\vVX3000.exe</div><div>C:\windows\system32\CTXFIHLP.EXE</div><div>C:\Program Files\AVG\AVG2012\avgtray.exe</div><div>C:\Program Files\iTunes\iTunesHelper.exe</div><div>C:\Program Files\Common Files\Java\Java Update\jusched.exe</div><div>C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe</div><div>C:\Program Files\Windows Desktop Search\WindowsSearch.exe</div><div>C:\Documents and Settings\peter smith\Start Menu\Programs\Startup\hpqtra08.exe</div><div>C:\Program Files\MagicDisc\MagicDisc.exe</div><div>C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</div><div>C:\Program Files\AVG\AVG2012\avgfws.exe</div><div>C:\Program Files\AVG\AVG2012\avgwdsvc.exe</div><div>C:\Program Files\Bonjour\mDNSResponder.exe</div><div>C:\windows\system32\CTsvcCDA.exe</div><div>C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe</div><div>C:\Program Files\AVG\AVG2012\avgnsx.exe</div><div>C:\Program Files\AVG\AVG2012\avgemcx.exe</div><div>C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe</div><div>C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE</div><div>C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe</div><div>C:\Program Files\Microsoft LifeCam\MSCamS32.exe</div><div>C:\Program Files\AVG\AVG2012\avgrsx.exe</div><div>C:\Program Files\Nero\Update\NASvc.exe</div><div>C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe</div><div>C:\Program Files\AVG\AVG2012\avgcsrvx.exe</div><div>C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe</div><div>C:\windows\System32\svchost.exe</div><div>C:\windows\system32\IoctlSvc.exe</div><div>C:\windows\System32\svchost.exe</div><div>C:\windows\system32\PnkBstrA.exe</div><div>C:\windows\system32\PnkBstrB.exe</div><div>C:\windows\system32\svchost.exe</div><div>C:\Program Files\UPHClean\uphclean.exe</div><div>C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE</div><div>C:\windows\system32\SearchIndexer.exe</div><div>C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe</div><div>C:\Program Files\AVG\AVG2012\avgidsagent.exe</div><div>C:\windows\system32\svchost.exe</div><div>C:\Program Files\iPod\bin\iPodService.exe</div><div>C:\windows\SYSTEM32\CTXFISPI.EXE</div><div>C:\windows\system32\svchost.exe</div><div>C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe</div><div>C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe</div><div>C:\Program Files\AVG\AVG2012\avgcsrvx.exe</div><div>C:\Documents and Settings\peter smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe</div><div>C:\Documents and Settings\peter smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe</div><div>C:\Documents and Settings\peter smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe</div><div>C:\Documents and Settings\peter smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe</div><div>C:\Documents and Settings\peter smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe</div><div>C:\Program Files\Java\jre7\bin\jqs.exe</div><div>C:\Documents and Settings\peter smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe</div><div>C:\Downloads\new\HijackThis.exe</div><div> </div><div>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.bigpond.com/home/index.jsp</div><div>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157</div><div>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896</div><div>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896</div><div>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157</div><div>R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;192.168.*.*</div><div>O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll</div><div>O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll</div><div>O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll</div><div>O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll</div><div>O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL</div><div>O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll</div><div>O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll</div><div>O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll</div><div>O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll</div><div>O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll</div><div>O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll</div><div>O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\peter smith\Application Data\FlashGetBHO\FlashGetBHO3.dll</div><div>O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL</div><div>O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll</div><div>O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll</div><div>O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"</div><div>O4 - HKLM\..\Run: [VX3000] C:\windows\vVX3000.exe</div><div>O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"</div><div>O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe</div><div>O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe</div><div>O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE</div><div>O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices</div><div>O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"</div><div>O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"</div><div>O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart</div><div>O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"</div><div>O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup</div><div>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime</div><div>O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"</div><div>O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"</div><div>O4 - HKUS\S-1-5-21-1409082233-1708537768-1801674531-1010\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')</div><div>O4 - HKUS\S-1-5-21-1409082233-1708537768-1801674531-1010\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User 'UpdatusUser')</div><div>O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')</div><div>O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')</div><div>O4 - Startup: hpqtra08.exe</div><div>O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe</div><div>O4 - Startup: PowerReg Scheduler.exe</div><div>O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe</div><div>O8 - Extra context menu item: Download All By FlashGet3 - C:\Documents and Settings\peter smith\Application Data\FlashGetBHO\GetAllUrl.htm</div><div>O8 - Extra context menu item: Download By FlashGet3 - C:\Documents and Settings\peter smith\Application Data\FlashGetBHO\GetUrl.htm</div><div>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000</div><div>O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html</div><div>O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105</div><div>O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll</div><div>O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll</div><div>O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll</div><div>O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll</div><div>O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll</div><div>O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll</div><div>O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll</div><div>O9 - Extra button: FreshDownload - {87989A8E-F587-43A4-9315-34A4E4F4B3F9} - C:\windows\system32\shdocvw.dll</div><div>O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll</div><div>O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll</div><div>O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe</div><div>O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe</div><div>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe</div><div>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe</div><div>O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB</div><div>O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab</div><div>O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx</div><div>O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab</div><div>O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab</div><div>O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243504952390</div><div>O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab</div><div>O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab</div><div>O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab</div><div>O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} (Jolly Bear Games Player) - http://games.bigfishgames.com/en_big-city-adventure-sydney-australia/online/JBGamePlayer.cab</div><div>O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx</div><div>O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - </div><div>O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab</div><div>O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab</div><div>O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab</div><div>O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll</div><div>O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll</div><div>O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL</div><div>O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL</div><div>O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll</div><div>O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll</div><div>O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</div><div>O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe</div><div>O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe</div><div>O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe</div><div>O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe</div><div>O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe</div><div>O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\windows\system32\CTsvcCDA.exe</div><div>O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe</div><div>O23 - Service: DeviceMonitorService - Nero AG - C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe</div><div>O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe</div><div>O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe</div><div>O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe</div><div>O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe</div><div>O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe</div><div>O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe</div><div>O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe</div><div>O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe</div><div>O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe</div><div>O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe</div><div>O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe</div><div>O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe</div><div>O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\windows\system32\GameMon.des.exe (file missing)</div><div>O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe</div><div>O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe</div><div>O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\windows\system32\IoctlSvc.exe</div><div>O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe</div><div>O23 - Service: PnkBstrB - Unknown owner - C:\windows\system32\PnkBstrB.exe</div><div>O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe</div><div>O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe</div><div>O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe</div><div>O23 - Service: User Profile Hive Cleanup (UPHClean) - Windows ® Codename Longhorn DDK provider - C:\Program Files\UPHClean\uphclean.exe</div><div> </div><div>--</div><div>End of file - 17161 bytes</div><div> </div> Link to post Share on other sites More sharing options...
Staff gringo_pr Posted November 8, 2012 Staff ID:610580 Share Posted November 8, 2012 GreetingsThese logs are looking very good, we are almost done!!! Just one more scan to go.:Remove unneeded start-up entries:This part of the fix is purely optionalThese are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...) Run HijackThis Click on the Scan button Put a check beside all of the items listed below (if present):O4 - HKLM\..\Run: [VX3000] C:\windows\vVX3000.exeO4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exeO4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exeO4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXEO4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServicesO4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStartO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKUS\S-1-5-21-1409082233-1708537768-1801674531-1010\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User 'UpdatusUser')O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exeO4 - Startup: PowerReg Scheduler.exeO4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe[*] Close all open windows and browsers/email, etc...[*] Click on the "Fix Checked" button[*] When completed, close the application.NOTE**You can research each of those lines >here< and see if you want to keep them or notjust copy the name between the brackets and paste into the search spaceO4 - HKLM\..\Run: [IntelliPoint]NOTE**sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bitand select to run as administratorEset Online Scanner**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as adminGo Eset web page to run an online scanner from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scanclick on the Run ESET Online Scanner buttonTick the box next to YES, I accept the Terms of Use.Click Start[*]When asked, allow the add/on to be installedClick Start[*]Make sure that the option Remove found threats is unticked[*]Click on Advanced Settings, ensure the optionsScan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.[*]Click Scan[*]wait for the virus definitions to be downloaded[*]Wait for the scan to finishWhen the scan is completeIf no threats were foundput a checkmark in "Uninstall application on close"close programreport to me that nothing was foundIf threats were foundclick on "list of threats found"click on "export to text file" and save it as ESET SCAN and save to the desktopClick on backput a checkmark in "Uninstall application on close"click on finishclose programcopy and paste the report hereGringo Link to post Share on other sites More sharing options...
pb1947 Posted November 8, 2012 Author ID:610674 Share Posted November 8, 2012 Whew, Hi and thanks again Gringo, This took over 6 hours to get to this report, after 3 hours of scanning eset crashed due to a thunderstorm and a micro power out. Did it all again and here it is. Sure hope there are some false positives amongst all this in the attached report cheers PeteC:\Documents and Settings\peter smith\My Documents\Downloads\Angry_Birds_-_2011_-_PC_-_Cracked.exe Win32/Adware.1ClickDownload.G applicationC:\Documents and Settings\peter smith\My Documents\Downloads\cnet_wrar401_exe.exe a variant of Win32/InstallCore.D applicationC:\Documents and Settings\peter smith\My Documents\Downloads\Nazis.at.the.Center.of.the.Earth.2012.BRRip.XviD.Ac3.exe Win32/Adware.1ClickDownload.B applicationC:\Documents and Settings\peter smith\My Documents\Downloads\sd-setup (1).exe a variant of Win32/ELEX applicationC:\Documents and Settings\peter smith\My Documents\Downloads\sd-setup.exe a variant of Win32/ELEX applicationC:\Downloads\new\cbsidlm-tr1_7-Aveyond_Gates_of_Night-SEO2-10976663.exe Win32/DownloadAdmin.D applicationC:\Downloads\new\software\defragsetup.exe a variant of Win32/Toolbar.Widgi applicationC:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\cdrom.sys.vir Win32/Sirefef.DA trojanC:\System Volume Information\_restore{34EA6B75-DFBF-4096-926B-8BB79104CBDA}\RP740\A0465244.exe probably a variant of Win32/Toolbar.Babylon applicationC:\System Volume Information\_restore{34EA6B75-DFBF-4096-926B-8BB79104CBDA}\RP740\A0465248.dll a variant of Win32/Toolbar.Babylon applicationC:\System Volume Information\_restore{34EA6B75-DFBF-4096-926B-8BB79104CBDA}\RP759\A0470813.exe a variant of Win32/SweetIM.B applicationC:\System Volume Information\_restore{34EA6B75-DFBF-4096-926B-8BB79104CBDA}\RP759\A0471057.sys Win32/Sirefef.DA trojanC:\System Volume Information\_restore{34EA6B75-DFBF-4096-926B-8BB79104CBDA}\RP759\A0471141.sys Win32/Sirefef.DA trojanC:\System Volume Information\_restore{34EA6B75-DFBF-4096-926B-8BB79104CBDA}\RP759\A0471189.sys Win32/Sirefef.DA trojanC:\System Volume Information\_restore{34EA6B75-DFBF-4096-926B-8BB79104CBDA}\RP760\A0471262.sys Win32/Sirefef.DA trojan Link to post Share on other sites More sharing options...
Staff gringo_pr Posted November 8, 2012 Staff ID:610692 Share Posted November 8, 2012 HelloMost of what it found was in system restore and the rest are some minor things in your online scan that should be removed.delete filesCopy all text in the quote box (below)...to Notepad.@echo offdel /f /s /q "C:\Documents and Settings\peter smith\My Documents\Downloads\Angry_Birds_-_2011_-_PC_-_Cracked.exe"del /f /s /q "C:\Documents and Settings\peter smith\My Documents\Downloads\cnet_wrar401_exe.exe"del /f /s /q "C:\Documents and Settings\peter smith\My Documents\Downloads\Nazis.at.the.Center.of.the.Earth.2012.BRRip.XviD.Ac3.exe"del /f /s /q "C:\Documents and Settings\peter smith\My Documents\Downloads\sd-setup (1).exe"del /f /s /q "C:\Documents and Settings\peter smith\My Documents\Downloads\sd-setup.exe"del /f /s /q "C:\Downloads\new\cbsidlm-tr1_7-Aveyond_Gates_of_Night-SEO2-10976663.exe"del /f /s /q "C:\Downloads\new\software\defragsetup.exe"del %0Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"It should look like this: <--XP<--vistaDouble click on delfile.bat to execute it.A black CMD window will flash, then disappear...this is normal.The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.:Why we need to remove some of our tools: Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.:DeFogger:Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.To re-enable your Emulation drivers, double click DeFogger to run the tool. The application window will appear Click the Re-enable button to re-enable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OK DeFogger will now ask to reboot the machine - click OK.Your Emulation drivers are now re-enabled.:Uninstall ComboFix:turn off all active protection softwarepush the "windows key" + "R" (between the "Ctrl" button and "Alt" Button) please copy and past the following into the box ComboFix /Uninstall and click OK. Note the space between the X and the /Uninstall, it needs to be there.:Remove the rest of our tools:Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.Double-click OTCleanIt.exe.Click the CleanUp! button.Select Yes when the "Begin cleanup Process?" prompt appears.If you are prompted to Reboot during the cleanup, select Yes.The tool will delete itself once it finishes, if not delete it by yourself. If asked to restart the computer, please do soNote: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.:The programs you can keep:Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstallsCCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleanerMalwarebytes' Anti-Malware The Gold standerd today in antimalware scanners:Security programs:One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It istotally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)Note** If you decide to install MSE you will need to uninstall your present Antivirus:Security awareness:The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.Here are some articles that are must reads and should be read by everybody in your household that uses the internetinternetsafetyInternet Safety for KidsHere is some more reading for you from some of my collegesPC Safety and Security - What Do I Need? from my friends at Tech Support ForumCOMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removalquoted from Tech Support ForumConclusionThere is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PMMy help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.Gringo Link to post Share on other sites More sharing options...
pb1947 Posted November 8, 2012 Author ID:610906 Share Posted November 8, 2012 Hi and thanks Gringo, It has been a long haul but worth it, the things I have gained out of our session is familiarity and complacency can be a thing to be very wary of when using computers/internet. One tends to take for granted that because one researches and pays top dollar that they have the best virus protection. In the past I have used fully registered versions of Norton,Macafee,NOD eset, Kaspersky and currently AVG2012, not to mention countless anti spyware/malware programs such as Spybot, no-adaware and countless others.Three years ago I had bad Infections and I was that impressed with MBAM (MalewareBytes) that I brought the pro registration, and once again this program has proved its worth. This program seems to pick up the viruses/malwares first then the resident programs as mentioned above seem to wake and say "hey we have viruses" after MBAM does the hard yardsI am definitely interested in your recommendations for protection and with this alone you have shown me that I can protect my systems for very little expense. It was MalwareBytes that first alerted me to my infections not my resident anti virus program and as far as I am concerned It has been useless as teats on a bull in respect to my recent infections. But having said that I can see that they have their uses and each in different ways to others as far as protection is concerned.I have also chatted with the younger generation that uses this system, but in all fairness it is hard to chastise them for what I would have done at their age. I think the only way to get around this is separate systems and let them fix their own, and having said that I too am guilty of breaching the protocol of avoiding infections.I cannot express my gratitude enough to you for your work in guiding me to rid my system of the infections and crap, and a lot of that I didn't realise I had.many THANKS Gringo for resolving my problems, cheers Peteps my next move is a very worthy donation to the cause Link to post Share on other sites More sharing options...
Staff gringo_pr Posted November 9, 2012 Staff ID:610984 Share Posted November 9, 2012 Hello PeteThat was very nice and I thank you very much, with kids it is very hard to keep things in line as I have to boys of my own, While we can try to protect them online with programs they will find a way to get around it - education can go very far here as I find it is the best way - some of the links I have listed will help in that departmentgringo Link to post Share on other sites More sharing options...
LDTate Posted November 11, 2012 ID:611897 Share Posted November 11, 2012 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts