Jump to content

email hack - msnbc nbcnews9


girlelec
 Share

Recommended Posts

My computer started misbehaving after opening a link from a friend's hacked email account. I received an email with my name in the subject line and what a link to what appeared to be a news article. Losing the desktop wallpaper photo was my first indication. Trouble accessing certain anti-virus sites seems to be another symptom. The questionable site is msnbc.msn.com-nbcnews9.net/jobs It seems to be an ad for a work-from-home scam disguised as a article about the best & worst jobs. None of the anti-virus/anti-malware software I have seems to have any information on this, but it appears the site was only created 5 days ago.

I have run dds.com on my computer, but currently I am unable to sign on to this forum on that computer. Can I put the files (DDS.txt and Attach.txt) on a thumbdrive to move to another computer or do I risk infecting that computer as well?

Link to post
Share on other sites

It looks like I am no longer able to update MBAM. My last update was 11/21/12. A full scan at that point had nothing detected, but I ran a quick scan again with that version.

MBAM log

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.22.01

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Jess :: JESSICA700M [administrator]

11/23/2012 10:28:03 AM

mbam-log-2012-11-23 (10-28-03).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 195956

Time elapsed: 9 minute(s), 22 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702

Run by Jess at 23:10:19 on 2012-11-22

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1262.401 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ================

.

\??\C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

\??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\S24EvMon.exe

C:\WINDOWS\system32\ZCfgSvc.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\1XConfig.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Documents and Settings\Jess\Local Settings\Application Data\Akamai\netsession_win.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Jess\Local Settings\Application Data\Akamai\netsession_win.exe

C:\Documents and Settings\Jess\Application Data\Dropbox\bin\Dropbox.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\RegSrvc.exe

C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe

C:\Program Files\AVG\AVG2012\avgemcx.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe

C:\Program Files\AVG\AVG2012\avgidsagent.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\notepad.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxps://isearch.avg.com/?cid={E74EDDFE-758D-4E95-8608-AF6E40959D9E}&mid=3b0b2e00938547d085a526531fe9b5d6-f54db5c9b71f6d133d90889d918be46c29a3e7a7〈=en&ds=AVG&pr=fr&d=2012-06-27 22:04:12&v=12.2.5.32&sap=hp

uInternet Connection Wizard,ShellNext = hxxp://www.drivermax.com/index2.htm

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll

BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\12.2.5.32\AVG Secure Search_toolbar.dll

TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>

TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\12.2.5.32\AVG Secure Search_toolbar.dll

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

uRun: [Akamai NetSession Interface] "c:\documents and settings\jess\local settings\application data\akamai\netsession_win.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [WorksFUD] c:\program files\microsoft works\wkfud.exe

mRun: [Microsoft Works Portfolio] c:\program files\microsoft works\WksSb.exe /AllUsers

mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe

mRun: [ZCfgSvc.exe] c:\windows\system32\ZCfgSvc.exe

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [ROC_ROC_JULY_P1] "c:\program files\avg secure search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1

mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k

StartupFolder: c:\docume~1\jess\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\jess\application data\dropbox\bin\Dropbox.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office10\OSA.EXE

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{253B1A57-04A1-4DAE-B49C-F17A10CC0988} : DHCPNameServer = 192.168.1.1

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.2.6\ViProtocol.dll

Notify: igfxcui - igfxdev.dll

Notify: Sebring - c:\windows\system32\LgNotify.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\jess\application data\mozilla\firefox\profiles\x3tcajz3.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxps://accounts.google.com/ServiceLogin?continue=http://www.google.com/ig%3Fhl%3Den&followup=http://www.google.com/ig%3Fhl%3Den&service=ig&passive=true&cd=US&hl=en&nui=1&ltmpl=default

FF - prefs.js: keyword.URL - hxxp://www.goodsearch.com/search.aspx?toolbarcharity=___toolbarcharity___&id=goodsearchtb&v=2_0&keywords=

FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\13.2.0\npsitesafety.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 237408]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301920]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-3 26984]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-8-13 5167736]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]

R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2011-6-1 14088]

R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\13.2.0\ToolbarUpdater.exe [2012-11-8 711112]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-11-21 40776]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

2012-11-08 18:24:19 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-10-09 21:44:24 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-09 21:44:23 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll

2012-09-29 23:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:14:53 43520 ------w- c:\windows\system32\licmgr10.dll

2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec

.

============= FINISH: 23:11:04.90 ===============

Attach.txt

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 5/14/2012 12:28:46 AM

System Uptime: 11/20/2012 1:48:47 PM (58 hours ago)

.

Motherboard: DELL SYSTEM | | Inspiron 700m

Processor: Intel® Pentium® M processor 1.60GHz | U1 | 1195/mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 56 GiB total, 9.348 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP88: 8/28/2012 8:58:03 PM - System Checkpoint

RP89: 8/30/2012 7:08:56 PM - System Checkpoint

RP90: 9/2/2012 3:44:02 PM - System Checkpoint

RP91: 9/6/2012 10:59:45 PM - System Checkpoint

RP92: 9/9/2012 12:05:09 PM - System Checkpoint

RP93: 9/10/2012 3:26:56 PM - System Checkpoint

RP94: 9/11/2012 9:45:23 PM - System Checkpoint

RP95: 9/11/2012 11:31:44 PM - Software Distribution Service 3.0

RP96: 9/15/2012 8:19:27 PM - System Checkpoint

RP97: 9/20/2012 6:53:09 PM - System Checkpoint

RP98: 9/22/2012 7:47:09 PM - Software Distribution Service 3.0

RP99: 9/23/2012 7:57:37 PM - System Checkpoint

RP100: 9/24/2012 8:51:49 PM - System Checkpoint

RP101: 9/25/2012 11:19:48 PM - System Checkpoint

RP102: 10/2/2012 12:44:06 AM - System Checkpoint

RP103: 10/3/2012 8:46:44 PM - System Checkpoint

RP104: 10/4/2012 11:26:11 PM - System Checkpoint

RP105: 10/6/2012 2:08:09 PM - System Checkpoint

RP106: 10/8/2012 8:48:25 PM - System Checkpoint

RP107: 10/9/2012 9:25:20 PM - System Checkpoint

RP108: 10/9/2012 10:51:03 PM - Software Distribution Service 3.0

RP109: 10/12/2012 5:58:16 PM - System Checkpoint

RP110: 10/19/2012 8:40:02 PM - System Checkpoint

RP111: 10/20/2012 8:42:43 PM - System Checkpoint

RP112: 10/21/2012 9:21:47 PM - System Checkpoint

RP113: 10/23/2012 1:48:25 PM - System Checkpoint

RP114: 10/24/2012 3:05:19 PM - System Checkpoint

RP115: 10/25/2012 4:11:34 PM - System Checkpoint

RP116: 10/26/2012 4:45:51 PM - System Checkpoint

RP117: 10/27/2012 10:27:38 PM - System Checkpoint

RP118: 10/31/2012 4:59:19 PM - System Checkpoint

RP119: 11/1/2012 7:07:03 PM - System Checkpoint

RP120: 11/4/2012 4:23:12 PM - System Checkpoint

RP121: 11/6/2012 2:48:52 PM - System Checkpoint

RP122: 11/7/2012 4:33:37 PM - System Checkpoint

RP123: 11/8/2012 8:59:26 PM - System Checkpoint

RP124: 11/9/2012 9:53:05 PM - System Checkpoint

RP125: 11/10/2012 10:22:40 PM - System Checkpoint

RP126: 11/12/2012 6:01:27 PM - System Checkpoint

RP127: 11/13/2012 6:33:53 PM - System Checkpoint

RP128: 11/14/2012 12:02:18 PM - Software Distribution Service 3.0

RP129: 11/15/2012 12:24:44 PM - System Checkpoint

RP130: 11/17/2012 5:00:56 PM - System Checkpoint

RP131: 11/18/2012 8:50:52 PM - System Checkpoint

RP132: 11/20/2012 5:17:18 PM - System Checkpoint

RP133: 11/21/2012 11:34:50 AM - Removed Shutterfly Express Uploader

RP134: 11/21/2012 11:37:23 AM - Removed Google SketchUp 8

RP135: 11/22/2012 12:03:38 PM - System Checkpoint

.

==== Installed Programs ======================

.

7200

7200_Help

7200Trb

Adobe AIR

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4)

AiO_Scan

AiOSoftware

Akamai NetSession Interface

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AVG 2012

Bonjour

Broadcom 440x 10/100 Integrated Controller

Broadcom Management Programs

BufferChm

C-Major Audio

Conexant D480 MDC V.92 Modem

Crash Analysis Tool

Dell Wireless WLAN Card

Destinations

Digital Line Detect

Director

Dropbox

Family Tree Maker 2005

Fax

Hewlett-Packard ACLM.NET v1.1.0.0

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB981793)

HP Image Zone 4.7

HP Image Zone Express

HP Product Assistant

HP Product Detection

HP PSC & OfficeJet 4.7

HP Update

HPSystemDiagnostics

Intel® Extreme Graphics 2 Driver

Intel® PROSet

iSEEK AnswerWorks English Runtime

iTunes

Malwarebytes Anti-Malware version 1.65.1.1000

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Word 2002

Microsoft Works 2002 Setup Launcher

Microsoft Works 6.0

Modem Helper

Mozilla Firefox 16.0.2 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB973686)

OpenOffice.org 3.4

Palm Desktop by ACCESS

Photobook Designer

Picasa 3

ProductContext

QFolder

Quicken 2012

QuickTime

Readme

Scan

ScannerCopy

Seagate Dashboard

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544521)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2675157)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2761226)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982381)

Security Update for Windows XP (KB982665)

Skype™ 5.10

Texas Instruments PCIxx20 drivers.

TIPCIxx20

TrayApp

Unload

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

WebFldrs XP

WebReg

Windows Genuine Advantage Notifications (KB905474)

Windows Imaging Component

Windows Internet Explorer 8

Windows XP Service Pack 3

WinRAR 4.11 (32-bit)

Works Suite OS Pack

Works Synchronization

.

==== Event Viewer Messages From Past Week ========

.

11/21/2012 3:58:40 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.54.131 with the system having network hardware address BC:52:B7:58:34:DE. Network operations on this system may be disrupted as a result.

11/18/2012 2:13:29 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{F80A5669-AAFF-4B76-940C-3A42475B1E80} because another computer on the network has the same name. The server could not start.

11/17/2012 8:14:32 PM, error: Dhcp [1002] - The IP address lease 192.168.54.155 for the Network Card with network address 000F1FAF4311 has been denied by the DHCP server 192.168.54.1 (The DHCP Server sent a DHCPNACK message).

11/17/2012 2:22:23 PM, error: PSched [14103] - QoS [Adapter {253B1A57-04A1-4DAE-B49C-F17A10CC0988}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.

11/17/2012 2:14:27 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

11/15/2012 8:08:33 PM, error: Dhcp [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 000CF14D6185 has been denied by the DHCP server 192.168.54.1 (The DHCP Server sent a DHCPNACK message).

.

==== End Of File ===========================

Link to post
Share on other sites

  • Staff

Hi,

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

If after ComboFix reboots you get a message about an "Invalid Option Registry Key Marked for Deletion," please reboot again and the error will go away.

-screen317

Link to post
Share on other sites

Thanks. Should I post the attach.txt file again too?

ComboFix 12-11-28.02 - Jess 11/28/2012 11:11:24.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1262.499 [GMT -5:00]

Running from: c:\documents and settings\Jess\My Documents\Downloads\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\autorun.inf

C:\Install.exe

c:\windows\system32\Cache

c:\windows\system32\Cache\272512937d9e61a4.fb

c:\windows\system32\Cache\287204568329e189.fb

c:\windows\system32\Cache\28bc8f716fd76a47.fb

c:\windows\system32\Cache\2c53092c95605355.fb

c:\windows\system32\Cache\31a0997e9a5b5eb3.fb

c:\windows\system32\Cache\32c84fe32bb74d60.fb

c:\windows\system32\Cache\3917078cb68ec657.fb

c:\windows\system32\Cache\590ba23ce359fd0c.fb

c:\windows\system32\Cache\610289e025a3ee9a.fb

c:\windows\system32\Cache\62b76dccf0e84bae.fb

c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb

c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb

c:\windows\system32\Cache\6d03dad1035885d3.fb

c:\windows\system32\Cache\a8556537add6dfc5.fb

c:\windows\system32\Cache\abd6ac014d9706c7.fb

c:\windows\system32\Cache\ad10a52aff5e038d.fb

c:\windows\system32\Cache\b1ffdc988127b409.fb

c:\windows\system32\Cache\c1fa887b03019701.fb

c:\windows\system32\Cache\c4d28dca2e7648be.fb

c:\windows\system32\Cache\d201ef9910cd39de.fb

c:\windows\system32\Cache\d2e94710a5708128.fb

c:\windows\system32\Cache\d79b9dfe81484ec4.fb

c:\windows\system32\Cache\d98ca5fa83bc5a72.fb

c:\windows\system32\Cache\f998975c9cc711ee.fb

.

.

((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-28 )))))))))))))))))))))))))))))))

.

.

2012-11-21 16:38 . 2012-11-26 22:13 -------- d-----w- c:\windows\SxsCaPendDel

2012-11-17 00:53 . 2012-11-17 00:53 -------- d-----w- c:\program files\Microsoft Silverlight

2012-10-31 20:35 . 2012-10-31 20:35 -------- d-----w- c:\documents and settings\Jess\Local Settings\Application Data\MFAData

2012-10-31 20:35 . 2012-10-31 20:35 -------- d-----w- c:\documents and settings\Jess\Local Settings\Application Data\Avg2013

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-08 18:24 . 2012-09-03 16:12 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2012-10-22 08:37 . 2004-08-04 10:00 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-10-09 21:44 . 2012-05-14 18:23 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-09 21:44 . 2012-05-14 18:23 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-02 18:04 . 2004-08-04 10:00 58368 ----a-w- c:\windows\system32\synceng.dll

2012-09-29 23:54 . 2012-05-14 15:23 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-31 21:27 . 2012-10-31 21:27 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-09-03 16:12 1734240 ----a-w- c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll" [2012-09-03 1734240]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\documents and settings\Jess\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\documents and settings\Jess\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\documents and settings\Jess\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\documents and settings\Jess\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]

"Akamai NetSession Interface"="c:\documents and settings\Jess\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-10-09 4441920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2001-10-06 24576]

"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2001-08-23 331830]

"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]

"ZCfgSvc.exe"="c:\windows\system32\ZCfgSvc.exe" [2004-06-17 409664]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-11-08 997320]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]

"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-03 1022048]

.

c:\documents and settings\Jess\Start Menu\Programs\Startup\

Dropbox.lnk - c:\documents and settings\Jess\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]

2004-06-17 16:14 180290 ----a-w- c:\windows\system32\LgNotify.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk

backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2012-02-21 01:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2011-05-10 06:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]

2004-05-24 19:59 86016 ----a-w- c:\program files\Intel\NCS\PROSet\PRONoMgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]

2012-11-08 18:24 997320 ----a-w- c:\program files\AVG Secure Search\vprot.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Documents and Settings\\Jess\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Documents and Settings\\Jess\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1256:TCP"= 1256:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 3:50 AM 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/31/2012 3:46 AM 31952]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/22/2012 4:25 AM 237408]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [3/19/2012 4:17 AM 301920]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/3/2012 11:12 AM 26984]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [8/13/2012 2:24 AM 5167736]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 3:53 AM 193288]

R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [6/1/2011 11:42 AM 14088]

R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [11/8/2012 1:24 PM 711112]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 12:32 PM 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 12:32 PM 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 12:32 PM 17232]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [6/7/2012 6:12 PM 160944]

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-28 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-14 21:44]

.

.

------- Supplementary Scan -------

.

uStart Page = https://isearch.avg.com/?cid={E74EDDFE-758D-4E95-8608-AF6E40959D9E}&mid=3b0b2e00938547d085a526531fe9b5d6-f54db5c9b71f6d133d90889d918be46c29a3e7a7〈=en&ds=AVG&pr=fr&d=2012-06-27 22:04&v=12.2.5.32&sap=hp

uInternet Connection Wizard,ShellNext = hxxp://www.drivermax.com/index2.htm

uInternet Settings,ProxyOverride = *.local;<local>

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

TCP: DhcpNameServer = 192.168.1.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll

FF - ProfilePath - c:\documents and settings\Jess\Application Data\Mozilla\Firefox\Profiles\x3tcajz3.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxps://accounts.google.com/ServiceLogin?continue=http://www.google.com/ig%3Fhl%3Den&followup=http://www.google.com/ig%3Fhl%3Den&service=ig&passive=true&cd=US&hl=en&nui=1&ltmpl=default

FF - prefs.js: keyword.URL - hxxp://www.goodsearch.com/search.aspx?toolbarcharity=___toolbarcharity___&id=goodsearchtb&v=2_0&keywords=

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

MSConfigStartUp-HotSync - c:\program files\PalmSource\Desktop\HotSync.exe

MSConfigStartUp-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-11-28 11:16

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1108)

c:\windows\System32\BCMLogon.dll

c:\windows\system32\LgNotify.dll

c:\windows\system32\igfxdev.dll

.

Completion time: 2012-11-28 11:21:33

ComboFix-quarantined-files.txt 2012-11-28 16:21

.

Pre-Run: 9,859,239,936 bytes free

Post-Run: 10,075,926,528 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 00E5FA409B82E020CB9B58F220AAA1CB

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702

Run by Jess at 14:15:22 on 2012-11-28

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1262.423 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ================

.

\??\C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

\??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\S24EvMon.exe

C:\WINDOWS\system32\ZCfgSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\1XConfig.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Documents and Settings\Jess\Local Settings\Application Data\Akamai\netsession_win.exe

C:\Documents and Settings\Jess\Local Settings\Application Data\Akamai\netsession_win.exe

C:\Documents and Settings\Jess\Application Data\Dropbox\bin\Dropbox.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\RegSrvc.exe

C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe

C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\AVG\AVG2012\avgemcx.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe

C:\Program Files\AVG\AVG2012\avgidsagent.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxps://isearch.avg.com/?cid={E74EDDFE-758D-4E95-8608-AF6E40959D9E}&mid=3b0b2e00938547d085a526531fe9b5d6-f54db5c9b71f6d133d90889d918be46c29a3e7a7〈=en&ds=AVG&pr=fr&d=2012-06-27 22:04:12&v=12.2.5.32&sap=hp

uInternet Connection Wizard,ShellNext = hxxp://www.drivermax.com/index2.htm

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll

BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\12.2.5.32\AVG Secure Search_toolbar.dll

TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\12.2.5.32\AVG Secure Search_toolbar.dll

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

uRun: [Akamai NetSession Interface] "c:\documents and settings\jess\local settings\application data\akamai\netsession_win.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [WorksFUD] c:\program files\microsoft works\wkfud.exe

mRun: [Microsoft Works Portfolio] c:\program files\microsoft works\WksSb.exe /AllUsers

mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe

mRun: [ZCfgSvc.exe] c:\windows\system32\ZCfgSvc.exe

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [ROC_ROC_JULY_P1] "c:\program files\avg secure search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1

StartupFolder: c:\docume~1\jess\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\jess\application data\dropbox\bin\Dropbox.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office10\OSA.EXE

uPolicies-Explorer: NoDriveTypeAutoRun = dword:323

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

TCP: NameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{253B1A57-04A1-4DAE-B49C-F17A10CC0988} : DHCPNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{F80A5669-AAFF-4B76-940C-3A42475B1E80} : DHCPNameServer = 209.18.47.61 209.18.47.62

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.2.6\ViProtocol.dll

Notify: igfxcui - igfxdev.dll

Notify: Sebring - c:\windows\system32\LgNotify.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\jess\application data\mozilla\firefox\profiles\x3tcajz3.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxps://accounts.google.com/ServiceLogin?continue=http://www.google.com/ig%3Fhl%3Den&followup=http://www.google.com/ig%3Fhl%3Den&service=ig&passive=true&cd=US&hl=en&nui=1&ltmpl=default

FF - prefs.js: keyword.URL - hxxp://www.goodsearch.com/search.aspx?toolbarcharity=___toolbarcharity___&id=goodsearchtb&v=2_0&keywords=

FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\13.2.0\npsitesafety.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 237408]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301920]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-3 26984]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-8-13 5167736]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]

R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2011-6-1 14088]

R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\13.2.0\ToolbarUpdater.exe [2012-11-8 711112]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]

.

=============== Created Last 30 ================

.

2012-11-28 16:09:45 -------- d-sha-r- C:\cmdcons

2012-11-28 16:06:58 98816 ----a-w- c:\windows\sed.exe

2012-11-28 16:06:58 256000 ----a-w- c:\windows\PEV.exe

2012-11-28 16:06:58 208896 ----a-w- c:\windows\MBR.exe

2012-11-21 16:38:46 -------- d-----w- c:\windows\SxsCaPendDel

2012-10-31 20:35:47 -------- d-----w- c:\documents and settings\jess\local settings\application data\MFAData

2012-10-31 20:35:47 -------- d-----w- c:\documents and settings\jess\local settings\application data\Avg2013

.

==================== Find3M ====================

.

2012-11-08 18:24:19 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-10-09 21:44:24 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-09 21:44:23 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll

2012-09-29 23:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 14:16:11.44 ===============

Link to post
Share on other sites

  • Staff

Hi,

No need for attach.txt.

Things are looking better. :)

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Export the threats found (if any), and post them here.

Next, please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Next, download my Security Check from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

things seem to be running well, but here are the logs you requested:

TDSSKiller

14:12:28.0986 1272 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

14:12:31.0019 1272 ============================================================

14:12:31.0019 1272 Current date / time: 2012/12/02 14:12:31.0019

14:12:31.0019 1272 SystemInfo:

14:12:31.0019 1272

14:12:31.0019 1272 OS Version: 5.1.2600 ServicePack: 3.0

14:12:31.0019 1272 Product type: Workstation

14:12:31.0019 1272 ComputerName: JESSICA700M

14:12:31.0019 1272 UserName: Jess

14:12:31.0019 1272 Windows directory: C:\WINDOWS

14:12:31.0019 1272 System windows directory: C:\WINDOWS

14:12:31.0019 1272 Processor architecture: Intel x86

14:12:31.0019 1272 Number of processors: 1

14:12:31.0019 1272 Page size: 0x1000

14:12:31.0019 1272 Boot type: Normal boot

14:12:31.0019 1272 ============================================================

14:12:33.0863 1272 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

14:12:33.0863 1272 ============================================================

14:12:33.0863 1272 \Device\Harddisk0\DR0:

14:12:33.0863 1272 MBR partitions:

14:12:33.0863 1272 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC3D80

14:12:33.0863 1272 ============================================================

14:12:33.0904 1272 C: <-> \Device\Harddisk0\DR0\Partition1

14:12:33.0904 1272 ============================================================

14:12:33.0904 1272 Initialize success

14:12:33.0904 1272 ============================================================

14:12:56.0837 2284 ============================================================

14:12:56.0837 2284 Scan started

14:12:56.0837 2284 Mode: Manual;

14:12:56.0837 2284 ============================================================

14:12:57.0187 2284 ================ Scan system memory ========================

14:12:57.0187 2284 System memory - ok

14:12:57.0197 2284 ================ Scan services =============================

14:12:57.0317 2284 Abiosdsk - ok

14:12:57.0327 2284 abp480n5 - ok

14:12:57.0417 2284 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

14:12:57.0427 2284 ACPI - ok

14:12:57.0437 2284 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

14:12:57.0467 2284 ACPIEC - ok

14:12:57.0568 2284 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

14:12:57.0608 2284 AdobeFlashPlayerUpdateSvc - ok

14:12:57.0628 2284 adpu160m - ok

14:12:57.0668 2284 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys

14:12:57.0678 2284 aec - ok

14:12:57.0738 2284 [ 4B66E250C94C92522C33A759D5D273CB ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys

14:12:57.0738 2284 AegisP - ok

14:12:57.0818 2284 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys

14:12:57.0828 2284 AFD - ok

14:12:57.0848 2284 Aha154x - ok

14:12:57.0858 2284 aic78u2 - ok

14:12:57.0878 2284 aic78xx - ok

14:12:57.0938 2284 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

14:12:57.0948 2284 Alerter - ok

14:12:57.0988 2284 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe

14:12:57.0988 2284 ALG - ok

14:12:57.0998 2284 AliIde - ok

14:12:58.0018 2284 amsint - ok

14:12:58.0148 2284 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

14:12:58.0188 2284 Apple Mobile Device - ok

14:12:58.0269 2284 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll

14:12:58.0309 2284 AppMgmt - ok

14:12:58.0349 2284 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys

14:12:58.0369 2284 Arp1394 - ok

14:12:58.0399 2284 asc - ok

14:12:58.0409 2284 asc3350p - ok

14:12:58.0419 2284 asc3550 - ok

14:12:58.0599 2284 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

14:12:58.0609 2284 aspnet_state - ok

14:12:58.0639 2284 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

14:12:58.0649 2284 AsyncMac - ok

14:12:58.0679 2284 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

14:12:58.0679 2284 atapi - ok

14:12:58.0689 2284 Atdisk - ok

14:12:58.0729 2284 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

14:12:58.0739 2284 Atmarpc - ok

14:12:58.0779 2284 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

14:12:58.0779 2284 AudioSrv - ok

14:12:58.0849 2284 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

14:12:58.0879 2284 audstub - ok

14:12:59.0570 2284 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files\AVG\AVG2012\avgidsagent.exe

14:12:59.0681 2284 AVGIDSAgent - ok

14:12:59.0731 2284 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys

14:12:59.0731 2284 AVGIDSDriver - ok

14:12:59.0761 2284 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys

14:12:59.0761 2284 AVGIDSFilter - ok

14:12:59.0791 2284 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys

14:12:59.0791 2284 AVGIDSHX - ok

14:12:59.0831 2284 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys

14:12:59.0831 2284 AVGIDSShim - ok

14:12:59.0881 2284 [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys

14:12:59.0881 2284 Avgldx86 - ok

14:12:59.0921 2284 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

14:12:59.0931 2284 Avgmfx86 - ok

14:12:59.0951 2284 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

14:12:59.0951 2284 Avgrkx86 - ok

14:13:00.0011 2284 [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys

14:13:00.0021 2284 Avgtdix - ok

14:13:00.0091 2284 [ 57D83B82117C2DDB9D7E9AEA691CEDFC ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys

14:13:00.0161 2284 avgtp - ok

14:13:00.0181 2284 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe

14:13:00.0191 2284 avgwd - ok

14:13:00.0261 2284 [ 78123F44BE9E4768852A3A017E02D637 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

14:13:00.0271 2284 bcm4sbxp - ok

14:13:00.0312 2284 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

14:13:00.0312 2284 Beep - ok

14:13:00.0402 2284 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll

14:13:00.0442 2284 BITS - ok

14:13:00.0542 2284 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

14:13:00.0552 2284 Bonjour Service - ok

14:13:00.0582 2284 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll

14:13:00.0582 2284 Browser - ok

14:13:00.0592 2284 bvrp_pci - ok

14:13:00.0752 2284 catchme - ok

14:13:00.0782 2284 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

14:13:00.0912 2284 cbidf2k - ok

14:13:00.0962 2284 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

14:13:00.0972 2284 CCDECODE - ok

14:13:00.0972 2284 cd20xrnt - ok

14:13:01.0013 2284 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

14:13:01.0013 2284 Cdaudio - ok

14:13:01.0033 2284 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

14:13:01.0033 2284 Cdfs - ok

14:13:01.0053 2284 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

14:13:01.0053 2284 Cdrom - ok

14:13:01.0093 2284 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys

14:13:01.0093 2284 cercsr6 - ok

14:13:01.0103 2284 Changer - ok

14:13:01.0143 2284 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe

14:13:01.0143 2284 CiSvc - ok

14:13:01.0203 2284 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

14:13:01.0203 2284 ClipSrv - ok

14:13:01.0253 2284 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

14:13:01.0343 2284 clr_optimization_v2.0.50727_32 - ok

14:13:01.0373 2284 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys

14:13:01.0373 2284 CmBatt - ok

14:13:01.0383 2284 CmdIde - ok

14:13:01.0393 2284 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys

14:13:01.0393 2284 Compbatt - ok

14:13:01.0403 2284 COMSysApp - ok

14:13:01.0413 2284 Cpqarray - ok

14:13:01.0453 2284 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

14:13:01.0453 2284 CryptSvc - ok

14:13:01.0463 2284 dac2w2k - ok

14:13:01.0473 2284 dac960nt - ok

14:13:01.0563 2284 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

14:13:01.0603 2284 DcomLaunch - ok

14:13:01.0694 2284 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

14:13:01.0694 2284 Dhcp - ok

14:13:01.0704 2284 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

14:13:01.0704 2284 Disk - ok

14:13:01.0714 2284 dmadmin - ok

14:13:01.0794 2284 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

14:13:01.0854 2284 dmboot - ok

14:13:01.0954 2284 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys

14:13:02.0234 2284 dmio - ok

14:13:02.0284 2284 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

14:13:02.0385 2284 dmload - ok

14:13:02.0495 2284 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll

14:13:02.0575 2284 dmserver - ok

14:13:02.0625 2284 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

14:13:02.0625 2284 DMusic - ok

14:13:02.0685 2284 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

14:13:02.0685 2284 Dnscache - ok

14:13:02.0825 2284 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

14:13:02.0835 2284 Dot3svc - ok

14:13:02.0835 2284 dpti2o - ok

14:13:02.0885 2284 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

14:13:02.0885 2284 drmkaud - ok

14:13:02.0935 2284 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll

14:13:02.0955 2284 EapHost - ok

14:13:03.0005 2284 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll

14:13:03.0005 2284 ERSvc - ok

14:13:03.0076 2284 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe

14:13:03.0076 2284 Eventlog - ok

14:13:03.0166 2284 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll

14:13:03.0186 2284 EventSystem - ok

14:13:03.0316 2284 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

14:13:03.0336 2284 Fastfat - ok

14:13:03.0416 2284 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

14:13:03.0426 2284 FastUserSwitchingCompatibility - ok

14:13:03.0446 2284 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys

14:13:03.0446 2284 Fdc - ok

14:13:03.0456 2284 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

14:13:03.0466 2284 Fips - ok

14:13:03.0466 2284 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys

14:13:03.0476 2284 Flpydisk - ok

14:13:03.0536 2284 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

14:13:03.0536 2284 FltMgr - ok

14:13:03.0636 2284 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

14:13:03.0636 2284 FontCache3.0.0.0 - ok

14:13:03.0646 2284 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

14:13:03.0656 2284 Fs_Rec - ok

14:13:03.0686 2284 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

14:13:03.0696 2284 Ftdisk - ok

14:13:03.0736 2284 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

14:13:03.0746 2284 GEARAspiWDM - ok

14:13:03.0797 2284 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

14:13:03.0807 2284 Gpc - ok

14:13:03.0867 2284 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

14:13:03.0877 2284 gusvc - ok

14:13:04.0017 2284 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

14:13:04.0017 2284 helpsvc - ok

14:13:04.0047 2284 HidServ - ok

14:13:04.0107 2284 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

14:13:04.0107 2284 hkmsvc - ok

14:13:04.0117 2284 hpn - ok

14:13:04.0197 2284 [ 9F1D80908658EB7F1BF70809E0B51470 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys

14:13:04.0227 2284 HPZid412 - ok

14:13:04.0257 2284 [ F7E3E9D50F9CD3DE28085A8FDAA0A1C3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

14:13:04.0257 2284 HPZipr12 - ok

14:13:04.0287 2284 [ CF1B7951B4EC8D13F3C93B74BB2B461B ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys

14:13:04.0297 2284 HPZius12 - ok

14:13:04.0367 2284 [ A84BBBDD125D370593004F6429F8445C ] HSFHWICH C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys

14:13:04.0377 2284 HSFHWICH - ok

14:13:04.0498 2284 [ B678FA91CF4A1C19B462D8DB04CD02AB ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS

14:13:04.0598 2284 HSF_DPV - ok

14:13:04.0678 2284 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

14:13:04.0688 2284 HTTP - ok

14:13:04.0738 2284 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

14:13:04.0738 2284 HTTPFilter - ok

14:13:04.0748 2284 i2omgmt - ok

14:13:04.0758 2284 i2omp - ok

14:13:05.0028 2284 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

14:13:05.0158 2284 i8042prt - ok

14:13:05.0409 2284 [ 9A883C3C4D91292C0D09DE7C728E781C ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

14:13:05.0509 2284 ialm - ok

14:13:05.0609 2284 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

14:13:05.0609 2284 IDriverT - ok

14:13:05.0769 2284 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

14:13:05.0829 2284 idsvc - ok

14:13:05.0860 2284 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

14:13:05.0860 2284 Imapi - ok

14:13:05.0920 2284 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe

14:13:05.0930 2284 ImapiService - ok

14:13:05.0940 2284 ini910u - ok

14:13:05.0980 2284 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys

14:13:05.0980 2284 IntelIde - ok

14:13:06.0000 2284 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys

14:13:06.0010 2284 intelppm - ok

14:13:06.0060 2284 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys

14:13:06.0060 2284 Ip6Fw - ok

14:13:06.0110 2284 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

14:13:06.0110 2284 IpFilterDriver - ok

14:13:06.0140 2284 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

14:13:06.0140 2284 IpInIp - ok

14:13:06.0190 2284 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

14:13:06.0190 2284 IpNat - ok

14:13:06.0340 2284 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

14:13:06.0360 2284 iPod Service - ok

14:13:06.0390 2284 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

14:13:06.0390 2284 IPSec - ok

14:13:06.0440 2284 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

14:13:06.0460 2284 IRENUM - ok

14:13:06.0470 2284 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

14:13:06.0480 2284 isapnp - ok

14:13:06.0520 2284 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

14:13:06.0520 2284 Kbdclass - ok

14:13:06.0561 2284 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

14:13:06.0571 2284 kmixer - ok

14:13:06.0611 2284 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

14:13:06.0621 2284 KSecDD - ok

14:13:06.0681 2284 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

14:13:06.0691 2284 lanmanserver - ok

14:13:06.0731 2284 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

14:13:06.0751 2284 lanmanworkstation - ok

14:13:06.0771 2284 lbrtfdc - ok

14:13:06.0811 2284 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

14:13:06.0821 2284 LmHosts - ok

14:13:06.0881 2284 [ 757706A720255945BA36AD0422A8CE95 ] MaxtorFrontPanel1 C:\WINDOWS\system32\DRIVERS\mxofwfp.sys

14:13:07.0272 2284 MaxtorFrontPanel1 - ok

14:13:07.0362 2284 [ 0575B71F6232579F2AEE55626CB13B03 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

14:13:07.0372 2284 MDM - ok

14:13:07.0412 2284 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

14:13:07.0412 2284 mdmxsdk - ok

14:13:07.0452 2284 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll

14:13:07.0452 2284 Messenger - ok

14:13:07.0512 2284 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

14:13:07.0542 2284 mnmdd - ok

14:13:07.0582 2284 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

14:13:07.0612 2284 mnmsrvc - ok

14:13:07.0662 2284 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

14:13:07.0662 2284 Modem - ok

14:13:07.0672 2284 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

14:13:07.0682 2284 Mouclass - ok

14:13:07.0692 2284 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

14:13:07.0702 2284 MountMgr - ok

14:13:07.0782 2284 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

14:13:07.0782 2284 MozillaMaintenance - ok

14:13:07.0792 2284 mraid35x - ok

14:13:07.0812 2284 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

14:13:07.0822 2284 MRxDAV - ok

14:13:07.0912 2284 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

14:13:07.0953 2284 MRxSmb - ok

14:13:07.0993 2284 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

14:13:07.0993 2284 MSDTC - ok

14:13:08.0013 2284 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

14:13:08.0023 2284 Msfs - ok

14:13:08.0033 2284 MSIServer - ok

14:13:08.0063 2284 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

14:13:08.0063 2284 MSKSSRV - ok

14:13:08.0083 2284 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

14:13:08.0093 2284 MSPCLOCK - ok

14:13:08.0123 2284 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

14:13:08.0123 2284 MSPQM - ok

14:13:08.0163 2284 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

14:13:08.0183 2284 mssmbios - ok

14:13:08.0223 2284 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys

14:13:08.0233 2284 MSTEE - ok

14:13:08.0253 2284 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

14:13:08.0263 2284 Mup - ok

14:13:08.0293 2284 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

14:13:08.0293 2284 NABTSFEC - ok

14:13:08.0333 2284 [ EBBEF7D3DDEB24239AB8D067F3A27CCF ] NAL C:\WINDOWS\system32\Drivers\iqvw32.sys

14:13:08.0363 2284 NAL - ok

14:13:08.0463 2284 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll

14:13:08.0503 2284 napagent - ok

14:13:08.0553 2284 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

14:13:08.0563 2284 NDIS - ok

14:13:08.0603 2284 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys

14:13:08.0603 2284 NdisIP - ok

14:13:08.0664 2284 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

14:13:08.0664 2284 NdisTapi - ok

14:13:08.0734 2284 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

14:13:08.0734 2284 Ndisuio - ok

14:13:08.0744 2284 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

14:13:08.0754 2284 NdisWan - ok

14:13:08.0804 2284 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

14:13:08.0804 2284 NDProxy - ok

14:13:08.0844 2284 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

14:13:08.0874 2284 NetBIOS - ok

14:13:08.0934 2284 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

14:13:08.0954 2284 NetBT - ok

14:13:09.0014 2284 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe

14:13:09.0024 2284 NetDDE - ok

14:13:09.0054 2284 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

14:13:09.0064 2284 NetDDEdsdm - ok

14:13:09.0104 2284 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe

14:13:09.0114 2284 Netlogon - ok

14:13:09.0154 2284 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll

14:13:09.0184 2284 Netman - ok

14:13:09.0345 2284 [ 25D4FD2151185172B6643C94F34F36BE ] NetSvc C:\Program Files\Intel\NCS\Sync\NetSvc.exe

14:13:09.0375 2284 NetSvc - ok

14:13:09.0435 2284 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

14:13:09.0435 2284 NetTcpPortSharing - ok

14:13:09.0485 2284 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys

14:13:09.0495 2284 NIC1394 - ok

14:13:09.0535 2284 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll

14:13:09.0615 2284 Nla - ok

14:13:09.0645 2284 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

14:13:09.0645 2284 Npfs - ok

14:13:09.0705 2284 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

14:13:09.0785 2284 Ntfs - ok

14:13:09.0805 2284 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

14:13:09.0805 2284 NtLmSsp - ok

14:13:10.0015 2284 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

14:13:10.0046 2284 NtmsSvc - ok

14:13:10.0076 2284 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

14:13:10.0076 2284 Null - ok

14:13:10.0136 2284 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

14:13:10.0136 2284 NwlnkFlt - ok

14:13:10.0146 2284 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

14:13:10.0146 2284 NwlnkFwd - ok

14:13:10.0156 2284 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys

14:13:10.0166 2284 ohci1394 - ok

14:13:10.0206 2284 [ DC450992EBA6F914080C1F7FBEEED72C ] PalmUSBD C:\WINDOWS\system32\drivers\PalmUSBD.sys

14:13:10.0216 2284 PalmUSBD - ok

14:13:10.0226 2284 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys

14:13:10.0226 2284 Parport - ok

14:13:10.0246 2284 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

14:13:10.0246 2284 PartMgr - ok

14:13:10.0286 2284 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

14:13:10.0286 2284 ParVdm - ok

14:13:10.0296 2284 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

14:13:10.0306 2284 PCI - ok

14:13:10.0306 2284 PCIDump - ok

14:13:10.0336 2284 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys

14:13:10.0346 2284 PCIIde - ok

14:13:10.0446 2284 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys

14:13:10.0536 2284 Pcmcia - ok

14:13:10.0536 2284 PDCOMP - ok

14:13:10.0546 2284 PDFRAME - ok

14:13:10.0556 2284 PDRELI - ok

14:13:10.0556 2284 PDRFRAME - ok

14:13:10.0566 2284 perc2 - ok

14:13:10.0586 2284 perc2hib - ok

14:13:10.0656 2284 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe

14:13:10.0666 2284 PlugPlay - ok

14:13:10.0747 2284 [ 9D84376931440F3679BEEF2A414FA493 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe

14:13:10.0747 2284 Pml Driver HPZ12 - ok

14:13:10.0757 2284 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

14:13:10.0757 2284 PolicyAgent - ok

14:13:10.0787 2284 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

14:13:10.0787 2284 PptpMiniport - ok

14:13:10.0797 2284 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

14:13:10.0797 2284 ProtectedStorage - ok

14:13:10.0807 2284 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

14:13:10.0817 2284 PSched - ok

14:13:10.0837 2284 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

14:13:10.0837 2284 Ptilink - ok

14:13:10.0857 2284 ql1080 - ok

14:13:10.0867 2284 Ql10wnt - ok

14:13:10.0877 2284 ql12160 - ok

14:13:10.0887 2284 ql1240 - ok

14:13:10.0897 2284 ql1280 - ok

14:13:10.0907 2284 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

14:13:10.0917 2284 RasAcd - ok

14:13:10.0957 2284 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll

14:13:10.0957 2284 RasAuto - ok

14:13:11.0007 2284 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

14:13:11.0007 2284 Rasl2tp - ok

14:13:11.0087 2284 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll

14:13:11.0097 2284 RasMan - ok

14:13:11.0107 2284 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

14:13:11.0107 2284 RasPppoe - ok

14:13:11.0127 2284 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

14:13:11.0127 2284 Raspti - ok

14:13:11.0167 2284 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

14:13:11.0167 2284 Rdbss - ok

14:13:11.0197 2284 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

14:13:11.0197 2284 RDPCDD - ok

14:13:11.0217 2284 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

14:13:11.0227 2284 rdpdr - ok

14:13:11.0287 2284 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

14:13:11.0287 2284 RDPWD - ok

14:13:11.0327 2284 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

14:13:11.0327 2284 RDSessMgr - ok

14:13:11.0367 2284 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

14:13:11.0377 2284 redbook - ok

14:13:11.0438 2284 [ 2721D89B80F8E154668190BF240E5698 ] RegSrvc C:\WINDOWS\system32\RegSrvc.exe

14:13:11.0438 2284 RegSrvc - ok

14:13:11.0488 2284 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

14:13:11.0498 2284 RemoteAccess - ok

14:13:11.0538 2284 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll

14:13:11.0548 2284 RemoteRegistry - ok

14:13:11.0578 2284 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe

14:13:11.0578 2284 RpcLocator - ok

14:13:11.0648 2284 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll

14:13:11.0658 2284 RpcSs - ok

14:13:11.0698 2284 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe

14:13:11.0708 2284 RSVP - ok

14:13:11.0768 2284 [ B6CAA5219B1F98FFA58247F9E207D9B9 ] S24EventMonitor C:\WINDOWS\system32\S24EvMon.exe

14:13:11.0788 2284 S24EventMonitor - ok

14:13:11.0818 2284 [ F8E1A385D08204A461E19CD9BCA2B461 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys

14:13:11.0818 2284 s24trans - ok

14:13:11.0848 2284 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe

14:13:11.0848 2284 SamSs - ok

14:13:11.0908 2284 [ B244960E5A1DB8E9D5D17086DE37C1E4 ] sbp2port C:\WINDOWS\system32\DRIVERS\sbp2port.sys

14:13:11.0908 2284 sbp2port - ok

14:13:11.0948 2284 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

14:13:11.0968 2284 SCardSvr - ok

14:13:12.0028 2284 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll

14:13:12.0068 2284 Schedule - ok

14:13:12.0159 2284 [ 16B44D246835EAC156F8DAF0AA4F530C ] SeagateDashboardService C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe

14:13:12.0169 2284 SeagateDashboardService - ok

14:13:12.0199 2284 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

14:13:12.0229 2284 Secdrv - ok

14:13:12.0279 2284 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll

14:13:12.0279 2284 seclogon - ok

14:13:12.0339 2284 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll

14:13:12.0349 2284 SENS - ok

14:13:12.0379 2284 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys

14:13:12.0379 2284 Serial - ok

14:13:12.0459 2284 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

14:13:12.0469 2284 Sfloppy - ok

14:13:12.0569 2284 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

14:13:12.0609 2284 SharedAccess - ok

14:13:12.0659 2284 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

14:13:12.0669 2284 ShellHWDetection - ok

14:13:12.0689 2284 Simbad - ok

14:13:12.0759 2284 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe

14:13:12.0779 2284 SkypeUpdate - ok

14:13:12.0830 2284 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys

14:13:12.0830 2284 SLIP - ok

14:13:12.0850 2284 Sparrow - ok

14:13:12.0900 2284 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

14:13:12.0900 2284 splitter - ok

14:13:12.0970 2284 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe

14:13:12.0970 2284 Spooler - ok

14:13:13.0000 2284 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

14:13:13.0040 2284 sr - ok

14:13:13.0090 2284 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll

14:13:13.0130 2284 srservice - ok

14:13:13.0210 2284 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

14:13:13.0240 2284 Srv - ok

14:13:13.0320 2284 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

14:13:13.0350 2284 SSDPSRV - ok

14:13:13.0440 2284 [ 5813D453EF8CE49D607C255CF128ACEB ] STAC97 C:\WINDOWS\system32\drivers\stac97.sys

14:13:13.0490 2284 STAC97 - ok

14:13:13.0541 2284 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll

14:13:13.0581 2284 stisvc - ok

14:13:13.0611 2284 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys

14:13:13.0621 2284 streamip - ok

14:13:13.0681 2284 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

14:13:13.0681 2284 swenum - ok

14:13:13.0731 2284 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

14:13:13.0731 2284 swmidi - ok

14:13:13.0761 2284 SwPrv - ok

14:13:13.0781 2284 symc810 - ok

14:13:13.0791 2284 symc8xx - ok

14:13:13.0801 2284 sym_hi - ok

14:13:13.0831 2284 sym_u3 - ok

14:13:13.0881 2284 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

14:13:13.0891 2284 sysaudio - ok

14:13:13.0921 2284 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

14:13:13.0951 2284 SysmonLog - ok

14:13:14.0041 2284 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

14:13:14.0302 2284 TapiSrv - ok

14:13:14.0412 2284 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

14:13:14.0442 2284 Tcpip - ok

14:13:14.0482 2284 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

14:13:14.0492 2284 TDPIPE - ok

14:13:14.0502 2284 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

14:13:14.0512 2284 TDTCP - ok

14:13:14.0552 2284 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

14:13:14.0552 2284 TermDD - ok

14:13:14.0662 2284 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll

14:13:14.0792 2284 TermService - ok

14:13:14.0812 2284 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll

14:13:14.0822 2284 Themes - ok

14:13:14.0882 2284 [ 465C92A7CB4FC1885B0018BA6325B463 ] tifm C:\WINDOWS\system32\drivers\tifm.sys

14:13:14.0892 2284 tifm - ok

14:13:14.0953 2284 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe

14:13:14.0963 2284 TlntSvr - ok

14:13:14.0973 2284 TosIde - ok

14:13:15.0023 2284 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll

14:13:15.0033 2284 TrkWks - ok

14:13:15.0063 2284 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

14:13:15.0073 2284 Udfs - ok

14:13:15.0073 2284 UIUSys - ok

14:13:15.0093 2284 ultra - ok

14:13:15.0183 2284 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

14:13:15.0223 2284 Update - ok

14:13:15.0283 2284 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll

14:13:15.0393 2284 upnphost - ok

14:13:15.0413 2284 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe

14:13:15.0563 2284 UPS - ok

14:13:15.0874 2284 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys

14:13:15.0914 2284 usbaudio - ok

14:13:15.0974 2284 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

14:13:15.0974 2284 usbccgp - ok

14:13:16.0024 2284 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

14:13:16.0034 2284 usbehci - ok

14:13:16.0034 2284 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

14:13:16.0044 2284 usbhub - ok

14:13:16.0074 2284 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

14:13:16.0074 2284 usbprint - ok

14:13:16.0184 2284 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

14:13:16.0224 2284 usbscan - ok

14:13:16.0254 2284 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

14:13:16.0264 2284 USBSTOR - ok

14:13:16.0295 2284 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys

14:13:16.0305 2284 usbuhci - ok

14:13:16.0355 2284 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys

14:13:16.0395 2284 usbvideo - ok

14:13:16.0435 2284 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

14:13:16.0455 2284 VgaSave - ok

14:13:16.0455 2284 ViaIde - ok

14:13:16.0485 2284 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

14:13:16.0485 2284 VolSnap - ok

14:13:16.0555 2284 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe

14:13:16.0585 2284 VSS - ok

14:13:16.0735 2284 [ 7D110D645030C05A06C3CD08D1E47D0A ] vToolbarUpdater13.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe

14:13:16.0755 2284 vToolbarUpdater13.2.0 - ok

14:13:16.0795 2284 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll

14:13:16.0795 2284 W32Time - ok

14:13:16.0905 2284 [ 677AD85E3058C821F5A73CDF7E5B5478 ] w70n51 C:\WINDOWS\system32\DRIVERS\w70n51.sys

14:13:17.0026 2284 w70n51 - ok

14:13:17.0106 2284 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

14:13:17.0126 2284 Wanarp - ok

14:13:17.0166 2284 WDICA - ok

14:13:17.0216 2284 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

14:13:17.0246 2284 wdmaud - ok

14:13:17.0276 2284 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll

14:13:17.0296 2284 WebClient - ok

14:13:17.0366 2284 [ 0C5B9CF1BDF998750D9C5EEB5F8C55AC ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

14:13:17.0426 2284 winachsf - ok

14:13:17.0566 2284 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

14:13:17.0586 2284 winmgmt - ok

14:13:17.0596 2284 wltrysvc - ok

14:13:17.0646 2284 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll

14:13:17.0646 2284 WmdmPmSN - ok

14:13:17.0747 2284 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll

14:13:17.0827 2284 Wmi - ok

14:13:17.0857 2284 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

14:13:17.0867 2284 WmiApSrv - ok

14:13:17.0957 2284 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys

14:13:17.0967 2284 WS2IFSL - ok

14:13:18.0047 2284 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll

14:13:18.0057 2284 wscsvc - ok

14:13:18.0117 2284 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

14:13:18.0117 2284 WSTCODEC - ok

14:13:18.0177 2284 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll

14:13:18.0177 2284 wuauserv - ok

14:13:18.0327 2284 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

14:13:18.0398 2284 WZCSVC - ok

14:13:18.0478 2284 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

14:13:18.0498 2284 xmlprov - ok

14:13:18.0528 2284 ================ Scan global ===============================

14:13:18.0558 2284 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

14:13:18.0678 2284 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

14:13:18.0748 2284 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

14:13:18.0778 2284 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe

14:13:18.0778 2284 [Global] - ok

14:13:18.0778 2284 ================ Scan MBR ==================================

14:13:18.0818 2284 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0

14:13:19.0159 2284 \Device\Harddisk0\DR0 - ok

14:13:19.0169 2284 ================ Scan VBR ==================================

14:13:19.0169 2284 [ 79068B77997F23BBE176DF1A4571B665 ] \Device\Harddisk0\DR0\Partition1

14:13:19.0179 2284 \Device\Harddisk0\DR0\Partition1 - ok

14:13:19.0179 2284 ============================================================

14:13:19.0179 2284 Scan finished

14:13:19.0179 2284 ============================================================

14:13:19.0219 1508 Detected object count: 0

14:13:19.0219 1508 Actual detected object count: 0

14:22:28.0028 1856 Deinitialize success

ESET Online Scanner

C:\Qoobox\Quarantine\C\autorun.inf.vir Win32/PSW.OnLineGames.OUM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{CA4FB9B1-A2C2-4D3E-BA48-E5E64E4EC17D}\RP139\A0023168.inf Win32/PSW.OnLineGames.OUM trojan cleaned by deleting - quarantined

AdwCleaner

# AdwCleaner v2.011 - Logfile created 12/02/2012 at 16:31:30

# Updated 02/12/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Jess - JESSICA700M

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Jess\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

Folder Found : C:\Documents and Settings\All Users\Application Data\AVG Secure Search

Folder Found : C:\Documents and Settings\Jess\Application Data\AVG Secure Search

Folder Found : C:\Documents and Settings\Jess\Local Settings\Application Data\AVG Secure Search

Folder Found : C:\Program Files\AVG Secure Search

Folder Found : C:\Program Files\Common Files\AVG Secure Search

***** [Registry] *****

Key Found : HKCU\Software\AVG Secure Search

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\Software\AVG Secure Search

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Found : HKU\S-1-5-21-1844237615-1606980848-1060284298-1003\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://isearch.avg.com/?cid={E74EDDFE-758D-4E95-8608-AF6E40959D9E}&mid=3b0b2e00938547d085a526531fe9b5d6-f54db5c9b71f6d133d90889d918be46c29a3e7a7〈=en&ds=AVG&pr=fr&d=2012-06-27 22:04:12&v=12.2.5.32&sap=hp

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxps://isearch.avg.com/tab?cid={E74EDDFE-758D-4E95-8608-AF6E40959D9E}&mid=3b0b2e00938547d085a526531fe9b5d6-f54db5c9b71f6d133d90889d918be46c29a3e7a7〈=en&ds=AVG&pr=fr&d=2012-06-27 22:04:12&v=12.2.5.32&sap=nt

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default

File : C:\Documents and Settings\Jess\Application Data\Mozilla\Firefox\Profiles\x3tcajz3.default\prefs.js

Found : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AV[...]

Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");

*************************

AdwCleaner[R1].txt - [5279 octets] - [02/12/2012 16:31:30]

########## EOF - C:\AdwCleaner[R1].txt - [5339 octets] ##########

BleepingComputer Security Check

Results of screen317's Security Check version 0.99.56

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Please wait while WMIC is being installed.d

i

s

p

l

a

y

N

a

m

e

ECHO is off.

A

V

G

ECHO is off.

A

n

t

i

V

i

r

u

s

ECHO is off.

F

r

e

ECHO is off.

E

d

i

t

i

o

n

ECHO is off.

2

0

1

2

ECHO is off.

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.1.1000

Adobe Flash Player 11.4.402.287

Adobe Reader 10.1.4 Adobe Reader out of Date!

Mozilla Firefox 16.0.2 Firefox out of Date!

````````Process Check: objlist.exe by Laurent````````

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 2%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

  • Staff

Hi,

Run TFC by OldTimer to clear temporary files:

  • Open TFC.exe if you already have it. If not, please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck and TDSSKiller.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Adobe Flash Player 11.4.402.287

Adobe Reader 10.1.4

Restart your computer.

Get the latest version of Java, Adobe Reader, and Adobe Flash Player.

Open Firefox, click Help --> About, and ensure that it updates to version 17.

Let me know what issues remain.

Link to post
Share on other sites

Thanks. I do have Windows set to automatically update, so I assume I am good there.

Does it appear that I am virus free yet?

# AdwCleaner v2.100 - Logfile created 12/11/2012 at 09:11:20

# Updated 09/12/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Jess - JESSICA700M

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Jess\Desktop\anti-virus\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

Folder Found : C:\Documents and Settings\All Users\Application Data\AVG Secure Search

Folder Found : C:\Documents and Settings\Jess\Application Data\AVG Secure Search

Folder Found : C:\Documents and Settings\Jess\Local Settings\Application Data\AVG Secure Search

Folder Found : C:\Program Files\AVG Secure Search

Folder Found : C:\Program Files\Common Files\AVG Secure Search

***** [Registry] *****

Key Found : HKCU\Software\AVG Secure Search

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\Software\AVG Secure Search

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Found : HKU\S-1-5-21-1844237615-1606980848-1060284298-1003\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://isearch.avg.com/?cid={E74EDDFE-758D-4E95-8608-AF6E40959D9E}&mid=3b0b2e00938547d085a526531fe9b5d6-f54db5c9b71f6d133d90889d918be46c29a3e7a7〈=en&ds=AVG&pr=fr&d=2012-06-27 22:04:12&v=12.2.5.32&sap=hp

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxps://isearch.avg.com/tab?cid={E74EDDFE-758D-4E95-8608-AF6E40959D9E}&mid=3b0b2e00938547d085a526531fe9b5d6-f54db5c9b71f6d133d90889d918be46c29a3e7a7〈=en&ds=AVG&pr=fr&d=2012-06-27 22:04:12&v=12.2.5.32&sap=nt

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default

File : C:\Documents and Settings\Jess\Application Data\Mozilla\Firefox\Profiles\x3tcajz3.default\prefs.js

Found : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AV[...]

Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");

*************************

AdwCleaner[R1].txt - [5408 octets] - [02/12/2012 16:31:30]

AdwCleaner[R2].txt - [5468 octets] - [02/12/2012 16:31:51]

AdwCleaner[R3].txt - [5410 octets] - [11/12/2012 09:11:20]

########## EOF - C:\AdwCleaner[R3].txt - [5470 octets] ##########

Link to post
Share on other sites

  • Staff

Things are looking good. :)

We need to remove what ADWCleaner found next.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number

Link to post
Share on other sites

Here is the log from deleting AdwCleaner:

# AdwCleaner v2.100 - Logfile created 12/12/2012 at 15:08:56

# Updated 09/12/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Jess - JESSICA700M

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Jess\Desktop\anti-virus\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search

Folder Deleted : C:\Documents and Settings\Jess\Application Data\AVG Secure Search

Folder Deleted : C:\Documents and Settings\Jess\Local Settings\Application Data\AVG Secure Search

Folder Deleted : C:\Program Files\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\Software\AVG Secure Search

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://isearch.avg.com/?cid={E74EDDFE-758D-4E95-8608-AF6E40959D9E}&mid=3b0b2e00938547d085a526531fe9b5d6-f54db5c9b71f6d133d90889d918be46c29a3e7a7〈=en&ds=AVG&pr=fr&d=2012-06-27 22:04:12&v=12.2.5.32&sap=hp --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxps://isearch.avg.com/tab?cid={E74EDDFE-758D-4E95-8608-AF6E40959D9E}&mid=3b0b2e00938547d085a526531fe9b5d6-f54db5c9b71f6d133d90889d918be46c29a3e7a7〈=en&ds=AVG&pr=fr&d=2012-06-27 22:04:12&v=12.2.5.32&sap=nt --> hxxp://www.google.com

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default

File : C:\Documents and Settings\Jess\Application Data\Mozilla\Firefox\Profiles\x3tcajz3.default\prefs.js

Deleted : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AV[...]

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

*************************

AdwCleaner[R1].txt - [5408 octets] - [02/12/2012 16:31:30]

AdwCleaner[R2].txt - [5468 octets] - [02/12/2012 16:31:51]

AdwCleaner[R3].txt - [5539 octets] - [11/12/2012 09:11:20]

AdwCleaner[s2].txt - [5488 octets] - [12/12/2012 15:08:56]

########## EOF - C:\AdwCleaner[s2].txt - [5548 octets] ##########

Link to post
Share on other sites

  • Staff

Looking good from here. :) How are things running?

  • Please double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with Yes.

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.