Jump to content

Hard drive and modem thrashing due to malware/viruses


pb1947

Recommended Posts

Hi, My HD and modem started to thrash in unison about a week ago. I have a full registered version of AVG and have run full scans twice since and it showed a clean system. I started to smell a rat when my browser (google chrome) started to do weird things ie tabbing ads and weird sites. I have a full registered version of malwarebytes which was mothballed due to clashes at the time with AVG. (I currently have noticed that this is not the case now). I updated malwarebytes and ran a full scan and came up with a affiliates downloader which was subsequently removed. I then did another full scan with AVG and it picked up 16 malware/viruses??? after originally showing a clean system. These were removed and system rebooted

I then did another scan with malware bytes with the modem switched off and picked up trojans in my memory and restore files which were removed and system reboot. I did a registery clean with Ccleaner and defragged. I then did another another fullscan with AVG and found yet another 3 Trojans 2 of which I could not remove, they were disabled and quarantined. Then I again rebooted (modem still switched off)

I did one more scan with Malwarebytes and finally came up clean (Ironically I am not so sure about that). I then after a reboot switched on my modem and my harddisk started to thrash, the ethernet light and HD light are at this moment having a hernia and I know without going any further my problem is rewriting itself.

Dont you hate it!!!! Below are the log pastes of dds and attach

your help will be appreciated. Cheers Pete

DDS (Ver_2012-10-19.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2

Run by peter smith at 18:22:36 on 2012-11-04

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3068.1985 [GMT 11:00]

.

AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Internet Security 2012 *Enabled*

.

============== Running Processes ================

.

C:\windows\system32\nvsvc32.exe

C:\windows\system32\spoolsv.exe

C:\Program Files\Creative\Shared Files\CTAudSvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG2012\avgfws.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\windows\system32\CTsvcCDA.exe

C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe

C:\windows\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Program Files\Nero\Update\NASvc.exe

C:\windows\vVX3000.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\windows\system32\CTXFIHLP.EXE

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

C:\windows\system32\ctfmon.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\peter smith\Start Menu\Programs\Startup\hpqtra08.exe

C:\Program Files\MagicDisc\MagicDisc.exe

C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\windows\system32\IoctlSvc.exe

C:\windows\system32\PnkBstrA.exe

C:\windows\system32\PnkBstrB.exe

C:\Program Files\UPHClean\uphclean.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\windows\SYSTEM32\CTXFISPI.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Documents and Settings\peter smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\peter smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\peter smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\peter smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\peter smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\peter smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\windows\System32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k WudfServiceGroup

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k LocalService

C:\windows\System32\svchost.exe -k HPZ12

C:\windows\System32\svchost.exe -k HPZ12

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\svchost.exe -k hpdevmgmt

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://go.bigpond.com/home/index.jsp

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - c:\program files\avg\avg2012\avgdtiex.dll

BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: CPrintEnhancer Object: {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - c:\program files\hp\smart web printing\SmartWebPrinting.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll

BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\documents and settings\peter smith\application data\flashgetbho\FlashGetBHO3.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

EB: Groove Folder Synchronization: {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} - c:\program files\microsoft office\office14\GROOVEEX.DLL

uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\peter smith\local settings\application data\google\update\GoogleUpdate.exe" /c

uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MS-RTC EA 2; InfoPath.3; Creative AutoUpdate v1.40.01)" -"http://www.freeaddictinggames.com/game/knievels-wild-ride/"

mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"

mRun: [VX3000] c:\windows\vVX3000.exe

mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"

mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [NBAgent] "c:\program files\nero\nero 11\nero backitup\NBAgent.exe" /WinStart

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\documents and settings\peter smith\start menu\programs\startup\hpqtra08.exe

StartupFolder: c:\docume~1\peters~1\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe

StartupFolder: c:\documents and settings\peter smith\start menu\programs\startup\PowerReg Scheduler.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoDriveTypeAutoRun = dword:28

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: Download All By FlashGet3 - c:\documents and settings\peter smith\application data\flashgetbho\GetAllUrl.htm

IE: Download By FlashGet3 - c:\documents and settings\peter smith\application data\flashgetbho\GetUrl.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

LSP: mswsock.dll

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab

DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243504952390

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} - hxxp://games.bigfishgames.com/en_big-city-adventure-sydney-australia/online/JBGamePlayer.cab

DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL

SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\peter smith\application data\mozilla\firefox\profiles\lhrewx53.default\

FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)

FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=109217&tt=120812_bandext_3312_8&babsrc=HP_ss&mntrId=08262c03000000000000001cc0a94c4d

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=109217&tt=120812_bandext_3312_8&babsrc=KW_ss&mntrId=08262c03000000000000001cc0a94c4d&q=

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll

FF - plugin: c:\documents and settings\peter smith\application data\mozilla\firefox\profiles\lhrewx53.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\plugins\np-mswmp.dll

FF - plugin: c:\documents and settings\peter smith\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\progra~1\common~1\nero\browse~1\npBrowserPlugin.dll

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\downloader\npdd.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

FF - plugin: c:\windows\system32\npwmsdrm.dll

FF - ExtSQL: !HIDDEN! 2009-07-11 00:24; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109217&tt=120812_bandext_3312_8

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=

FF - user.js: extensions.BabylonToolbar.id - 08262c03000000000000001cc0a94c4d

FF - user.js: extensions.BabylonToolbar.instlDay - 15565

FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6

FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.618:05:21

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - base

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-6 64288]

R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [2012-4-18 56496]

R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [2012-4-18 12464]

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-2-2 14776]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 237408]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-2-22 301920]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-10-28 98392]

R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2012-6-13 2321560]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]

R2 DeviceMonitorService;DeviceMonitorService;c:\program files\motorola media link\lite\NServiceEntry.exe [2011-9-19 87368]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-7-8 54760]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-3 399432]

R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-12-7 214896]

R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-11-25 687400]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-26 35088]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-3-14 2348352]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2012-1-12 30944]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]

R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]

R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-4-4 22856]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2012-5-15 100456]

R3 VMHybrid;VMHybrid service;c:\windows\system32\drivers\VMHybrid.sys [2008-9-1 1060224]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-8-13 5167736]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-25 135664]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-4-4 676936]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2012-1-12 30944]

S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys --> c:\windows\system32\drivers\motfilt.sys [?]

S3 ComproHID;VideoMate Root Enumerated Hid Device;c:\windows\system32\drivers\ComproHID.sys [2009-5-22 7040]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-7-18 79360]

S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]

S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]

S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-25 135664]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys --> c:\windows\system32\drivers\motccgp.sys [?]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys --> c:\windows\system32\drivers\motccgpfl.sys [?]

S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\motousbnet.sys --> c:\windows\system32\drivers\Motousbnet.sys [?]

S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys --> c:\windows\system32\drivers\motusbdevice.sys [?]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2009-8-21 36928]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-11-03 04:37:05 33280 ----a-w- c:\program files\microsoft games\halo\trainer.exe

2012-11-03 04:18:59 -------- d-----w- C:\Halo

2012-10-31 08:27:55 -------- d-----w- C:\extract

2012-10-29 23:35:11 -------- d-----w- c:\program files\Aveyond - Gates of Night

2012-10-27 00:10:53 -------- d-----w- c:\documents and settings\peter smith\application data\Aveyond 3

2012-10-26 23:46:07 441 ----a-w- c:\program files\2710201210460739.bat

2012-10-26 13:47:37 -------- d-----w- c:\documents and settings\peter smith\local settings\application data\Buried In Time

2012-10-26 12:40:34 -------- d-----w- c:\documents and settings\peter smith\application data\Mud Puddle Games

2012-10-23 12:56:20 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-10-20 23:11:47 -------- d-----w- c:\documents and settings\peter smith\application data\Oberon Media

2012-10-20 23:11:38 -------- d-----w- c:\program files\common files\Oberon Media

2012-10-20 23:09:14 -------- d-----w- c:\documents and settings\all users\application data\Oberon Media

2012-10-20 23:09:09 -------- d-----w- c:\program files\Oberon Media

2012-10-20 23:09:09 -------- d-----w- c:\program files\MSN Games

2012-10-06 05:01:48 -------- d-----w- c:\program files\Cheat Engine 6.1

.

==================== Find3M ====================

.

2012-10-23 12:56:08 821736 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-10-23 12:56:08 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-10-23 12:56:08 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-09-29 08:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:14:53 43520 ------w- c:\windows\system32\licmgr10.dll

2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec

2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-08-24 05:43:18 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2012-08-21 13:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-21 12:58:09 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-08-08 07:21:25 256868 ----a-w- c:\windows\system32\nvdrsdb1.bin

2012-08-08 07:21:25 1 ----a-w- c:\windows\system32\nvdrssel.bin

2012-08-08 07:21:14 256868 ----a-w- c:\windows\system32\nvdrsdb0.bin

.

============= FINISH: 18:23:11.00 ===============

DDS (Ver_2012-10-19.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 22/05/2009 6:27:43 PM

System Uptime: 4/11/2012 5:05:08 PM (1 hours ago)

.

Motherboard: Intel Corporation | | DG41TY

Processor: Intel Pentium III Xeon processor | LGA775 | 2332/333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 87.005 GiB free.

D: is FIXED (NTFS) - 466 GiB total, 377.505 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is CDROM ()

K: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}

Description: Nokia 6120 classic

Device ID: ROOT\WPD\0000

Manufacturer: Nokia

Name: Nokia 6120 classic

PNP Device ID: ROOT\WPD\0000

Service: WUDFRd

.

==== System Restore Points ===================

.

RP736: 8/08/2012 6:17:31 AM - System Checkpoint

RP737: 8/08/2012 11:10:01 AM - Installed Trains and Trucks Tycoon

RP738: 9/08/2012 2:32:01 PM - System Checkpoint

RP739: 12/08/2012 8:00:50 PM - System Checkpoint

RP740: 13/08/2012 6:08:24 PM - Restore Operation

RP741: 14/08/2012 7:19:50 PM - System Checkpoint

RP742: 15/08/2012 12:17:09 PM - Software Distribution Service 3.0

RP743: 16/08/2012 8:51:17 PM - System Checkpoint

RP744: 6/10/2012 9:04:56 AM - Installed DirectX

RP745: 6/10/2012 9:05:36 AM - Installed Nero Prerequisite Installer 1.0.

RP746: 6/10/2012 9:29:09 AM - Software Distribution Service 3.0

RP747: 15/10/2012 4:28:43 PM - Software Distribution Service 3.0

RP748: 17/10/2012 1:18:00 PM - Installed DirectX

RP749: 18/10/2012 3:57:19 PM - System Checkpoint

RP750: 19/10/2012 4:59:24 PM - System Checkpoint

RP751: 21/10/2012 1:26:20 AM - System Checkpoint

RP752: 22/10/2012 2:07:08 AM - System Checkpoint

RP753: 23/10/2012 2:44:00 PM - System Checkpoint

RP754: 23/10/2012 11:55:41 PM - Removed Java 7 Update 5

RP755: 26/10/2012 4:22:41 PM - System Checkpoint

RP756: 30/10/2012 1:12:55 AM - System Checkpoint

RP757: 31/10/2012 1:02:33 PM - System Checkpoint

RP758: 1/11/2012 1:43:31 PM - System Checkpoint

RP759: 4/11/2012 4:20:43 AM - System Checkpoint

.

==== Installed Programs ======================

.

100% Free Euchre 7.30

100% Free Five Hundred 7.30

32 Bit HP CIO Components Installer

4 Elements

900 Puzzle Games

ACDSee Image Decoder Update

ACDSee Pro 4

ACDSee RAW Image Decoder Plug-In Update 4.0

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4)

Adobe Shockwave Player 11.6

Age of Empires III

Age of Empires III - The Asian Dynasties

AIO_Scan

All My Gods

ANNO 1404

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Australian Pictorial Computer Stamp Catalogue 2012 Edition

Australian Pictorial Computer Stamp Organiser 2012 Edition

Aveyond - Gates of Night

Aveyond Lord of Twilight

AVG 2012

AVS Media Player 3.1

AVS Mobile Uploader version 1.9

AVS Update Manager 1.0

AVS Video Converter 6

AVS4YOU Software Navigator 1.3

Be a King (remove only)

Be Rich

Be Richer

Bejeweled Twist 1.0.3

BestHD Blu-ray DVD Ripper 3.58.07

Big Fish Games: Game Manager

Blokus World Tour

Bonampak

Bonjour

Boulder Dash®: Pirate's Quest™

Brain Games: Chess

BufferChm

Build-a-Lot 4: Power Source

Build-a-lot: On Vacation

C4200

c4200_Help

CallerIP

Canasta From Special K

Capitalism II

CCleaner

Champion Chef

Cheat Engine 6.1

Chocolatier 2 - Secret Ingredients

Coconut Queen (remove only)

Compatibility Pack for the 2007 Office system

ConvertXtoDVD 3.0.0.1

Copy

Cradle of Persia 1.00

Creative Audio Control Panel

Creative Console Launcher

Creative MediaSource 5

Creative Software AutoUpdate

Creative System Information

Creative WaveStudio 7

Cribbage

Critical Update for Windows Media Player 11 (KB959772)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Destination Component

DeviceDiscovery

DeviceManagementQFolder

Diablo II

DocProc

DocProcQFolder

Downloader

Dragon Keeper

Drawn: Dark Flight ®

DVD Shrink 3.2

East India Company Collection

Empire Earth II

eSupportQFolder

F.E.A.R. 2: Project Origin

Fallout 3

Farm Tribe

Fate of the Pharaoh

FINAL FANTASY XIV

Fishdom (remove only)

fishsim2

Fishsim2.11h+

FlashGet 3.3

Flower Story - Fairy Quest

FREEping

Garden Defense

Gardenscapes 1.00

Garmin USB Drivers

Garmin WebUpdater

Gatling Gears

gBurner

GFI LANguard 9.6

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Governor of Poker

Greek Goddesses of Solitaire

Guild Wars

Honeybee

Hospital Tycoon

Hot Dish

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB942288-v3)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Hoyle Board Games 2003

HP Imaging Device Functions 8.0

HP OCR Software 8.0

HP Photosmart All-In-One Driver Software 9.0.A Corporate Edition

HP Photosmart All-In-One Software 8.0

HP Photosmart Essential

HP Product Assistant

HP Product Detection

HP Smart Web Printing 1.0

HP Solution Center 8.0

HP Update

HPProductAssistant

Hunting Unlimited 2010

Island Tribe 1.00

Island Tribe 2

iTunes

Java 7 Update 9

Java Auto Updater

Java 6 Update 29

JavaFX 2.1.1

Junk Mail filter update

K-Lite Mega Codec Pack 6.5.5

Kingdom Chronicles Collector's Edition

Land Grabbers

Left 4 Dead 2

Left 4 Dead 2 Add-on Support

Left 4 Dead 2 Authoring Tools

Legends of Atlantis: Exodus

Magic FLAC to MP3 Converter 3.71

MagicDisc 2.7.106

Malwarebytes Anti-Malware version 1.65.1.1000

Marblez

Matroska Pack - Lazy Man's MKV 0.9.9

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Easy Assist v2

Microsoft Fix it Center

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Halo

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft LifeCam

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2007

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 14

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft User-Mode Driver Framework Feature Pack 1.7

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Windows XP Video Decoder Checkup Utility

Microsoft Works 6-9 Converter

Microsoft WSE 3.0 Runtime

Miriel the Magical Merchant (remove only)

MobileMe Control Panel

Monopoly (remove only)

Monument Builders: Eiffel Tower

Mortimer Beckett and the Time Paradox

MotoHelper 2.1.32 Driver 5.4.0

MotoHelper MergeModules

MOTOROLA MEDIA LINK

Motorola Mobile Drivers Installation 5.4.0

Mount&Blade With Fire and Sword

Mozilla Firefox 8.0.1 (x86 en-GB)

MSVC80_x86

MSVC80_x86_v2

MSVC90_x86

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

My Farm Life 2

My Kingdom For The Princess II

My Life Story (remove only)

My Tribe

Nero 11

Nero 8 Essentials

Nero Abstract Themes

Nero Audio Pack 1

Nero BackItUp 11

Nero BackItUp 11 Help (CHM)

Nero Backup Drivers

Nero Blu-ray Player

Nero Burning ROM 11

Nero Burning ROM 11 Help (CHM)

Nero Cliparts

Nero ControlCenter

Nero ControlCenter Help (CHM)

Nero Core Components

Nero CoverDesigner 11

Nero CoverDesigner 11 Help (CHM)

Nero Disc Menus 1

Nero Disc Menus 2

Nero Disc Menus 3

Nero Disc Menus Basic

Nero Effects Basic

Nero Express 11

Nero Express 11 Help (CHM)

Nero Family and Events Themes

Nero Football (Soccer) Themes

Nero Holiday and Sports Themes

Nero Image Samples

Nero Kwik Media

Nero Kwik Media Help (CHM)

Nero Kwik Themes Basic

Nero PiP Effects 1

Nero PiP Effects Basic

Nero Prerequisite Installer 1.0

Nero Recode 11

Nero Recode 11 Help (CHM)

Nero RescueAgent 11

Nero RescueAgent 11 Help (CHM)

Nero SharedVideoCodecs

Nero SoundTrax 11

Nero SoundTrax 11 Help (CHM)

Nero Update

Nero Video 11

Nero Video 11 Help (CHM)

Nero Video Samples

Nero Video Transitions 1

Nero WaveEditor 11

Nero WaveEditor 11 Help (CHM)

nero.prerequisites.msi

neroxml

New Yankee in King Arthur's Court

Nokia Connectivity Cable Driver

Nokia Ovi Suite

Nokia Ovi Suite Software Updater

Nokia PC Suite

Nokia Software Updater

NVIDIA Control Panel 267.59

NVIDIA Graphics Driver 267.59

NVIDIA HD Audio Driver 1.1.13.1

NVIDIA Install Application

NVIDIA nView 136.18

NVIDIA nView Desktop Manager

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.0213

NVIDIA Update 1.7.11

NVIDIA Update Components

OGA Notifier 2.0.0048.0

Open Sea Fishing

OpenAL

Opera 11.60

Ovi Desktop Sync Engine

OviMPlatform

Pakoombo

Path To Success

PC Connectivity Solution

Photo Story 3 for Windows

PL-2303 USB-to-Serial

Plants vs. Zombies (remove only)

ps_aio_corporate

PS_AIO_ProductContext

PS_AIO_Software

PS_AIO_Software_min

PunkBuster Services

QuickTime

Railroad Tycoon 3

Railroad Tycoon 3 1.06

Rapala Pro Fishing

RAW - Realms of Ancient War

REALTEK GbE & FE Ethernet PCI-E NIC Driver

Realtek High Definition Audio Driver

Robinson Crusoe and The Cursed Pirates

Royal Envoy Collector's Edition

Scan

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Encoder (KB2447961)

Security Update for Windows Media Encoder (KB954156)

Security Update for Windows Media Encoder (KB979332)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544521)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618444)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647516)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Seeds of Sorcery

Segoe UI

Shaban

Sid Meier's Railroads!

Simon3D

Skype Toolbars

Skype™ 5.10

Smart Defrag 2

SolutionCenter

SoundFont Bank Manager

SPORE™

SPORE™ Galactic Adventures

Star Defender 4

Status

Steam

swMSM

Sylenth1 v2.20

System Requirements Lab

The Chronicles of Spellborn

The Fall Trilogy 1.00

The Golden Years: Way Out West

The Island: Castaway 2

The Sims Carnival - BumperBlast

The Sims Medieval

The Timebuilders - Caveman's Prophecy

TomTom HOME 2.7.3.1894

TomTom HOME Visual Studio Merge Modules

Toolbox

TrackMania 2

TrayApp

Trucks & Trailers 1.00

Turbo Subs

Tweak UI

Ubisoft Game Launcher

Undelete 360

Uniblue DriverScanner 2009

Uniblue System Tweaker

UnloadSupport

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft Windows (KB971513)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2492386)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

User Profile Hive Cleanup Service

VC80CRTRedist - 8.0.50727.6195

VCRedistSetup

Virtual City (remove only)

Virtual Villagers - The Secret City

Virtual Villagers - The Secret City 1.0

Virtual Villagers 3 - The Secret City Fixed

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebFldrs XP

WebReg

Welcome App (Start-up experience)

Westward IV - All Aboard (remove only)

Windows 7 Upgrade Advisor

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)

Windows Driver Package - Nokia Modem (10/05/2009 4.2)

Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Mail

Windows Live Photo Gallery

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Windows Management Framework Core

Windows Media Encoder 9 Series

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player Firefox Plugin

Windows Search 4.0

WinPcap 4.1.2

WinRAR archiver

Wireshark 1.4.1

World Mosaics 4 1.00

World Of Zellians

Youda Farmer 3 - Seasons

Youda Survivor

.

==== Event Viewer Messages From Past Week ========

.

3/11/2012 10:18:16 PM, error: Service Control Manager [7022] - The WebClient service hung on starting.

2/11/2012 8:13:49 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.

2/11/2012 5:30:26 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

2/11/2012 5:30:13 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service hpqddsvc with arguments "" in order to run the server: {2C82180E-8C3C-4A1B-BEB1-B9140713E701}

.

==== End Of File ===========================

Link to post
Share on other sites

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

    [*]Please do not attach logs or use code boxes, just copy and paste the text.

    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

    [*]Please read every post completely before doing anything.

    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

    [*]Please provide feedback about your experience as we go.

    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from
here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download
AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+

Gringo

Link to post
Share on other sites

Hi, I lost report for security check, I did not notice this until I ran other two programs my system crashed during this and some scans had too be done again. My browser was still diverting to ads after these 2 were run. I also had a block by AVG when I rebooted after all the processes you requested were ran. ie File Name :- qszmg.justdied.com/index.php? Threat Name :- Exploit Rogue Scanner (type831)

Cheers and thanks Pete

# AdwCleaner v2.006 - Logfile created 11/05/2012 at 09:56:35

# Updated 30/10/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : peter smith - PB1947

# Boot Mode : Normal

# Running from : C:\Documents and Settings\peter smith\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\Documents and Settings\peter smith\Application Data\Mozilla\Firefox\Profiles\lhrewx53.default\BrowserMngr_extensions.sqlite

File Found : C:\Documents and Settings\peter smith\Application Data\Mozilla\Firefox\Profiles\lhrewx53.default\browsermngr_prefs.js

File Found : C:\Documents and Settings\peter smith\Application Data\Mozilla\Firefox\Profiles\lhrewx53.default\searchplugins\BabylonMngr.xml

File Found : C:\Program Files\Mozilla FireFox\Components\AskSearch.js

File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

File Found : C:\user.js

File Found : C:\windows\Tasks\Browser Manager.job

Folder Found : C:\DOCUME~1\PETERS~1\LOCALS~1\Temp\CT2504091

Folder Found : C:\Documents and Settings\All Users\Application Data\Browser Manager

Folder Found : C:\Documents and Settings\All Users\Application Data\InstallMate

Folder Found : C:\Documents and Settings\All Users\Application Data\Premium

Folder Found : C:\Documents and Settings\All Users\Application Data\Trymedia

Folder Found : C:\Documents and Settings\All Users\Start Menu\Programs\iWin

Folder Found : C:\Documents and Settings\peter smith\Application Data\Babylon

Folder Found : C:\Documents and Settings\peter smith\Application Data\BabylonToolbar

Folder Found : C:\Documents and Settings\peter smith\Application Data\iWin

Folder Found : C:\Documents and Settings\peter smith\Application Data\Mozilla\Firefox\Profiles\lhrewx53.default\CT2504091

Folder Found : C:\Documents and Settings\peter smith\Application Data\Mozilla\Firefox\Profiles\lhrewx53.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}

Folder Found : C:\Documents and Settings\peter smith\Application Data\PriceGong

Folder Found : C:\Documents and Settings\peter smith\Local Settings\Application Data\Conduit

Folder Found : C:\Documents and Settings\peter smith\Local Settings\Application Data\ConduitEngine

Folder Found : C:\Program Files\BabylonToolbar

Folder Found : C:\Program Files\Conduit

Folder Found : C:\Program Files\iWin

Folder Found : C:\Program Files\Trymedia

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\Headlight

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B0DE3308-5D5A-470D-81B9-634FC078393B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D360201-FFF5-11D1-8D03-00A0C959BC0A}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B0DE3308-5D5A-470D-81B9-634FC078393B}

Key Found : HKCU\Software\PriceGong

Key Found : HKCU\Software\SmartBar

Key Found : HKLM\SOFTWARE\Classes\CLSID\{2D360201-FFF5-11D1-8D03-00A0C959BC0A}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2790392

Key Found : HKLM\Software\Conduit

Key Found : HKLM\Software\GamesBarSetup

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine

Key Found : HKLM\SOFTWARE\Software

Key Found : HKLM\Software\Software

Key Found : HKU\S-1-5-21-1409082233-1708537768-1801674531-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v8.0.1 (en-GB)

Profile name : default

File : C:\Documents and Settings\peter smith\Application Data\Mozilla\Firefox\Profiles\lhrewx53.default\prefs.js

Found : user_pref("CT2504091.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Found : user_pref("CT2504091.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Found : user_pref("CT2504091.FirstTime", "true");

Found : user_pref("CT2504091.FirstTimeFF3", "true");

Found : user_pref("CT2504091.UserID", "UN00269778162390743");

Found : user_pref("CT2504091.addressBarTakeOverEnabledInHidden", "true");

Found : user_pref("CT2504091.autoDisableScopes", -1);

Found : user_pref("CT2504091.cbfirsttime", "Mon Aug 13 2012 18:06:13 GMT+1000 (AUS Eastern Standard Time)");

Found : user_pref("CT2504091.defaultSearch", "false");

Found : user_pref("CT2504091.embeddedsData", "[{\"appId\":\"129079840422026594\",\"apiPermissions\":{\"cross[...]

Found : user_pref("CT2504091.enableAlerts", "false");

Found : user_pref("CT2504091.enableSearchFromAddressBar", "true");

Found : user_pref("CT2504091.firstTimeDialogOpened", "true");

Found : user_pref("CT2504091.fixPageNotFoundError", "true");

Found : user_pref("CT2504091.fixPageNotFoundErrorInHidden", "true");

Found : user_pref("CT2504091.fixUrls", true);

Found : user_pref("CT2504091.installId", "ConduitNSISIntegration");

Found : user_pref("CT2504091.installType", "ConduitNSISIntegration");

Found : user_pref("CT2504091.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Found : user_pref("CT2504091.isNewTabEnabled", true);

Found : user_pref("CT2504091.isPerformedSmartBarTransition", "true");

Found : user_pref("CT2504091.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Found : user_pref("CT2504091.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Ablank\",\"EB_MAIN_FRA[...]

Found : user_pref("CT2504091.openThankYouPage", "false");

Found : user_pref("CT2504091.openUninstallPage", "false");

Found : user_pref("CT2504091.search.searchAppId", "129079840422026594");

Found : user_pref("CT2504091.search.searchCount", "0");

Found : user_pref("CT2504091.searchInNewTabEnabledInHidden", "true");

Found : user_pref("CT2504091.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Found : user_pref("CT2504091.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Found : user_pref("CT2504091.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\[...]

Found : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Found : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Found : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Found : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Found : user_pref("CT2504091.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1344845171657");

Found : user_pref("CT2504091.serviceLayer_services_appsMetadata_lastUpdate", "1344845158127");

Found : user_pref("CT2504091.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1344845156751");

Found : user_pref("CT2504091.serviceLayer_services_login_10.10.20.14_lastUpdate", "1344845171783");

Found : user_pref("CT2504091.serviceLayer_services_optimizer_lastUpdate", "1344845171279");

Found : user_pref("CT2504091.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1344845156777");

Found : user_pref("CT2504091.serviceLayer_services_searchAPI_lastUpdate", "1344845155668");

Found : user_pref("CT2504091.serviceLayer_services_serviceMap_lastUpdate", "1344845154672");

Found : user_pref("CT2504091.serviceLayer_services_toolbarContextMenu_lastUpdate", "1344845156727");

Found : user_pref("CT2504091.serviceLayer_services_toolbarSettings_lastUpdate", "1344845155360");

Found : user_pref("CT2504091.serviceLayer_services_translation_lastUpdate", "1344845170806");

Found : user_pref("CT2504091.settingsINI", true);

Found : user_pref("CT2504091.shouldFirstTimeDialog", "false");

Found : user_pref("CT2504091.smartbar.CTID", "CT2504091");

Found : user_pref("CT2504091.smartbar.Uninstall", "0");

Found : user_pref("CT2504091.smartbar.toolbarName", "Vuze Remote ");

Found : user_pref("CT2504091.startPage", "false");

Found : user_pref("CT2504091.toolbarBornServerTime", "13-8-2012");

Found : user_pref("CT2504091.toolbarCurrentServerTime", "13-8-2012");

Found : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=109217&tt=120812_bandext_3312_8&ba[...]

Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");

Found : user_pref("browser.search.order.1", "Search the web (Babylon)");

Found : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");

Found : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=109217&tt=120812_bandext_331[...]

Found : user_pref("extensions.BabylonToolbar.admin", false);

Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");

Found : user_pref("extensions.BabylonToolbar.excTlbr", false);

Found : user_pref("extensions.BabylonToolbar.id", "08262c03000000000000001cc0a94c4d");

Found : user_pref("extensions.BabylonToolbar.instlDay", "15565");

Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");

Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");

Found : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");

Found : user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6");

Found : user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6");

Found : user_pref("extensions.BabylonToolbar_i.babExt", "");

Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109217&tt=120812_bandext_3312_8");

Found : user_pref("extensions.BabylonToolbar_i.newTab", true);

Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=109217&tt=12081[...]

Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.618:05:21");

Found : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=109217&tt=120812_bandext_3312_8&babsrc=KW[...]

-\\ Google Chrome v22.0.1229.94

File : C:\Documents and Settings\peter smith\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Found [l.13] : homepage = "hxxp://search.babylon.com/?affID=109217&tt=120812_bandext_3312_8&babsrc=HP_ss&mntrId=08262c03000000000000001cc0a94c4d",

Found [l.1586] : homepage = "hxxp://search.babylon.com/?affID=109217&tt=120812_bandext_3312_8&babsrc=HP_ss&mntrId=08262c03000000000000001cc0a94c4d",

-\\ Opera v11.60.1185.0

File : C:\Documents and Settings\peter smith\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [12311 octets] - [05/11/2012 09:39:30]

AdwCleaner[s1].txt - [349 octets] - [05/11/2012 09:42:46]

AdwCleaner[R2].txt - [11997 octets] - [05/11/2012 09:56:35]

########## EOF - C:\AdwCleaner[R2].txt - [12058 octets] ##########

RogueKiller V8.2.2 [11/03/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : peter smith [Admin rights]

Mode : Scan -- Date : 11/05/2012 09:29:33

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[TASK][sUSP PATH] NSSstub.job : C:\DOCUME~1\PETERS~1\LOCALS~1\Temp\{887A5008-70E1-4FC7-812F-9B0B772FF3CE}\nssstub.exe -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\windows\system32\drivers\etc\hosts

127.0.0.1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1001namen.com

127.0.0.1 1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 100sexlinks.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST31000333AS +++++

--- User ---

[MBR] ea784c8cab1d412493f0e8296eb075de

[bSP] 5810d739f7f69ddc51f4cc775ca8f251 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo

1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 976752000 | Size: 476929 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_11052012_02d0929.txt >>

RKreport[1]_S_11052012_02d0929.txt

Link to post
Share on other sites

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Link to post
Share on other sites

Hi and once again thank you for your time Gringo. I once again had hiccups. I have AVG 2012 and it is slightly different to the advice for disabling 2011. Never the less I tempory disabled AVG, after this was applied the next window had the time limit which I set to 15 minutes, the only check box in this window was disable firewall which I also checked and okayed, AVG showed all function icons in red. I then followed instructions and ran combofix and combo fix said AVG was still running real time protection??? I still ran combofix as I know I disabled AVG 2012, combofix after the scan rebooted and did over 40 stages, it then started to delete files in my personal settings etc and deleted folders and then just stopped. After one hour I had to make the decision to enable task manager as it was the only function I had to reboot the system. I have gone no further at this stage and once again I am unable to provide you with a log file. Currently I have noticed that the ethernet LED has stopped thrashing but the HD is still thrashing. I decided to be patient and await your next reply instead of trying with combo fix again. Cheers and thanks Pete

Link to post
Share on other sites

My apologies, I forgot to inform you that combofix did find a nasty that it said would be difficult to remove and also the browser diversions seem to have stopped, I am disappointed that this system would not let me to get to the combofix log stage. I also know that I have damaged files but I will not repair with xp cd or touch anything until your reply, cheers Pete

Link to post
Share on other sites

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.

  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo

Link to post
Share on other sites

Hi Gringo and thank you, your time is appreciated.

I followed your instructions re safe mode, but not without hiccups. In safe mode combofix still flagged me that AVG2012 real time shields were still active.

I ignored this as I did a barefoot safe mode boot. while running combofix I got flagged again :- pev-application error - Memory at 0x006f0072 could not be read while I was pondering this, combofix ran on again and continued to finish and the attached log was provided.

I then rebooted to normal and after breakfast I came back and the system had an AVG flag that it had detected a trojan the following is the AVG flag info:-

File name - c:\system volume information\_restore{34ea6b75-dfbf-4096-962b-86b79104cbda}\rp759\a0471039.sys

Threat Name - Trojan Horse Rootkit - Pakes.CD

Process Name - c:\windows\system32\svhost.exe

Process ID -1704

Cheers Pete

ComboFix 12-11-05.03 - Administrator 07/11/2012 9:37.2.4 - x86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3068.2740 [GMT 11:00]

Running from: c:\downloads\new\ComboFix.exe

AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Internet Security 2012 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\$NtUninstallKB28281$\2509306838

.

---- Previous Run -------

.

c:\documents and settings\All Users\Application Data\Herofy

c:\documents and settings\All Users\Application Data\Herofy\save.aps

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\peter smith\Application Data\.#

c:\documents and settings\peter smith\Application Data\inst.exe

c:\documents and settings\peter smith\Application Data\log.txt

c:\documents and settings\peter smith\Application Data\vso_ts_preview.xml

c:\documents and settings\peter smith\My Documents\~WRL3877.tmp

c:\windows\$NtUninstallKB28281$

c:\windows\$NtUninstallKB28281$\3496787477\@

c:\windows\$NtUninstallKB28281$\3496787477\Desktop.ini

c:\windows\$NtUninstallKB28281$\3496787477\L\00000004.@

c:\windows\$NtUninstallKB28281$\3496787477\L\201d3dde

c:\windows\$NtUninstallKB28281$\3496787477\L\vxpsorii

c:\windows\$NtUninstallKB28281$\3496787477\U\00000004.@

c:\windows\$NtUninstallKB28281$\3496787477\U\00000008.@

c:\windows\$NtUninstallKB28281$\3496787477\U\000000cb.@

c:\windows\$NtUninstallKB28281$\3496787477\U\80000000.@

c:\windows\$NtUninstallKB28281$\3496787477\U\80000032.@

c:\windows\desktop

c:\windows\desktop\185.85_desktop_winxp_32bit_english_whql.exe.FDPART

c:\windows\Downloaded Program Files\ODCTOOLS

c:\windows\Downloaded Program Files\ODCTOOLS\ef6b26db-344d-4ad3-ba24-aca0bdaa999a.cab

c:\windows\Downloaded Program Files\ODCTOOLS\f04d289f-c60a-422b-8396-6c372047042e.cab

c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\ST6UNST.000

c:\windows\system32\AutoRun.inf

c:\windows\system32\avgfwdx.dll

c:\windows\system32\ctfmon_D.exe

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\regtlib.exe

D:\install.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-10-06 to 2012-11-06 )))))))))))))))))))))))))))))))

.

.

2012-11-05 20:47 . 2008-04-14 12:00 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys

2012-11-05 20:47 . 2008-04-14 12:00 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys

2012-11-04 22:42 . 2012-11-04 22:42 161 ----a-w- c:\windows\DeleteOnReboot.bat

2012-11-03 04:37 . 2003-10-01 02:48 33280 ----a-w- c:\program files\Microsoft Games\Halo\trainer.exe

2012-11-03 04:18 . 2012-11-03 04:32 -------- d-----w- C:\Halo

2012-11-02 03:53 . 2012-11-02 03:53 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache

2012-11-01 10:30 . 2012-11-01 10:30 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache

2012-10-31 08:27 . 2012-11-03 22:01 -------- d-----w- C:\extract

2012-10-29 23:35 . 2012-11-01 10:25 -------- d-----w- c:\program files\Aveyond - Gates of Night

2012-10-27 00:10 . 2012-10-29 23:35 -------- d-----w- c:\documents and settings\peter smith\Application Data\Aveyond 3

2012-10-26 23:46 . 2012-10-26 23:46 441 ----a-w- c:\program files\2710201210460739.bat

2012-10-26 13:47 . 2012-10-26 13:47 -------- d-----w- c:\documents and settings\peter smith\Local Settings\Application Data\Buried In Time

2012-10-26 12:40 . 2012-10-26 12:40 -------- d-----w- c:\documents and settings\peter smith\Application Data\Mud Puddle Games

2012-10-23 12:56 . 2012-10-23 12:56 -------- d-----w- c:\program files\Common Files\Java

2012-10-23 12:56 . 2012-10-23 12:56 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-10-20 23:11 . 2012-10-20 23:11 -------- d-----w- c:\documents and settings\peter smith\Application Data\Oberon Media

2012-10-20 23:11 . 2012-10-20 23:11 -------- d-----w- c:\program files\Common Files\Oberon Media

2012-10-20 23:09 . 2012-10-20 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Oberon Media

2012-10-20 23:09 . 2012-10-27 00:09 -------- d-----w- c:\program files\Oberon Media

2012-10-20 23:09 . 2012-10-27 00:09 -------- d-----w- c:\program files\MSN Games

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-23 12:56 . 2012-02-24 02:22 821736 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-10-23 12:56 . 2011-09-21 07:55 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-10-23 12:56 . 2010-05-08 15:01 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-09-29 08:54 . 2010-04-04 08:47 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-28 15:14 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:14 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2012-08-28 15:14 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec

2012-08-24 13:53 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-08-24 05:43 . 2012-02-21 19:25 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2012-08-21 13:33 . 2008-04-14 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-21 12:58 . 2008-04-14 00:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-12-03 18:21 . 2011-08-27 05:16 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]

"VX3000"="c:\windows\vVX3000.exe" [2009-06-26 757248]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-11-05 570664]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-01 59240]

"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-03 25600]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]

"NBAgent"="c:\program files\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2012-01-13 1493288]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-30 2596984]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-03-07 13879192]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-02 252848]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\peter smith\Start Menu\Programs\Startup\

hpqtra08.exe [2008-3-25 214360]

MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2012-8-5 576000]

PowerReg Scheduler.exe [2012-8-5 256000]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLinkedConnections"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ComproRemote.lnk]

backup=c:\windows\pss\ComproRemote.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ComproSchedulerDTV.lnk]

backup=c:\windows\pss\ComproSchedulerDTV.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2012-10-17 01:29 1353080 ----a-w- c:\program files\Steam\steam.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 5:50 AM 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [31/01/2012 5:46 AM 31952]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/07/2010 2:06 PM 64288]

R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [18/04/2012 5:07 PM 56496]

R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [18/04/2012 5:07 PM 12464]

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2/02/2012 10:24 PM 14776]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [28/10/2009 11:02 PM 98392]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [22/02/2012 6:25 AM 237408]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [22/02/2012 6:25 AM 301920]

S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [13/06/2012 4:48 AM 2321560]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [13/08/2012 4:24 AM 5167736]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14/02/2012 5:53 AM 193288]

S2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [19/09/2011 3:58 PM 87368]

S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [3/11/2012 10:33 PM 399432]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/04/2010 7:47 PM 676936]

S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [7/12/2011 8:00 AM 214896]

S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [25/11/2011 5:32 PM 687400]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [26/06/2010 4:07 AM 35088]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/07/2012 2:28 PM 160944]

S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12/01/2012 8:52 PM 30944]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12/01/2012 8:52 PM 30944]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 2:32 PM 139856]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23/12/2011 2:32 PM 24144]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 2:32 PM 17232]

S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys --> c:\windows\system32\DRIVERS\motfilt.sys [?]

S3 ComproHID;VideoMate Root Enumerated Hid Device;c:\windows\system32\drivers\ComproHID.sys [22/05/2009 8:41 PM 7040]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [18/07/2009 11:58 AM 79360]

S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [4/06/2009 3:46 AM 171032]

S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [4/06/2009 3:46 AM 171032]

S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [4/06/2009 3:46 AM 1324056]

S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [4/06/2009 3:46 AM 1324056]

S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [4/06/2009 3:46 AM 72728]

S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [4/06/2009 3:46 AM 72728]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 10:09 PM 267568]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/04/2010 7:47 PM 22856]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]

S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys --> c:\windows\system32\DRIVERS\Motousbnet.sys [?]

S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys --> c:\windows\system32\DRIVERS\motusbdevice.sys [?]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [16/11/2009 10:22 AM 47360]

S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [21/08/2009 3:14 PM 36928]

S3 VMHybrid;VMHybrid service;c:\windows\system32\drivers\VMHybrid.sys [1/09/2008 3:05 AM 1060224]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-10-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 07:57]

.

2012-11-03 c:\windows\Tasks\Driver Robot.job

- c:\program files\Driver Robot\1.2.0.5\DriverRobot.exe [2009-12-20 06:29]

.

2012-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-25 04:12]

.

2012-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-25 04:12]

.

2012-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1708537768-1801674531-1003Core.job

- c:\documents and settings\peter smith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-12 15:32]

.

2012-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1708537768-1801674531-1003UA.job

- c:\documents and settings\peter smith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-12 15:32]

.

2009-10-24 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job

- c:\program files\Microsoft LifeCam\LifeExp.exe [2007-05-17 21:45]

.

2012-11-04 c:\windows\Tasks\MotoHelper MUM.job

- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]

.

2012-11-06 c:\windows\Tasks\MotoHelper Routing.job

- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]

.

2012-11-04 c:\windows\Tasks\MotoHelper Update.job

- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]

.

2012-11-06 c:\windows\Tasks\SmartDefrag_Startup.job

- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-04-03 03:26]

.

2012-11-06 c:\windows\Tasks\User_Feed_Synchronization-{FDA492B4-C921-4A9E-B111-88B14DFCFF35}.job

- c:\windows\system32\msfeedssync.exe [2009-03-07 17:31]

.

.

------- Supplementary Scan -------

.

IE: {{87989A8E-F587-43A4-9315-34A4E4F4B3F9}

TCP: DhcpNameServer = 10.0.0.138

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} - hxxp://games.bigfishgames.com/en_big-city-adventure-sydney-australia/online/JBGamePlayer.cab

FF - ProfilePath - c:\documents and settings\peter smith\Application Data\Mozilla\Firefox\Profiles\lhrewx53.default\

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: !HIDDEN! 2009-07-11 00:24; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-Coconut Queen - c:\program files\iWin\Coconut Queen\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-11-07 09:53

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CTxfiHlp = CTXFIHLP.EXE?

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2a,ad,8f,d6,8b,c3,82,4d,96,33,cd,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2a,ad,8f,d6,8b,c3,82,4d,96,33,cd,\

.

[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]

"value"="?\08\00\05\05,,?"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(1140)

c:\windows\system32\WININET.dll

c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf

c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

.

Completion time: 2012-11-07 09:58:33 - machine was rebooted

ComboFix-quarantined-files.txt 2012-11-06 22:58

.

Pre-Run: 97,934,557,184 bytes free

Post-Run: 97,891,307,520 bytes free

.

- - End Of File - - 232F7079BF2D8EB48DFE753FC81348FD

Link to post
Share on other sites

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Link to post
Share on other sites

Hi Gringo and thanks again for your attention.

System has been very quiet and is running good

Cheers Pete

02:06:58.0078 4836 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

02:07:00.0093 4836 ============================================================

02:07:00.0093 4836 Current date / time: 2012/11/08 02:07:00.0093

02:07:00.0093 4836 SystemInfo:

02:07:00.0093 4836

02:07:00.0093 4836 OS Version: 5.1.2600 ServicePack: 3.0

02:07:00.0093 4836 Product type: Workstation

02:07:00.0093 4836 ComputerName: PB1947

02:07:00.0093 4836 UserName: peter smith

02:07:00.0093 4836 Windows directory: C:\windows

02:07:00.0093 4836 System windows directory: C:\windows

02:07:00.0093 4836 Processor architecture: Intel x86

02:07:00.0093 4836 Number of processors: 4

02:07:00.0093 4836 Page size: 0x1000

02:07:00.0093 4836 Boot type: Normal boot

02:07:00.0093 4836 ============================================================

02:07:02.0796 4836 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

02:07:02.0812 4836 ============================================================

02:07:02.0812 4836 \Device\Harddisk0\DR0:

02:07:02.0828 4836 MBR partitions:

02:07:02.0828 4836 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41

02:07:02.0843 4836 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3A380DBF, BlocksNum 0x3A380D41

02:07:02.0843 4836 ============================================================

02:07:03.0187 4836 D: <-> \Device\Harddisk0\DR0\Partition2

02:07:03.0281 4836 C: <-> \Device\Harddisk0\DR0\Partition1

02:07:03.0281 4836 ============================================================

02:07:03.0281 4836 Initialize success

02:07:03.0281 4836 ============================================================

02:07:15.0328 3936 ============================================================

02:07:15.0328 3936 Scan started

02:07:15.0328 3936 Mode: Manual;

02:07:15.0328 3936 ============================================================

02:07:16.0671 3936 ================ Scan system memory ========================

02:07:16.0671 3936 System memory - ok

02:07:16.0671 3936 ================ Scan services =============================

02:07:16.0796 3936 [ C07D5197410AAB28D0D93F943F59656D ] 6to4 C:\windows\System32\6to4svc.dll

02:07:16.0796 3936 6to4 - ok

02:07:16.0812 3936 Abiosdsk - ok

02:07:16.0812 3936 abp480n5 - ok

02:07:16.0875 3936 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\windows\system32\DRIVERS\ACPI.sys

02:07:16.0875 3936 ACPI - ok

02:07:16.0921 3936 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\windows\system32\drivers\ACPIEC.sys

02:07:16.0921 3936 ACPIEC - ok

02:07:16.0921 3936 adpu160m - ok

02:07:16.0953 3936 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\windows\system32\drivers\aec.sys

02:07:16.0953 3936 aec - ok

02:07:16.0984 3936 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\windows\System32\drivers\afd.sys

02:07:16.0984 3936 AFD - ok

02:07:16.0984 3936 Aha154x - ok

02:07:16.0984 3936 aic78u2 - ok

02:07:17.0000 3936 aic78xx - ok

02:07:17.0031 3936 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\windows\system32\alrsvc.dll

02:07:17.0046 3936 Alerter - ok

02:07:17.0062 3936 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\windows\System32\alg.exe

02:07:17.0062 3936 ALG - ok

02:07:17.0078 3936 AliIde - ok

02:07:17.0078 3936 amsint - ok

02:07:17.0171 3936 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

02:07:17.0187 3936 Apple Mobile Device - ok

02:07:17.0203 3936 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\windows\System32\appmgmts.dll

02:07:17.0203 3936 AppMgmt - ok

02:07:17.0218 3936 asc - ok

02:07:17.0218 3936 asc3350p - ok

02:07:17.0218 3936 asc3550 - ok

02:07:17.0312 3936 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

02:07:17.0312 3936 aspnet_state - ok

02:07:17.0328 3936 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys

02:07:17.0328 3936 AsyncMac - ok

02:07:17.0343 3936 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\windows\system32\DRIVERS\atapi.sys

02:07:17.0343 3936 atapi - ok

02:07:17.0343 3936 Atdisk - ok

02:07:17.0390 3936 [ F0D933B42CD0594048E4D5200AE9E417 ] atksgt C:\windows\system32\DRIVERS\atksgt.sys

02:07:17.0390 3936 atksgt - ok

02:07:17.0421 3936 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\windows\system32\DRIVERS\atmarpc.sys

02:07:17.0421 3936 Atmarpc - ok

02:07:17.0437 3936 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\windows\System32\audiosrv.dll

02:07:17.0437 3936 AudioSrv - ok

02:07:17.0468 3936 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\windows\system32\DRIVERS\audstub.sys

02:07:17.0484 3936 audstub - ok

02:07:17.0515 3936 [ 8BE661C16FBF84A73BCEC84B6B4A9DB5 ] Avgfwdx C:\windows\system32\DRIVERS\avgfwdx.sys

02:07:17.0515 3936 Avgfwdx - ok

02:07:17.0515 3936 [ 8BE661C16FBF84A73BCEC84B6B4A9DB5 ] Avgfwfd C:\windows\system32\DRIVERS\avgfwdx.sys

02:07:17.0515 3936 Avgfwfd - ok

02:07:17.0593 3936 [ BD5D11CEDBCDE4FA97D2387E7069B1FF ] avgfws C:\Program Files\AVG\AVG2012\avgfws.exe

02:07:17.0609 3936 avgfws - ok

02:07:17.0718 3936 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files\AVG\AVG2012\avgidsagent.exe

02:07:17.0890 3936 AVGIDSAgent - ok

02:07:17.0921 3936 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\windows\system32\DRIVERS\avgidsdriverx.sys

02:07:17.0937 3936 AVGIDSDriver - ok

02:07:17.0937 3936 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\windows\system32\DRIVERS\avgidsfilterx.sys

02:07:17.0937 3936 AVGIDSFilter - ok

02:07:17.0953 3936 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\windows\system32\DRIVERS\avgidshx.sys

02:07:17.0953 3936 AVGIDSHX - ok

02:07:17.0953 3936 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\windows\system32\DRIVERS\avgidsshimx.sys

02:07:17.0968 3936 AVGIDSShim - ok

02:07:17.0984 3936 [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86 C:\windows\system32\DRIVERS\avgldx86.sys

02:07:17.0984 3936 Avgldx86 - ok

02:07:17.0984 3936 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\windows\system32\DRIVERS\avgmfx86.sys

02:07:17.0984 3936 Avgmfx86 - ok

02:07:18.0000 3936 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\windows\system32\DRIVERS\avgrkx86.sys

02:07:18.0000 3936 Avgrkx86 - ok

02:07:18.0015 3936 [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix C:\windows\system32\DRIVERS\avgtdix.sys

02:07:18.0015 3936 Avgtdix - ok

02:07:18.0031 3936 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe

02:07:18.0031 3936 avgwd - ok

02:07:18.0078 3936 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\windows\system32\drivers\Beep.sys

02:07:18.0078 3936 Beep - ok

02:07:18.0125 3936 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\windows\system32\qmgr.dll

02:07:18.0281 3936 BITS - ok

02:07:18.0343 3936 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

02:07:18.0343 3936 Bonjour Service - ok

02:07:18.0359 3936 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\windows\System32\browser.dll

02:07:18.0375 3936 Browser - ok

02:07:18.0375 3936 BTCFilterService - ok

02:07:18.0375 3936 catchme - ok

02:07:18.0406 3936 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\windows\system32\drivers\cbidf2k.sys

02:07:18.0406 3936 cbidf2k - ok

02:07:18.0421 3936 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\windows\system32\DRIVERS\CCDECODE.sys

02:07:18.0421 3936 CCDECODE - ok

02:07:18.0437 3936 cd20xrnt - ok

02:07:18.0437 3936 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\windows\system32\drivers\Cdaudio.sys

02:07:18.0437 3936 Cdaudio - ok

02:07:18.0453 3936 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\windows\system32\drivers\Cdfs.sys

02:07:18.0453 3936 Cdfs - ok

02:07:18.0531 3936 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\windows\system32\DRIVERS\cdrom.sys

02:07:18.0562 3936 Cdrom - ok

02:07:18.0562 3936 Changer - ok

02:07:18.0578 3936 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\windows\system32\cisvc.exe

02:07:18.0578 3936 CiSvc - ok

02:07:18.0609 3936 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\windows\system32\clipsrv.exe

02:07:18.0609 3936 ClipSrv - ok

02:07:18.0640 3936 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

02:07:18.0656 3936 clr_optimization_v2.0.50727_32 - ok

02:07:18.0671 3936 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

02:07:18.0734 3936 clr_optimization_v4.0.30319_32 - ok

02:07:18.0734 3936 CmdIde - ok

02:07:18.0765 3936 [ A70069CDAB2A033DACF4914F49542550 ] ComproHID C:\windows\system32\DRIVERS\ComproHID.sys

02:07:18.0765 3936 ComproHID - ok

02:07:18.0765 3936 COMSysApp - ok

02:07:18.0781 3936 Cpqarray - ok

02:07:18.0828 3936 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

02:07:18.0828 3936 Creative Audio Engine Licensing Service - ok

02:07:18.0859 3936 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\windows\system32\CTsvcCDA.exe

02:07:18.0859 3936 Creative Service for CDROM Access - ok

02:07:18.0875 3936 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\windows\System32\cryptsvc.dll

02:07:18.0875 3936 CryptSvc - ok

02:07:18.0921 3936 [ 134CDD242AF1AE9961F065FBA3508A7B ] CT20XUT C:\windows\system32\drivers\CT20XUT.SYS

02:07:18.0921 3936 CT20XUT - ok

02:07:18.0937 3936 [ 134CDD242AF1AE9961F065FBA3508A7B ] CT20XUT.SYS C:\windows\System32\drivers\CT20XUT.SYS

02:07:18.0937 3936 CT20XUT.SYS - ok

02:07:18.0984 3936 [ 93439BAF09CE3C6D4CE55DA5B07D1B6A ] ctac32k C:\windows\system32\drivers\ctac32k.sys

02:07:18.0984 3936 ctac32k - ok

02:07:19.0000 3936 [ 6AB74512F09D673452D63DDEC9014DB5 ] ctaud2k C:\windows\system32\drivers\ctaud2k.sys

02:07:19.0000 3936 ctaud2k - ok

02:07:19.0078 3936 [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files\Creative\Shared Files\CTAudSvc.exe

02:07:19.0093 3936 CTAudSvcService - ok

02:07:19.0125 3936 [ 788DB5D99B2CA44FF61D8ED7B3C67C2E ] ctdvda2k C:\windows\system32\drivers\ctdvda2k.sys

02:07:19.0140 3936 ctdvda2k - ok

02:07:19.0171 3936 [ 3A9AD039D94BE8D955AD0B2CB207378D ] CTEXFIFX C:\windows\system32\drivers\CTEXFIFX.SYS

02:07:19.0203 3936 CTEXFIFX - ok

02:07:19.0234 3936 [ 3A9AD039D94BE8D955AD0B2CB207378D ] CTEXFIFX.SYS C:\windows\System32\drivers\CTEXFIFX.SYS

02:07:19.0250 3936 CTEXFIFX.SYS - ok

02:07:19.0265 3936 [ 4602AD8C8E1B285E1A23A957F487DA86 ] CTHWIUT C:\windows\system32\drivers\CTHWIUT.SYS

02:07:19.0281 3936 CTHWIUT - ok

02:07:19.0281 3936 [ 4602AD8C8E1B285E1A23A957F487DA86 ] CTHWIUT.SYS C:\windows\System32\drivers\CTHWIUT.SYS

02:07:19.0281 3936 CTHWIUT.SYS - ok

02:07:19.0281 3936 [ D42B84671F2193330215D3C375A2E948 ] ctprxy2k C:\windows\system32\drivers\ctprxy2k.sys

02:07:19.0281 3936 ctprxy2k - ok

02:07:19.0328 3936 [ 974CFCBE3206367BEC1D527D9DADE998 ] ctsfm2k C:\windows\system32\drivers\ctsfm2k.sys

02:07:19.0328 3936 ctsfm2k - ok

02:07:19.0328 3936 dac2w2k - ok

02:07:19.0328 3936 dac960nt - ok

02:07:19.0390 3936 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\windows\system32\rpcss.dll

02:07:19.0406 3936 DcomLaunch - ok

02:07:19.0437 3936 [ 74C1305F6F784A725B0A40D693FF4A09 ] DeviceMonitorService C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe

02:07:19.0437 3936 DeviceMonitorService - ok

02:07:19.0453 3936 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\windows\System32\dhcpcsvc.dll

02:07:19.0453 3936 Dhcp - ok

02:07:19.0453 3936 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\windows\system32\DRIVERS\disk.sys

02:07:19.0453 3936 Disk - ok

02:07:19.0468 3936 dmadmin - ok

02:07:19.0500 3936 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\windows\system32\drivers\dmboot.sys

02:07:19.0515 3936 dmboot - ok

02:07:19.0531 3936 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\windows\system32\drivers\dmio.sys

02:07:19.0546 3936 dmio - ok

02:07:19.0562 3936 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\windows\system32\drivers\dmload.sys

02:07:19.0562 3936 dmload - ok

02:07:19.0562 3936 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\windows\System32\dmserver.dll

02:07:19.0562 3936 dmserver - ok

02:07:19.0593 3936 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\windows\system32\drivers\DMusic.sys

02:07:19.0593 3936 DMusic - ok

02:07:19.0609 3936 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\windows\System32\dnsrslvr.dll

02:07:19.0609 3936 Dnscache - ok

02:07:19.0625 3936 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\windows\System32\dot3svc.dll

02:07:19.0625 3936 Dot3svc - ok

02:07:19.0625 3936 dpti2o - ok

02:07:19.0640 3936 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\windows\system32\drivers\drmkaud.sys

02:07:19.0656 3936 drmkaud - ok

02:07:19.0656 3936 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\windows\System32\eapsvc.dll

02:07:19.0656 3936 EapHost - ok

02:07:19.0656 3936 [ 04AFE5C11777E33178EC11E1FAC47B07 ] emupia C:\windows\system32\drivers\emupia2k.sys

02:07:19.0671 3936 emupia - ok

02:07:19.0671 3936 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\windows\System32\ersvc.dll

02:07:19.0671 3936 ERSvc - ok

02:07:19.0703 3936 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\windows\system32\services.exe

02:07:19.0703 3936 Eventlog - ok

02:07:19.0718 3936 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll

02:07:19.0734 3936 EventSystem - ok

02:07:19.0750 3936 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\windows\system32\drivers\Fastfat.sys

02:07:19.0750 3936 Fastfat - ok

02:07:19.0781 3936 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\windows\System32\shsvcs.dll

02:07:19.0781 3936 FastUserSwitchingCompatibility - ok

02:07:19.0796 3936 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\windows\system32\DRIVERS\fdc.sys

02:07:19.0796 3936 Fdc - ok

02:07:19.0812 3936 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\windows\system32\drivers\Fips.sys

02:07:19.0812 3936 Fips - ok

02:07:19.0812 3936 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\windows\system32\drivers\Flpydisk.sys

02:07:19.0812 3936 Flpydisk - ok

02:07:19.0843 3936 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\windows\system32\drivers\fltmgr.sys

02:07:19.0843 3936 FltMgr - ok

02:07:19.0875 3936 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

02:07:19.0906 3936 FontCache3.0.0.0 - ok

02:07:19.0906 3936 [ E0087225B137E57239FF40F8AE82059B ] fssfltr C:\windows\system32\DRIVERS\fssfltr_tdi.sys

02:07:19.0921 3936 fssfltr - ok

02:07:20.0000 3936 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe

02:07:20.0015 3936 fsssvc - ok

02:07:20.0015 3936 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys

02:07:20.0015 3936 Fs_Rec - ok

02:07:20.0031 3936 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\windows\system32\DRIVERS\ftdisk.sys

02:07:20.0031 3936 Ftdisk - ok

02:07:20.0062 3936 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\windows\system32\Drivers\GEARAspiWDM.sys

02:07:20.0062 3936 GEARAspiWDM - ok

02:07:20.0078 3936 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\windows\system32\DRIVERS\msgpc.sys

02:07:20.0078 3936 Gpc - ok

02:07:20.0171 3936 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

02:07:20.0171 3936 gupdate - ok

02:07:20.0171 3936 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

02:07:20.0171 3936 gupdatem - ok

02:07:20.0234 3936 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

02:07:20.0234 3936 gusvc - ok

02:07:20.0312 3936 [ 41FCE1833D8F659ACC56CB0EE43B2CED ] ha20x2k C:\windows\system32\drivers\ha20x2k.sys

02:07:20.0328 3936 ha20x2k - ok

02:07:20.0343 3936 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys

02:07:20.0359 3936 HDAudBus - ok

02:07:20.0421 3936 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll

02:07:20.0421 3936 helpsvc - ok

02:07:20.0437 3936 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\windows\System32\hidserv.dll

02:07:20.0437 3936 HidServ - ok

02:07:20.0468 3936 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys

02:07:20.0468 3936 HidUsb - ok

02:07:20.0484 3936 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\windows\System32\kmsvc.dll

02:07:20.0484 3936 hkmsvc - ok

02:07:20.0484 3936 hpn - ok

02:07:20.0609 3936 [ E4E285A3766B4A57401FEEAF66CB07B5 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

02:07:20.0640 3936 hpqcxs08 - ok

02:07:20.0640 3936 [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

02:07:20.0640 3936 hpqddsvc - ok

02:07:20.0671 3936 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\windows\system32\DRIVERS\HPZid412.sys

02:07:20.0687 3936 HPZid412 - ok

02:07:20.0703 3936 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\windows\system32\DRIVERS\HPZipr12.sys

02:07:20.0703 3936 HPZipr12 - ok

02:07:20.0718 3936 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\windows\system32\DRIVERS\HPZius12.sys

02:07:20.0734 3936 HPZius12 - ok

02:07:20.0781 3936 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\windows\system32\Drivers\HTTP.sys

02:07:20.0781 3936 HTTP - ok

02:07:20.0812 3936 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\windows\System32\w3ssl.dll

02:07:20.0812 3936 HTTPFilter - ok

02:07:20.0812 3936 i2omgmt - ok

02:07:20.0828 3936 i2omp - ok

02:07:20.0875 3936 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys

02:07:20.0875 3936 i8042prt - ok

02:07:20.0953 3936 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

02:07:20.0953 3936 IDriverT - ok

02:07:21.0000 3936 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

02:07:21.0015 3936 idsvc - ok

02:07:21.0046 3936 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\windows\system32\DRIVERS\imapi.sys

02:07:21.0046 3936 Imapi - ok

02:07:21.0046 3936 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\windows\system32\imapi.exe

02:07:21.0062 3936 ImapiService - ok

02:07:21.0062 3936 ini910u - ok

02:07:21.0187 3936 [ 12A9DAFE2266B6FA6DDBCE1847347751 ] IntcAzAudAddService C:\windows\system32\drivers\RtkHDAud.sys

02:07:21.0281 3936 IntcAzAudAddService - ok

02:07:21.0281 3936 IntelIde - ok

02:07:21.0312 3936 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\windows\system32\DRIVERS\intelppm.sys

02:07:21.0312 3936 intelppm - ok

02:07:21.0328 3936 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\windows\system32\drivers\ip6fw.sys

02:07:21.0328 3936 Ip6Fw - ok

02:07:21.0359 3936 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys

02:07:21.0359 3936 IpFilterDriver - ok

02:07:21.0359 3936 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\windows\system32\DRIVERS\ipinip.sys

02:07:21.0359 3936 IpInIp - ok

02:07:21.0390 3936 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\windows\system32\DRIVERS\ipnat.sys

02:07:21.0390 3936 IpNat - ok

02:07:21.0421 3936 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

02:07:21.0437 3936 iPod Service - ok

02:07:21.0453 3936 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\windows\system32\DRIVERS\ipsec.sys

02:07:21.0468 3936 IPSec - ok

02:07:21.0500 3936 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\windows\system32\DRIVERS\irenum.sys

02:07:21.0515 3936 IRENUM - ok

02:07:21.0531 3936 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\windows\system32\DRIVERS\isapnp.sys

02:07:21.0531 3936 isapnp - ok

02:07:21.0609 3936 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe

02:07:21.0625 3936 JavaQuickStarterService - ok

02:07:21.0640 3936 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\windows\system32\DRIVERS\kbdclass.sys

02:07:21.0640 3936 Kbdclass - ok

02:07:21.0656 3936 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys

02:07:21.0656 3936 kbdhid - ok

02:07:21.0671 3936 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\windows\system32\drivers\kmixer.sys

02:07:21.0671 3936 kmixer - ok

02:07:21.0687 3936 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\windows\system32\drivers\KSecDD.sys

02:07:21.0703 3936 KSecDD - ok

02:07:21.0718 3936 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\windows\System32\srvsvc.dll

02:07:21.0718 3936 LanmanServer - ok

02:07:21.0765 3936 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\windows\System32\wkssvc.dll

02:07:21.0812 3936 lanmanworkstation - ok

02:07:21.0812 3936 Lavasoft Kernexplorer - ok

02:07:21.0828 3936 [ B7C19EC8B0DD7EFA58AD41FFEB8B8CDA ] Lbd C:\windows\system32\DRIVERS\Lbd.sys

02:07:21.0828 3936 Lbd - ok

02:07:21.0828 3936 lbrtfdc - ok

02:07:21.0875 3936 [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt C:\windows\system32\DRIVERS\lirsgt.sys

02:07:21.0875 3936 lirsgt - ok

02:07:21.0921 3936 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\windows\System32\lmhsvc.dll

02:07:21.0921 3936 LmHosts - ok

02:07:22.0000 3936 [ DDF15A42E27E8EFE27B18FD403151A86 ] MatSvc C:\Program Files\Microsoft Fix it Center\Matsvc.exe

02:07:22.0015 3936 MatSvc - ok

02:07:22.0031 3936 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\windows\system32\drivers\mbam.sys

02:07:22.0031 3936 MBAMProtector - ok

02:07:22.0093 3936 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

02:07:22.0093 3936 MBAMScheduler - ok

02:07:22.0125 3936 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

02:07:22.0140 3936 MBAMService - ok

02:07:22.0171 3936 [ 8FD868E32459ECE2A1BB0169F513D31E ] mcdbus C:\windows\system32\DRIVERS\mcdbus.sys

02:07:22.0171 3936 mcdbus - ok

02:07:22.0234 3936 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

02:07:22.0250 3936 MDM - ok

02:07:22.0265 3936 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\windows\System32\msgsvc.dll

02:07:22.0265 3936 Messenger - ok

02:07:22.0312 3936 Microsoft SharePoint Workspace Audit Service - ok

02:07:22.0343 3936 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\windows\system32\drivers\mnmdd.sys

02:07:22.0343 3936 mnmdd - ok

02:07:22.0375 3936 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

02:07:22.0375 3936 mnmsrvc - ok

02:07:22.0390 3936 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\windows\system32\drivers\Modem.sys

02:07:22.0406 3936 Modem - ok

02:07:22.0406 3936 motccgp - ok

02:07:22.0406 3936 motccgpfl - ok

02:07:22.0421 3936 motmodem - ok

02:07:22.0484 3936 [ 9DFD34E6841C460B5D992A1C5327AE69 ] MotoHelper C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe

02:07:22.0515 3936 MotoHelper - ok

02:07:22.0515 3936 MotoSwitchService - ok

02:07:22.0515 3936 Motousbnet - ok

02:07:22.0531 3936 motusbdevice - ok

02:07:22.0546 3936 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\windows\system32\DRIVERS\mouclass.sys

02:07:22.0562 3936 Mouclass - ok

02:07:22.0593 3936 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys

02:07:22.0593 3936 mouhid - ok

02:07:22.0609 3936 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\windows\system32\drivers\MountMgr.sys

02:07:22.0609 3936 MountMgr - ok

02:07:22.0625 3936 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\windows\system32\DRIVERS\MPE.sys

02:07:22.0625 3936 MPE - ok

02:07:22.0625 3936 mraid35x - ok

02:07:22.0656 3936 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\windows\system32\DRIVERS\mrxdav.sys

02:07:22.0656 3936 MRxDAV - ok

02:07:22.0671 3936 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\windows\system32\DRIVERS\mrxsmb.sys

02:07:22.0671 3936 MRxSmb - ok

02:07:22.0718 3936 [ 641199534871783DD74138FE0BCFDAE7 ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe

02:07:22.0734 3936 MSCamSvc - ok

02:07:22.0750 3936 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

02:07:22.0765 3936 MSDTC - ok

02:07:22.0781 3936 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\windows\system32\drivers\Msfs.sys

02:07:22.0781 3936 Msfs - ok

02:07:22.0781 3936 MSIServer - ok

02:07:22.0828 3936 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys

02:07:22.0828 3936 MSKSSRV - ok

02:07:22.0828 3936 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys

02:07:22.0828 3936 MSPCLOCK - ok

02:07:22.0843 3936 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\windows\system32\drivers\MSPQM.sys

02:07:22.0843 3936 MSPQM - ok

02:07:22.0890 3936 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys

02:07:22.0890 3936 mssmbios - ok

02:07:22.0906 3936 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\windows\system32\drivers\MSTEE.sys

02:07:22.0906 3936 MSTEE - ok

02:07:22.0921 3936 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\windows\system32\drivers\Mup.sys

02:07:22.0921 3936 Mup - ok

02:07:22.0937 3936 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\windows\system32\DRIVERS\NABTSFEC.sys

02:07:22.0937 3936 NABTSFEC - ok

02:07:22.0984 3936 [ 0102140028FAD045756796E1C685D695 ] napagent C:\windows\System32\qagentrt.dll

02:07:23.0000 3936 napagent - ok

02:07:23.0062 3936 [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe

02:07:23.0078 3936 NAUpdate - ok

02:07:23.0093 3936 [ 0AE25530894A934C6CA600865C6E9D7C ] NBVol C:\windows\system32\DRIVERS\NBVol.sys

02:07:23.0093 3936 NBVol - ok

02:07:23.0093 3936 [ 1DDCEF3039C9D90AF3529DEE6699967D ] NBVolUp C:\windows\system32\DRIVERS\NBVolUp.sys

02:07:23.0093 3936 NBVolUp - ok

02:07:23.0109 3936 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\windows\system32\drivers\NDIS.sys

02:07:23.0125 3936 NDIS - ok

02:07:23.0125 3936 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\windows\system32\DRIVERS\NdisIP.sys

02:07:23.0125 3936 NdisIP - ok

02:07:23.0140 3936 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys

02:07:23.0140 3936 NdisTapi - ok

02:07:23.0187 3936 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys

02:07:23.0187 3936 Ndisuio - ok

02:07:23.0187 3936 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys

02:07:23.0187 3936 NdisWan - ok

02:07:23.0203 3936 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\windows\system32\drivers\NDProxy.sys

02:07:23.0203 3936 NDProxy - ok

02:07:23.0281 3936 [ 78073F606AE3B24F6C1F555759AA8511 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

02:07:23.0312 3936 Nero BackItUp Scheduler 3 - ok

02:07:23.0343 3936 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll

02:07:23.0343 3936 Net Driver HPZ12 - ok

02:07:23.0343 3936 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys

02:07:23.0359 3936 NetBIOS - ok

02:07:23.0375 3936 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\windows\system32\DRIVERS\netbt.sys

02:07:23.0375 3936 NetBT - ok

02:07:23.0406 3936 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\windows\system32\netdde.exe

02:07:23.0406 3936 NetDDE - ok

02:07:23.0406 3936 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\windows\system32\netdde.exe

02:07:23.0406 3936 NetDDEdsdm - ok

02:07:23.0421 3936 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\windows\system32\lsass.exe

02:07:23.0437 3936 Netlogon - ok

02:07:23.0437 3936 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\windows\System32\netman.dll

02:07:23.0437 3936 Netman - ok

02:07:23.0468 3936 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

02:07:23.0500 3936 NetTcpPortSharing - ok

02:07:23.0546 3936 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\windows\System32\mswsock.dll

02:07:23.0546 3936 Nla - ok

02:07:23.0625 3936 [ 62F68443D244024845B875B44D76A92F ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

02:07:23.0640 3936 NMIndexingService - ok

02:07:23.0687 3936 [ 28E36E677849174C910FAAEAD3E60E9E ] nmwcd C:\windows\system32\drivers\ccdcmb.sys

02:07:23.0687 3936 nmwcd - ok

02:07:23.0687 3936 [ 3823DEB17F9F6775DE0187A98FA0536D ] nmwcdc C:\windows\system32\drivers\ccdcmbo.sys

02:07:23.0687 3936 nmwcdc - ok

02:07:23.0718 3936 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF C:\windows\system32\drivers\npf.sys

02:07:23.0734 3936 NPF - ok

02:07:23.0734 3936 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\windows\system32\drivers\Npfs.sys

02:07:23.0734 3936 Npfs - ok

02:07:23.0734 3936 npggsvc - ok

02:07:23.0765 3936 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\windows\system32\drivers\Ntfs.sys

02:07:23.0781 3936 Ntfs - ok

02:07:23.0781 3936 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\windows\system32\lsass.exe

02:07:23.0781 3936 NtLmSsp - ok

02:07:23.0812 3936 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\windows\system32\ntmssvc.dll

02:07:23.0812 3936 NtmsSvc - ok

02:07:23.0828 3936 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\windows\system32\drivers\Null.sys

02:07:23.0828 3936 Null - ok

02:07:24.0015 3936 [ 7D08E0BC44B14EC0FB144FF1DE05B724 ] nv C:\windows\system32\DRIVERS\nv4_mini.sys

02:07:24.0171 3936 nv - ok

02:07:24.0218 3936 [ 50ACB7253D1104E5917E15A0670D63D5 ] NVHDA C:\windows\system32\drivers\nvhda32.sys

02:07:24.0218 3936 NVHDA - ok

02:07:24.0265 3936 [ B3B259E5CF0B7BC98313F03A80975B04 ] NVSvc C:\windows\system32\nvsvc32.exe

02:07:24.0265 3936 NVSvc - ok

02:07:24.0375 3936 [ 844A25C9E3076EDEF2B12E0BEDED755D ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

02:07:24.0421 3936 nvUpdatusService - ok

02:07:24.0453 3936 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\windows\system32\DRIVERS\nwlnkflt.sys

02:07:24.0453 3936 NwlnkFlt - ok

02:07:24.0468 3936 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\windows\system32\DRIVERS\nwlnkfwd.sys

02:07:24.0468 3936 NwlnkFwd - ok

02:07:24.0515 3936 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

02:07:24.0515 3936 ose - ok

02:07:24.0671 3936 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

02:07:24.0734 3936 osppsvc - ok

02:07:24.0765 3936 [ 11B3328D84ED6C11BAF4F4F115459AB6 ] ossrv C:\windows\system32\drivers\ctoss2k.sys

02:07:24.0765 3936 ossrv - ok

02:07:24.0781 3936 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\windows\system32\DRIVERS\parport.sys

02:07:24.0781 3936 Parport - ok

02:07:24.0781 3936 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\windows\system32\drivers\PartMgr.sys

02:07:24.0781 3936 PartMgr - ok

02:07:24.0828 3936 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\windows\system32\drivers\ParVdm.sys

02:07:24.0828 3936 ParVdm - ok

02:07:24.0859 3936 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\windows\system32\DRIVERS\pccsmcfd.sys

02:07:24.0859 3936 pccsmcfd - ok

02:07:24.0875 3936 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\windows\system32\DRIVERS\pci.sys

02:07:24.0875 3936 PCI - ok

02:07:24.0875 3936 PCIDump - ok

02:07:24.0890 3936 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\windows\system32\DRIVERS\pciide.sys

02:07:24.0890 3936 PCIIde - ok

02:07:24.0921 3936 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\windows\system32\drivers\Pcmcia.sys

02:07:24.0937 3936 Pcmcia - ok

02:07:24.0953 3936 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\windows\system32\Drivers\pcouffin.sys

02:07:24.0968 3936 pcouffin - ok

02:07:24.0968 3936 PDCOMP - ok

02:07:24.0968 3936 PDFRAME - ok

02:07:24.0968 3936 PDRELI - ok

02:07:24.0984 3936 PDRFRAME - ok

02:07:25.0000 3936 perc2 - ok

02:07:25.0000 3936 perc2hib - ok

02:07:25.0062 3936 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\windows\system32\IoctlSvc.exe

02:07:25.0062 3936 PLFlash DeviceIoControl Service - ok

02:07:25.0078 3936 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\windows\system32\services.exe

02:07:25.0078 3936 PlugPlay - ok

02:07:25.0093 3936 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll

02:07:25.0093 3936 Pml Driver HPZ12 - ok

02:07:25.0125 3936 [ 3A2BDD76E7D2A5F40A7174793D1BA794 ] PnkBstrA C:\windows\system32\PnkBstrA.exe

02:07:25.0156 3936 PnkBstrA - ok

02:07:25.0187 3936 [ 27F1BE4A53441C9F1F48B9ADC145B0A5 ] PnkBstrB C:\windows\system32\PnkBstrB.exe

02:07:25.0187 3936 PnkBstrB - ok

02:07:25.0187 3936 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\windows\system32\lsass.exe

02:07:25.0187 3936 PolicyAgent - ok

02:07:25.0203 3936 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys

02:07:25.0203 3936 PptpMiniport - ok

02:07:25.0218 3936 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\windows\system32\lsass.exe

02:07:25.0218 3936 ProtectedStorage - ok

02:07:25.0218 3936 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\windows\system32\DRIVERS\psched.sys

02:07:25.0218 3936 PSched - ok

02:07:25.0656 3936 [ 0C234A4A2FBAB98E5E1BAFAF3E3E403A ] PsSdk41 C:\windows\system32\Drivers\pssdk41.sys

02:07:25.0656 3936 PsSdk41 - ok

02:07:25.0671 3936 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\windows\system32\DRIVERS\ptilink.sys

02:07:25.0671 3936 Ptilink - ok

02:07:25.0687 3936 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\windows\system32\Drivers\PxHelp20.sys

02:07:25.0687 3936 PxHelp20 - ok

02:07:25.0703 3936 ql1080 - ok

02:07:25.0703 3936 Ql10wnt - ok

02:07:25.0703 3936 ql12160 - ok

02:07:25.0718 3936 ql1240 - ok

02:07:25.0718 3936 ql1280 - ok

02:07:25.0750 3936 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys

02:07:25.0750 3936 RasAcd - ok

02:07:25.0781 3936 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\windows\System32\rasauto.dll

02:07:25.0781 3936 RasAuto - ok

02:07:25.0781 3936 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys

02:07:25.0781 3936 Rasl2tp - ok

02:07:25.0796 3936 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\windows\System32\rasmans.dll

02:07:25.0796 3936 RasMan - ok

02:07:25.0796 3936 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys

02:07:25.0796 3936 RasPppoe - ok

02:07:25.0796 3936 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\windows\system32\DRIVERS\raspti.sys

02:07:25.0796 3936 Raspti - ok

02:07:25.0812 3936 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\windows\system32\DRIVERS\rdbss.sys

02:07:25.0812 3936 Rdbss - ok

02:07:25.0828 3936 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys

02:07:25.0828 3936 RDPCDD - ok

02:07:25.0875 3936 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\windows\system32\DRIVERS\rdpdr.sys

02:07:25.0890 3936 rdpdr - ok

02:07:25.0906 3936 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\windows\system32\drivers\RDPWD.sys

02:07:25.0921 3936 RDPWD - ok

02:07:25.0921 3936 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

02:07:25.0921 3936 RDSessMgr - ok

02:07:25.0937 3936 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\windows\system32\DRIVERS\redbook.sys

02:07:25.0937 3936 redbook - ok

02:07:25.0968 3936 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\windows\System32\mprdim.dll

02:07:25.0984 3936 RemoteAccess - ok

02:07:26.0000 3936 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\windows\system32\regsvc.dll

02:07:26.0015 3936 RemoteRegistry - ok

02:07:26.0031 3936 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe

02:07:26.0031 3936 rpcapd - ok

02:07:26.0046 3936 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\windows\system32\locator.exe

02:07:26.0046 3936 RpcLocator - ok

02:07:26.0078 3936 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\windows\System32\rpcss.dll

02:07:26.0093 3936 RpcSs - ok

02:07:26.0125 3936 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\windows\system32\rsvp.exe

02:07:26.0125 3936 RSVP - ok

02:07:26.0156 3936 [ B52B25F41BF3511071A0E7D10D659C56 ] RTLE8023xp C:\windows\system32\DRIVERS\Rtenicxp.sys

02:07:26.0171 3936 RTLE8023xp - ok

02:07:26.0171 3936 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\windows\system32\lsass.exe

02:07:26.0171 3936 SamSs - ok

02:07:26.0218 3936 [ C1AE5D1F53285D79A0B73A62AF20734F ] SBRE C:\windows\system32\drivers\SBREdrv.sys

02:07:26.0218 3936 SBRE - ok

02:07:26.0234 3936 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\windows\System32\SCardSvr.exe

02:07:26.0234 3936 SCardSvr - ok

02:07:26.0265 3936 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\windows\system32\schedsvc.dll

02:07:26.0265 3936 Schedule - ok

02:07:26.0281 3936 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\windows\system32\DRIVERS\secdrv.sys

02:07:26.0281 3936 Secdrv - ok

02:07:26.0296 3936 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\windows\System32\seclogon.dll

02:07:26.0296 3936 seclogon - ok

02:07:26.0296 3936 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\windows\system32\sens.dll

02:07:26.0312 3936 SENS - ok

02:07:26.0328 3936 [ 6CE397C482BEDE91A38E56A8C4A0DC6D ] Ser2pl C:\windows\system32\DRIVERS\ser2pl.sys

02:07:26.0328 3936 Ser2pl - ok

02:07:26.0359 3936 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\windows\system32\DRIVERS\serenum.sys

02:07:26.0359 3936 serenum - ok

02:07:26.0359 3936 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\windows\system32\DRIVERS\serial.sys

02:07:26.0359 3936 Serial - ok

02:07:26.0453 3936 [ 5BF59C6BC737BAAF541168E5CB2EC1D9 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

02:07:26.0468 3936 ServiceLayer - ok

02:07:26.0484 3936 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\windows\system32\drivers\Sfloppy.sys

02:07:26.0484 3936 Sfloppy - ok

02:07:26.0546 3936 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\windows\System32\ipnathlp.dll

02:07:26.0562 3936 SharedAccess - ok

02:07:26.0578 3936 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\windows\System32\shsvcs.dll

02:07:26.0578 3936 ShellHWDetection - ok

02:07:26.0578 3936 Simbad - ok

02:07:26.0625 3936 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe

02:07:26.0625 3936 SkypeUpdate - ok

02:07:26.0656 3936 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\windows\system32\DRIVERS\SLIP.sys

02:07:26.0656 3936 SLIP - ok

02:07:26.0703 3936 [ 14BB60A4F1C5291217A05D5728C403E6 ] SmartDefragDriver C:\windows\system32\Drivers\SmartDefragDriver.sys

02:07:26.0703 3936 SmartDefragDriver - ok

02:07:26.0703 3936 Sparrow - ok

02:07:26.0750 3936 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\windows\system32\drivers\splitter.sys

02:07:26.0750 3936 splitter - ok

02:07:26.0765 3936 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\windows\system32\spoolsv.exe

02:07:26.0765 3936 Spooler - ok

02:07:26.0781 3936 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\windows\system32\DRIVERS\sr.sys

02:07:26.0781 3936 sr - ok

02:07:26.0812 3936 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\windows\system32\srsvc.dll

02:07:26.0812 3936 srservice - ok

02:07:26.0859 3936 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\windows\system32\DRIVERS\srv.sys

02:07:26.0859 3936 Srv - ok

02:07:26.0875 3936 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\windows\System32\ssdpsrv.dll

02:07:26.0875 3936 SSDPSRV - ok

02:07:26.0906 3936 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\windows\system32\wiaservc.dll

02:07:26.0906 3936 stisvc - ok

02:07:26.0921 3936 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\windows\system32\DRIVERS\StreamIP.sys

02:07:26.0921 3936 streamip - ok

02:07:26.0953 3936 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\windows\system32\DRIVERS\swenum.sys

02:07:26.0953 3936 swenum - ok

02:07:26.0968 3936 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\windows\system32\drivers\swmidi.sys

02:07:26.0968 3936 swmidi - ok

02:07:26.0968 3936 SwPrv - ok

02:07:26.0968 3936 symc810 - ok

02:07:27.0000 3936 symc8xx - ok

02:07:27.0000 3936 sym_hi - ok

02:07:27.0000 3936 sym_u3 - ok

02:07:27.0015 3936 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\windows\system32\drivers\sysaudio.sys

02:07:27.0015 3936 sysaudio - ok

02:07:27.0031 3936 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\windows\system32\smlogsvc.exe

02:07:27.0031 3936 SysmonLog - ok

02:07:27.0046 3936 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\windows\System32\tapisrv.dll

02:07:27.0046 3936 TapiSrv - ok

02:07:27.0078 3936 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\windows\system32\DRIVERS\tcpip.sys

02:07:27.0093 3936 Tcpip - ok

02:07:27.0109 3936 [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7 ] Tcpip6 C:\windows\system32\DRIVERS\tcpip6.sys

02:07:27.0109 3936 Tcpip6 - ok

02:07:27.0140 3936 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\windows\system32\drivers\TDPIPE.sys

02:07:27.0140 3936 TDPIPE - ok

02:07:27.0156 3936 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\windows\system32\drivers\TDTCP.sys

02:07:27.0156 3936 TDTCP - ok

02:07:27.0156 3936 [ 88155247177638048422893737429D9E ] TermDD C:\windows\system32\DRIVERS\termdd.sys

02:07:27.0156 3936 TermDD - ok

02:07:27.0187 3936 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\windows\System32\termsrv.dll

02:07:27.0187 3936 TermService - ok

02:07:27.0187 3936 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\windows\System32\shsvcs.dll

02:07:27.0187 3936 Themes - ok

02:07:27.0218 3936 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe

02:07:27.0218 3936 TlntSvr - ok

02:07:27.0218 3936 TosIde - ok

02:07:27.0250 3936 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\windows\system32\trkwks.dll

02:07:27.0250 3936 TrkWks - ok

02:07:27.0281 3936 [ 8F861EDA21C05857EB8197300A92501C ] tunmp C:\windows\system32\DRIVERS\tunmp.sys

02:07:27.0281 3936 tunmp - ok

02:07:27.0296 3936 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\windows\system32\drivers\Udfs.sys

02:07:27.0296 3936 Udfs - ok

02:07:27.0296 3936 ultra - ok

02:07:27.0328 3936 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\windows\system32\DRIVERS\update.sys

02:07:27.0343 3936 Update - ok

02:07:27.0359 3936 [ 325FB38C323C63C7F57885B4DFB1B91E ] UPHClean C:\Program Files\UPHClean\uphclean.exe

02:07:27.0359 3936 UPHClean - ok

02:07:27.0375 3936 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\windows\System32\upnphost.dll

02:07:27.0390 3936 upnphost - ok

02:07:27.0437 3936 [ B1B8BEE26227DAD9835019201552CB05 ] upperdev C:\windows\system32\DRIVERS\usbser_lowerflt.sys

02:07:27.0437 3936 upperdev - ok

02:07:27.0453 3936 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\windows\System32\ups.exe

02:07:27.0453 3936 UPS - ok

02:07:27.0453 3936 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\windows\system32\Drivers\usbaapl.sys

02:07:27.0468 3936 USBAAPL - ok

02:07:27.0484 3936 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\windows\system32\drivers\usbaudio.sys

02:07:27.0484 3936 usbaudio - ok

02:07:27.0515 3936 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys

02:07:27.0515 3936 usbccgp - ok

02:07:27.0546 3936 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\windows\system32\DRIVERS\usbehci.sys

02:07:27.0562 3936 usbehci - ok

02:07:27.0562 3936 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\windows\system32\DRIVERS\usbhub.sys

02:07:27.0562 3936 usbhub - ok

02:07:27.0562 3936 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys

02:07:27.0578 3936 usbprint - ok

02:07:27.0578 3936 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys

02:07:27.0578 3936 usbscan - ok

02:07:27.0625 3936 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\windows\system32\drivers\usbser.sys

02:07:27.0625 3936 usbser - ok

02:07:27.0625 3936 [ 98E1FF1D732C6C7200B6C59D4FF8C1C3 ] UsbserFilt C:\windows\system32\DRIVERS\usbser_lowerfltj.sys

02:07:27.0625 3936 UsbserFilt - ok

02:07:27.0671 3936 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS

02:07:27.0671 3936 USBSTOR - ok

02:07:27.0671 3936 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys

02:07:27.0671 3936 usbuhci - ok

02:07:27.0671 3936 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\windows\System32\drivers\vga.sys

02:07:27.0687 3936 VgaSave - ok

02:07:27.0687 3936 ViaIde - ok

02:07:27.0734 3936 [ 210235B818921866A0BC1ECA1BE07EDA ] VMHybrid C:\windows\system32\DRIVERS\VMHybrid.sys

02:07:27.0765 3936 VMHybrid - ok

02:07:27.0781 3936 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\windows\system32\drivers\VolSnap.sys

02:07:27.0781 3936 VolSnap - ok

02:07:27.0796 3936 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\windows\System32\vssvc.exe

02:07:27.0796 3936 VSS - ok

02:07:27.0859 3936 [ 42870675B4D84ACD81A9DA69B83F14C5 ] VX3000 C:\windows\system32\DRIVERS\VX3000.sys

02:07:27.0890 3936 VX3000 - ok

02:07:27.0953 3936 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\windows\system32\w32time.dll

02:07:27.0953 3936 W32Time - ok

02:07:27.0968 3936 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\windows\system32\DRIVERS\wanarp.sys

02:07:27.0968 3936 Wanarp - ok

02:07:27.0984 3936 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\windows\system32\Drivers\wdf01000.sys

02:07:28.0000 3936 Wdf01000 - ok

02:07:28.0000 3936 WDICA - ok

02:07:28.0031 3936 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\windows\system32\drivers\wdmaud.sys

02:07:28.0031 3936 wdmaud - ok

02:07:28.0046 3936 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\windows\System32\webclnt.dll

02:07:28.0046 3936 WebClient - ok

02:07:28.0125 3936 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\windows\system32\wbem\WMIsvc.dll

02:07:28.0125 3936 winmgmt - ok

02:07:28.0171 3936 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\windows\system32\WsmSvc.dll

02:07:28.0203 3936 WinRM - ok

02:07:28.0250 3936 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

02:07:28.0281 3936 wlidsvc - ok

02:07:28.0312 3936 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\windows\system32\MsPMSNSv.dll

02:07:28.0328 3936 WmdmPmSN - ok

02:07:28.0375 3936 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\windows\System32\advapi32.dll

02:07:28.0375 3936 Wmi - ok

02:07:28.0390 3936 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

02:07:28.0390 3936 WmiApSrv - ok

02:07:28.0437 3936 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe

02:07:28.0468 3936 WMPNetworkSvc - ok

02:07:28.0531 3936 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

02:07:28.0562 3936 WPFFontCache_v0400 - ok

02:07:28.0593 3936 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\windows\System32\drivers\ws2ifsl.sys

02:07:28.0609 3936 WS2IFSL - ok

02:07:28.0640 3936 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\windows\system32\wscsvc.dll

02:07:28.0640 3936 wscsvc - ok

02:07:28.0640 3936 WSearch - ok

02:07:28.0656 3936 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\windows\system32\DRIVERS\WSTCODEC.SYS

02:07:28.0656 3936 WSTCODEC - ok

02:07:28.0703 3936 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\windows\system32\wuauserv.dll

02:07:28.0718 3936 wuauserv - ok

02:07:28.0734 3936 [ 6FF66513D372D479EF1810223C8D20CE ] WudfPf C:\windows\system32\DRIVERS\WudfPf.sys

02:07:28.0750 3936 WudfPf - ok

02:07:28.0750 3936 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WudfRd C:\windows\system32\DRIVERS\wudfrd.sys

02:07:28.0750 3936 WudfRd - ok

02:07:28.0765 3936 [ 575A4190D989F64732119E4114045A4F ] WudfSvc C:\windows\System32\WUDFSvc.dll

02:07:28.0765 3936 WudfSvc - ok

02:07:28.0781 3936 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\windows\System32\wzcsvc.dll

02:07:28.0796 3936 WZCSVC - ok

02:07:28.0796 3936 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\windows\System32\xmlprov.dll

02:07:28.0812 3936 xmlprov - ok

02:07:28.0812 3936 ================ Scan global ===============================

02:07:28.0859 3936 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\windows\system32\basesrv.dll

02:07:28.0875 3936 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\windows\system32\winsrv.dll

02:07:28.0906 3936 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\windows\system32\winsrv.dll

02:07:28.0937 3936 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\windows\system32\services.exe

02:07:28.0937 3936 [Global] - ok

02:07:28.0937 3936 ================ Scan MBR ==================================

02:07:28.0953 3936 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0

02:07:29.0078 3936 \Device\Harddisk0\DR0 - ok

02:07:29.0078 3936 ================ Scan VBR ==================================

02:07:29.0093 3936 [ 262C7F1C2807B1CC91717751F15C91BB ] \Device\Harddisk0\DR0\Partition1

02:07:29.0093 3936 \Device\Harddisk0\DR0\Partition1 - ok

02:07:29.0109 3936 [ A9C19AA60E85E91C3C126C03A4AB0EB5 ] \Device\Harddisk0\DR0\Partition2

02:07:29.0109 3936 \Device\Harddisk0\DR0\Partition2 - ok

02:07:29.0109 3936 ============================================================

02:07:29.0109 3936 Scan finished

02:07:29.0109 3936 ============================================================

02:07:29.0125 0932 Detected object count: 0

02:07:29.0125 0932 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-11-08 02:18:27

-----------------------------

02:18:27.984 OS Version: Windows 5.1.2600 Service Pack 3

02:18:27.984 Number of processors: 4 586 0x1707

02:18:27.984 ComputerName: PB1947 UserName:

02:18:30.312 Initialize success

02:23:12.187 AVAST engine defs: 12110700

02:23:25.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5

02:23:25.515 Disk 0 Vendor: ST31000333AS CC1H Size: 953869MB BusType: 3

02:23:25.515 Disk 0 MBR read successfully

02:23:25.515 Disk 0 MBR scan

02:23:25.531 Disk 0 Windows XP default MBR code

02:23:25.531 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63

02:23:25.531 Disk 0 Partition - 00 0F Extended LBA 476929 MB offset 976752000

02:23:25.546 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476929 MB offset 976752063

02:23:25.562 Disk 0 scanning sectors +1953504000

02:23:25.640 Disk 0 scanning C:\windows\system32\drivers

02:23:36.265 Service scanning

02:23:53.515 Modules scanning

02:23:57.218 Disk 0 trace - called modules:

02:23:57.250 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

02:23:57.250 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b22aab8]

02:23:57.250 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000086[0x8b1c49e8]

02:23:57.250 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-5[0x8b238d98]

02:24:02.906 AVAST engine scan C:\windows

02:24:14.140 AVAST engine scan C:\windows\system32

02:27:30.718 AVAST engine scan C:\windows\system32\drivers

02:27:55.500 AVAST engine scan C:\Documents and Settings\peter smith

02:35:53.734 AVAST engine scan C:\Documents and Settings\All Users

02:39:17.671 Scan finished successfully

02:40:22.781 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\peter smith\Desktop\MBR.dat"

02:40:22.781 The log file has been saved successfully to "C:\Documents and Settings\peter smith\Desktop\aswMBR.txt"

Link to post
Share on other sites

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

 ClearJavaCache:: 

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  1. report from Combofix
  2. let me know of any problems you may have had
  3. How is the computer doing now after running the script?

Gringo

Link to post
Share on other sites

HI Gringo and thanks once again for your support. This went again with hiccups. The AVG real time scanners flag came up again, I ignored this flag and combofix did its own thing. A flag again came up pev application error, Also a file was deleted from my AVG privacy protection, this does not bother me as I have full registered version and will re-install later.

cheers Pete

ComboFix 12-11-06.03 - peter smith 08/11/2012 9:53.3.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3068.2237 [GMT 11:00]

Running from: c:\documents and settings\peter smith\Desktop\ComboFix.exe

AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Internet Security 2012 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

* Created a new restore point

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

.

.

((((((((((((((((((((((((( Files Created from 2012-10-07 to 2012-11-07 )))))))))))))))))))))))))))))))

.

.

2012-11-05 20:47 . 2008-04-14 12:00 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys

2012-11-05 20:47 . 2008-04-14 12:00 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys

2012-11-04 22:42 . 2012-11-04 22:42 161 ----a-w- c:\windows\DeleteOnReboot.bat

2012-11-03 04:37 . 2003-10-01 02:48 33280 ----a-w- c:\program files\Microsoft Games\Halo\trainer.exe

2012-11-03 04:18 . 2012-11-03 04:32 -------- d-----w- C:\Halo

2012-11-02 03:53 . 2012-11-02 03:53 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache

2012-11-01 10:30 . 2012-11-01 10:30 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache

2012-10-31 08:27 . 2012-11-03 22:01 -------- d-----w- C:\extract

2012-10-29 23:35 . 2012-11-01 10:25 -------- d-----w- c:\program files\Aveyond - Gates of Night

2012-10-27 00:10 . 2012-10-29 23:35 -------- d-----w- c:\documents and settings\peter smith\Application Data\Aveyond 3

2012-10-26 23:46 . 2012-10-26 23:46 441 ----a-w- c:\program files\2710201210460739.bat

2012-10-26 13:47 . 2012-10-26 13:47 -------- d-----w- c:\documents and settings\peter smith\Local Settings\Application Data\Buried In Time

2012-10-26 12:40 . 2012-10-26 12:40 -------- d-----w- c:\documents and settings\peter smith\Application Data\Mud Puddle Games

2012-10-23 12:56 . 2012-10-23 12:56 -------- d-----w- c:\program files\Common Files\Java

2012-10-23 12:56 . 2012-10-23 12:56 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-10-20 23:11 . 2012-10-20 23:11 -------- d-----w- c:\documents and settings\peter smith\Application Data\Oberon Media

2012-10-20 23:11 . 2012-10-20 23:11 -------- d-----w- c:\program files\Common Files\Oberon Media

2012-10-20 23:09 . 2012-10-20 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Oberon Media

2012-10-20 23:09 . 2012-10-27 00:09 -------- d-----w- c:\program files\Oberon Media

2012-10-20 23:09 . 2012-10-27 00:09 -------- d-----w- c:\program files\MSN Games

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-23 12:56 . 2012-02-24 02:22 821736 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-10-23 12:56 . 2011-09-21 07:55 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-10-23 12:56 . 2010-05-08 15:01 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-09-29 08:54 . 2010-04-04 08:47 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-28 15:14 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:14 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2012-08-28 15:14 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec

2012-08-24 13:53 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-08-24 05:43 . 2012-02-21 19:25 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2012-08-21 13:33 . 2008-04-14 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-21 12:58 . 2008-04-14 00:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-12-03 18:21 . 2011-08-27 05:16 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]

"VX3000"="c:\windows\vVX3000.exe" [2009-06-26 757248]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-11-05 570664]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-01 59240]

"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-03 25600]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]

"NBAgent"="c:\program files\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2012-01-13 1493288]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-30 2596984]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-03-07 13879192]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-02 252848]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\peter smith\Start Menu\Programs\Startup\

hpqtra08.exe [2008-3-25 214360]

MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2012-8-5 576000]

PowerReg Scheduler.exe [2012-8-5 256000]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLinkedConnections"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ComproRemote.lnk]

backup=c:\windows\pss\ComproRemote.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ComproSchedulerDTV.lnk]

backup=c:\windows\pss\ComproSchedulerDTV.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2012-10-17 01:29 1353080 ----a-w- c:\program files\Steam\steam.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead 2\\left4dead2.exe"=

"c:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead 2\\bin\\SDKLauncher.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 5:50 AM 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [31/01/2012 5:46 AM 31952]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/07/2010 2:06 PM 64288]

R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [18/04/2012 5:07 PM 56496]

R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [18/04/2012 5:07 PM 12464]

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2/02/2012 10:24 PM 14776]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [22/02/2012 6:25 AM 237408]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [22/02/2012 6:25 AM 301920]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [28/10/2009 11:02 PM 98392]

R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [13/06/2012 4:48 AM 2321560]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14/02/2012 5:53 AM 193288]

R2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [19/09/2011 3:58 PM 87368]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [3/11/2012 10:33 PM 399432]

R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [7/12/2011 8:00 AM 214896]

R2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [25/11/2011 5:32 PM 687400]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [26/06/2010 4:07 AM 35088]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12/01/2012 8:52 PM 30944]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 2:32 PM 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23/12/2011 2:32 PM 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 2:32 PM 17232]

R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [4/06/2009 3:46 AM 171032]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [4/06/2009 3:46 AM 1324056]

R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [4/06/2009 3:46 AM 72728]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/04/2010 7:47 PM 22856]

R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [16/11/2009 10:22 AM 47360]

R3 VMHybrid;VMHybrid service;c:\windows\system32\drivers\VMHybrid.sys [1/09/2008 3:05 AM 1060224]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [13/08/2012 4:24 AM 5167736]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/04/2010 7:47 PM 676936]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/07/2012 2:28 PM 160944]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12/01/2012 8:52 PM 30944]

S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys --> c:\windows\system32\DRIVERS\motfilt.sys [?]

S3 ComproHID;VideoMate Root Enumerated Hid Device;c:\windows\system32\drivers\ComproHID.sys [22/05/2009 8:41 PM 7040]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [18/07/2009 11:58 AM 79360]

S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [4/06/2009 3:46 AM 171032]

S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [4/06/2009 3:46 AM 1324056]

S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [4/06/2009 3:46 AM 72728]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 10:09 PM 267568]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]

S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys --> c:\windows\system32\DRIVERS\Motousbnet.sys [?]

S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys --> c:\windows\system32\DRIVERS\motusbdevice.sys [?]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [21/08/2009 3:14 PM 36928]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - uphcleanhlp

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-10-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 07:57]

.

2012-11-03 c:\windows\Tasks\Driver Robot.job

- c:\program files\Driver Robot\1.2.0.5\DriverRobot.exe [2009-12-20 06:29]

.

2012-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-25 04:12]

.

2012-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-25 04:12]

.

2012-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1708537768-1801674531-1003Core.job

- c:\documents and settings\peter smith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-12 15:32]

.

2012-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1708537768-1801674531-1003UA.job

- c:\documents and settings\peter smith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-12 15:32]

.

2009-10-24 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job

- c:\program files\Microsoft LifeCam\LifeExp.exe [2007-05-17 21:45]

.

2012-11-04 c:\windows\Tasks\MotoHelper MUM.job

- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]

.

2012-11-07 c:\windows\Tasks\MotoHelper Routing.job

- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]

.

2012-11-04 c:\windows\Tasks\MotoHelper Update.job

- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]

.

2012-11-07 c:\windows\Tasks\SmartDefrag_Startup.job

- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-04-03 03:26]

.

2012-11-07 c:\windows\Tasks\User_Feed_Synchronization-{FDA492B4-C921-4A9E-B111-88B14DFCFF35}.job

- c:\windows\system32\msfeedssync.exe [2009-03-07 17:31]

.

.

------- Supplementary Scan -------

.

ustart page = hxxp://go.bigpond.com/home/index.jsp

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local;192.168.*.*

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Download All By FlashGet3 - c:\documents and settings\peter smith\Application Data\FlashGetBHO\GetAllUrl.htm

IE: Download By FlashGet3 - c:\documents and settings\peter smith\Application Data\FlashGetBHO\GetUrl.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: {{87989A8E-F587-43A4-9315-34A4E4F4B3F9}

TCP: DhcpNameServer = 10.0.0.138

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} - hxxp://games.bigfishgames.com/en_big-city-adventure-sydney-australia/online/JBGamePlayer.cab

FF - ProfilePath - c:\documents and settings\peter smith\Application Data\Mozilla\Firefox\Profiles\lhrewx53.default\

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: !HIDDEN! 2009-07-11 00:24; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-11-08 10:04

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CTxfiHlp = CTXFIHLP.EXE?

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2a,ad,8f,d6,8b,c3,82,4d,96,33,cd,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2a,ad,8f,d6,8b,c3,82,4d,96,33,cd,\

.

[HKEY_USERS\S-1-5-21-1409082233-1708537768-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-1409082233-1708537768-1801674531-1003\Software\SecuROM\License information*]

"datasecu"=hex:f1,3c,38,84,87,bb,a7,a4,1c,62,51,97,01,ca,87,81,86,31,d3,f5,91,

2d,83,dc,48,58,1e,97,ca,d9,3d,ce,86,16,ab,21,c2,f6,a5,5b,0e,bb,39,cc,7d,b2,\

"rkeysecu"=hex:db,d3,f3,66,ca,d9,a8,34,d6,90,2e,e1,52,d1,8b,ab

.

[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]

"value"="?\08\00\05\05,,?"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(4648)

c:\windows\system32\WININET.dll

c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf

c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2012-11-08 10:06:32

ComboFix-quarantined-files.txt 2012-11-07 23:06

ComboFix2.txt 2012-11-06 22:58

.

Pre-Run: 97,621,241,856 bytes free

Post-Run: 97,584,295,936 bytes free

.

- - End Of File - - 2F238C528E203DE8AE4C8388573380A3

Link to post
Share on other sites

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

  • Programs to remove
    • Java™ 6 Update 29
      JavaFX 2.1.1
      Uniblue DriverScanner 2009
      Uniblue System Tweaker

  • Please download and install
Revo Uninstaller FreeDouble click Revo Uninstaller to run it.
From the list of programs double click on The Program to remove
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
when the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next
Once done click Finish.

.

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**

sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe

(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit

(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit

and select to run as administrator

"information and logs"

  • In your next post I need the following
  1. Log From MBAM
  2. report from Hijackthis
  3. let me know of any problems you may have had
  4. How is the computer doing now?

Gringo

Link to post
Share on other sites

Hi Gringo, Like the other day, I left system running while having breakfast and came back to find thisAVG flag :- Threat detected - c:\System Volume Information\_restore{34EA6B75-DFBF-4096-8BB79104CBDA}\A0471057.sys

Threat Name:- Trojan horse Rootkit-Pakes.CD

Process name :- C:\WINDOWS\system32\svchost.exe

Process ID:1724

This time I ignored the AVG action and will wait for your reply. Cheers Pete

Link to post
Share on other sites

<p> </p>

<div>

<div>Hi Gringo don't you sleep?? lol, thanks once again for your help</div>

<div>cheers Pete</div>

<div> </div>

<div>Malwarebytes Anti-Malware (PRO) 1.65.1.1000</div>

<div>www.malwarebytes.org</div>

<div> </div>

<div>Database version: v2012.11.07.10</div>

<div> </div>

<div>Windows XP Service Pack 3 x86 NTFS</div>

<div>Internet Explorer 8.0.6001.18702</div>

<div>peter smith :: PB1947 [administrator]</div>

<div> </div>

<div>Protection: Disabled</div>

<div> </div>

<div>8/11/2012 12:18:58 PM</div>

<div>mbam-log-2012-11-08 (12-18-58).txt</div>

<div> </div>

<div>Scan type: Quick scan</div>

<div>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM</div>

<div>Scan options disabled: P2P</div>

<div>Objects scanned: 262818</div>

<div>Time elapsed: 4 minute(s), 52 second(s)</div>

<div> </div>

<div>Memory Processes Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Memory Modules Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Registry Keys Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Registry Values Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Registry Data Items Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Folders Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Files Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>(end)</div>

<div> </div>

</div>

<div> </div>

<div>Logfile of Trend Micro HijackThis v2.0.4</div>

<div>Scan saved at 12:33:35 PM, on 8/11/2012</div>

<div>Platform: Windows XP SP3 (WinNT 5.01.2600)</div>

<div>MSIE: Internet Explorer v8.00 (8.00.6001.18702)</div>

<div>Boot mode: Normal</div>

<div> </div>

<div>Running processes:</div>

<div>C:\windows\System32\smss.exe</div>

<div>C:\windows\system32\winlogon.exe</div>

<div>C:\windows\system32\services.exe</div>

<div>C:\windows\system32\lsass.exe</div>

<div>C:\windows\system32\nvsvc32.exe</div>

<div>C:\windows\system32\svchost.exe</div>

<div>C:\windows\System32\svchost.exe</div>

<div>C:\windows\system32\svchost.exe</div>

<div>C:\windows\system32\spoolsv.exe</div>

<div>C:\Program Files\Creative\Shared Files\CTAudSvc.exe</div>

<div>C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe</div>

<div>C:\windows\Explorer.EXE</div>

<div>C:\windows\vVX3000.exe</div>

<div>C:\windows\system32\CTXFIHLP.EXE</div>

<div>C:\Program Files\AVG\AVG2012\avgtray.exe</div>

<div>C:\Program Files\iTunes\iTunesHelper.exe</div>

<div>C:\Program Files\Common Files\Java\Java Update\jusched.exe</div>

<div>C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe</div>

<div>C:\Program Files\Windows Desktop Search\WindowsSearch.exe</div>

<div>C:\Documents and Settings\peter smith\Start Menu\Programs\Startup\hpqtra08.exe</div>

<div>C:\Program Files\MagicDisc\MagicDisc.exe</div>

<div>C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</div>

<div>C:\Program Files\AVG\AVG2012\avgfws.exe</div>

<div>C:\Program Files\AVG\AVG2012\avgwdsvc.exe</div>

<div>C:\Program Files\Bonjour\mDNSResponder.exe</div>

<div>C:\windows\system32\CTsvcCDA.exe</div>

<div>C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe</div>

<div>C:\Program Files\AVG\AVG2012\avgnsx.exe</div>

<div>C:\Program Files\AVG\AVG2012\avgemcx.exe</div>

<div>C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe</div>

<div>C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE</div>

<div>C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe</div>

<div>C:\Program Files\Microsoft LifeCam\MSCamS32.exe</div>

<div>C:\Program Files\AVG\AVG2012\avgrsx.exe</div>

<div>C:\Program Files\Nero\Update\NASvc.exe</div>

<div>C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe</div>

<div>C:\Program Files\AVG\AVG2012\avgcsrvx.exe</div>

<div>C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe</div>

<div>C:\windows\System32\svchost.exe</div>

<div>C:\windows\system32\IoctlSvc.exe</div>

<div>C:\windows\System32\svchost.exe</div>

<div>C:\windows\system32\PnkBstrA.exe</div>

<div>C:\windows\system32\PnkBstrB.exe</div>

<div>C:\windows\system32\svchost.exe</div>

<div>C:\Program Files\UPHClean\uphclean.exe</div>

<div>C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE</div>

<div>C:\windows\system32\SearchIndexer.exe</div>

<div>C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe</div>

<div>C:\Program Files\AVG\AVG2012\avgidsagent.exe</div>

<div>C:\windows\system32\svchost.exe</div>

<div>C:\Program Files\iPod\bin\iPodService.exe</div>

<div>C:\windows\SYSTEM32\CTXFISPI.EXE</div>

<div>C:\windows\system32\svchost.exe</div>

<div>C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe</div>

<div>C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe</div>

<div>C:\Program Files\AVG\AVG2012\avgcsrvx.exe</div>

<div>C:\Documents and Settings\peter smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe</div>

<div>C:\Documents and Settings\peter smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe</div>

<div>C:\Documents and Settings\peter smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe</div>

<div>C:\Documents and Settings\peter smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe</div>

<div>C:\Documents and Settings\peter smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe</div>

<div>C:\Program Files\Java\jre7\bin\jqs.exe</div>

<div>C:\Documents and Settings\peter smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe</div>

<div>C:\Downloads\new\HijackThis.exe</div>

<div> </div>

<div>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.bigpond.com/home/index.jsp</div>

<div>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157</div>

<div>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896</div>

<div>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896</div>

<div>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157</div>

<div>R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;192.168.*.*</div>

<div>O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll</div>

<div>O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll</div>

<div>O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll</div>

<div>O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll</div>

<div>O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL</div>

<div>O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll</div>

<div>O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll</div>

<div>O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll</div>

<div>O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll</div>

<div>O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll</div>

<div>O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll</div>

<div>O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\peter smith\Application Data\FlashGetBHO\FlashGetBHO3.dll</div>

<div>O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL</div>

<div>O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll</div>

<div>O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll</div>

<div>O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"</div>

<div>O4 - HKLM\..\Run: [VX3000] C:\windows\vVX3000.exe</div>

<div>O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"</div>

<div>O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe</div>

<div>O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe</div>

<div>O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE</div>

<div>O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices</div>

<div>O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"</div>

<div>O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"</div>

<div>O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart</div>

<div>O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"</div>

<div>O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup</div>

<div>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime</div>

<div>O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"</div>

<div>O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"</div>

<div>O4 - HKUS\S-1-5-21-1409082233-1708537768-1801674531-1010\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')</div>

<div>O4 - HKUS\S-1-5-21-1409082233-1708537768-1801674531-1010\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User 'UpdatusUser')</div>

<div>O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')</div>

<div>O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')</div>

<div>O4 - Startup: hpqtra08.exe</div>

<div>O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe</div>

<div>O4 - Startup: PowerReg Scheduler.exe</div>

<div>O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe</div>

<div>O8 - Extra context menu item: Download All By FlashGet3 - C:\Documents and Settings\peter smith\Application Data\FlashGetBHO\GetAllUrl.htm</div>

<div>O8 - Extra context menu item: Download By FlashGet3 - C:\Documents and Settings\peter smith\Application Data\FlashGetBHO\GetUrl.htm</div>

<div>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000</div>

<div>O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html</div>

<div>O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105</div>

<div>O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll</div>

<div>O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll</div>

<div>O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll</div>

<div>O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll</div>

<div>O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll</div>

<div>O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll</div>

<div>O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll</div>

<div>O9 - Extra button: FreshDownload - {87989A8E-F587-43A4-9315-34A4E4F4B3F9} - C:\windows\system32\shdocvw.dll</div>

<div>O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll</div>

<div>O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll</div>

<div>O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe</div>

<div>O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe</div>

<div>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe</div>

<div>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe</div>

<div>O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB</div>

<div>O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab</div>

<div>O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx</div>

<div>O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab</div>

<div>O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab</div>

<div>O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243504952390</div>

<div>O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab</div>

<div>O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab</div>

<div>O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab</div>

<div>O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} (Jolly Bear Games Player) - http://games.bigfishgames.com/en_big-city-adventure-sydney-australia/online/JBGamePlayer.cab</div>

<div>O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx</div>

<div>O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - </div>

<div>O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab</div>

<div>O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab</div>

<div>O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab</div>

<div>O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll</div>

<div>O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll</div>

<div>O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL</div>

<div>O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL</div>

<div>O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll</div>

<div>O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll</div>

<div>O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</div>

<div>O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe</div>

<div>O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe</div>

<div>O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe</div>

<div>O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe</div>

<div>O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe</div>

<div>O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\windows\system32\CTsvcCDA.exe</div>

<div>O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe</div>

<div>O23 - Service: DeviceMonitorService - Nero AG - C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe</div>

<div>O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe</div>

<div>O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe</div>

<div>O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe</div>

<div>O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe</div>

<div>O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe</div>

<div>O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe</div>

<div>O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe</div>

<div>O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe</div>

<div>O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe</div>

<div>O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe</div>

<div>O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe</div>

<div>O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe</div>

<div>O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\windows\system32\GameMon.des.exe (file missing)</div>

<div>O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe</div>

<div>O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe</div>

<div>O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\windows\system32\IoctlSvc.exe</div>

<div>O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe</div>

<div>O23 - Service: PnkBstrB - Unknown owner - C:\windows\system32\PnkBstrB.exe</div>

<div>O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe</div>

<div>O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe</div>

<div>O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe</div>

<div>O23 - Service: User Profile Hive Cleanup (UPHClean) - Windows ® Codename Longhorn DDK provider - C:\Program Files\UPHClean\uphclean.exe</div>

<div> </div>

<div>--</div>

<div>End of file - 17161 bytes</div>

<div> </div>

Link to post
Share on other sites

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional

These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):


    • O4 - HKLM\..\Run: [VX3000] C:\windows\vVX3000.exe
      O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
      O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKUS\S-1-5-21-1409082233-1708537768-1801674531-1010\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User 'UpdatusUser')
      O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
      O4 - Startup: PowerReg Scheduler.exe
      O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

    [*] Close all open windows and browsers/email, etc...

    [*] Click on the "Fix Checked" button

    [*] When completed, close the application.

    • NOTE**You can research each of those lines
    >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]

NOTE**

sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe

(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit

(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit

and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start

    [*]When asked, allow the add/on to be installed

    • Click Start

    [*]Make sure that the option Remove found threats is unticked

    [*]Click on Advanced Settings, ensure the options

    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

    [*]Click Scan

    [*]wait for the virus definitions to be downloaded

    [*]Wait for the scan to finish

When the scan is complete

  • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found

  • If threats were found
    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    • close program
    • copy and paste the report here

Gringo

Link to post
Share on other sites

Whew, Hi and thanks again Gringo, This took over 6 hours to get to this report, after 3 hours of scanning eset crashed due to a thunderstorm and a micro power out. Did it all again and here it is. Sure hope there are some false positives amongst all this in the attached report :(

cheers Pete

C:\Documents and Settings\peter smith\My Documents\Downloads\Angry_Birds_-_2011_-_PC_-_Cracked.exe Win32/Adware.1ClickDownload.G application

C:\Documents and Settings\peter smith\My Documents\Downloads\cnet_wrar401_exe.exe a variant of Win32/InstallCore.D application

C:\Documents and Settings\peter smith\My Documents\Downloads\Nazis.at.the.Center.of.the.Earth.2012.BRRip.XviD.Ac3.exe Win32/Adware.1ClickDownload.B application

C:\Documents and Settings\peter smith\My Documents\Downloads\sd-setup (1).exe a variant of Win32/ELEX application

C:\Documents and Settings\peter smith\My Documents\Downloads\sd-setup.exe a variant of Win32/ELEX application

C:\Downloads\new\cbsidlm-tr1_7-Aveyond_Gates_of_Night-SEO2-10976663.exe Win32/DownloadAdmin.D application

C:\Downloads\new\software\defragsetup.exe a variant of Win32/Toolbar.Widgi application

C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\cdrom.sys.vir Win32/Sirefef.DA trojan

C:\System Volume Information\_restore{34EA6B75-DFBF-4096-926B-8BB79104CBDA}\RP740\A0465244.exe probably a variant of Win32/Toolbar.Babylon application

C:\System Volume Information\_restore{34EA6B75-DFBF-4096-926B-8BB79104CBDA}\RP740\A0465248.dll a variant of Win32/Toolbar.Babylon application

C:\System Volume Information\_restore{34EA6B75-DFBF-4096-926B-8BB79104CBDA}\RP759\A0470813.exe a variant of Win32/SweetIM.B application

C:\System Volume Information\_restore{34EA6B75-DFBF-4096-926B-8BB79104CBDA}\RP759\A0471057.sys Win32/Sirefef.DA trojan

C:\System Volume Information\_restore{34EA6B75-DFBF-4096-926B-8BB79104CBDA}\RP759\A0471141.sys Win32/Sirefef.DA trojan

C:\System Volume Information\_restore{34EA6B75-DFBF-4096-926B-8BB79104CBDA}\RP759\A0471189.sys Win32/Sirefef.DA trojan

C:\System Volume Information\_restore{34EA6B75-DFBF-4096-926B-8BB79104CBDA}\RP760\A0471262.sys Win32/Sirefef.DA trojan

Link to post
Share on other sites

Hello

Most of what it found was in system restore and the rest are some minor things in your online scan that should be removed.

delete files

  • Copy all text in the quote box (below)...to Notepad.
    @echo off
    del /f /s /q "C:\Documents and Settings\peter smith\My Documents\Downloads\Angry_Birds_-_2011_-_PC_-_Cracked.exe"
    del /f /s /q "C:\Documents and Settings\peter smith\My Documents\Downloads\cnet_wrar401_exe.exe"
    del /f /s /q "C:\Documents and Settings\peter smith\My Documents\Downloads\Nazis.at.the.Center.of.the.Earth.2012.BRRip.XviD.Ac3.exe"
    del /f /s /q "C:\Documents and Settings\peter smith\My Documents\Downloads\sd-setup (1).exe"
    del /f /s /q "C:\Documents and Settings\peter smith\My Documents\Downloads\sd-setup.exe"
    del /f /s /q "C:\Downloads\new\cbsidlm-tr1_7-Aveyond_Gates_of_Night-SEO2-10976663.exe"
    del /f /s /q "C:\Downloads\new\software\defragsetup.exe"
    del %0
  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: batfileicon.gif<--XPvista_bat_icon.png<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.

:Why we need to remove some of our tools:

  • Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
    They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.
    The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
    • The application window will appear
    • Click the Re-enable button to re-enable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK.

Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • CF-Uninstall.png

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.

  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls
CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner
Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)
    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety
Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Gringo

Link to post
Share on other sites

Hi and thanks Gringo, It has been a long haul but worth it, the things I have gained out of our session is familiarity and complacency can be a thing to be very wary of when using computers/internet. One tends to take for granted that because one researches and pays top dollar that they have the best virus protection. In the past I have used fully registered versions of Norton,Macafee,NOD eset, Kaspersky and currently AVG2012, not to mention countless anti spyware/malware programs such as Spybot, no-adaware and countless others.

Three years ago I had bad Infections and I was that impressed with MBAM (MalewareBytes) that I brought the pro registration, and once again this program has proved its worth. This program seems to pick up the viruses/malwares first then the resident programs as mentioned above seem to wake and say "hey we have viruses" after MBAM does the hard yards

I am definitely interested in your recommendations for protection and with this alone you have shown me that I can protect my systems for very little expense. It was MalwareBytes that first alerted me to my infections not my resident anti virus program and as far as I am concerned It has been useless as teats on a bull in respect to my recent infections. But having said that I can see that they have their uses and each in different ways to others as far as protection is concerned.

I have also chatted with the younger generation that uses this system, but in all fairness it is hard to chastise them for what I would have done at their age. I think the only way to get around this is separate systems and let them fix their own, and having said that I too am guilty of breaching the protocol of avoiding infections.

I cannot express my gratitude enough to you for your work in guiding me to rid my system of the infections and crap, and a lot of that I didn't realise I had.

many THANKS Gringo for resolving my problems, cheers Pete

ps my next move is a very worthy donation to the cause

Link to post
Share on other sites

Hello Pete

That was very nice and I thank you very much, with kids it is very hard to keep things in line as I have to boys of my own, While we can try to protect them online with programs they will find a way to get around it - education can go very far here as I find it is the best way - some of the links I have listed will help in that department

gringo

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.