Jump to content

Recommended Posts

Synopsis -- encountered search engine re-directs, was able to run Malwarebytes two times (and it appears the search re-directs were taken care of). I rebooted once more, wanting to run another scan, and get the Windows cannot find access the specified device, path or file error. Also, on AVG Free, get there are no active components message on the interface.

DDS and attach file submitted for your consideration. Thanks!

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Kevin at 21:20:11 on 2011-11-11

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1312 [GMT -6:00]

.

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: Norton Internet Worm Protection *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

D:\Program Files\AVG\AVG9\avgchsvx.exe

D:\Program Files\AVG\AVG9\avgrsx.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Creative\Shared Files\CTAudSvc.exe

D:\Program Files\AVG\AVG9\avgcsrvx.exe

svchost.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE

C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe

C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\QuickTime\QTTask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe

c:\program files\common files\installshield\updateservice\isuspm.exe

C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.centurylink.net/

uInternet Connection Wizard,ShellNext = iexplore

BHO: AutorunsDisabled - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - d:\program files\hp\smart web printing\hpswp_printenhancer.dll

BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - d:\program files\hp\smart web printing\hpswp_framework.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - d:\program files\avg\avg9\avgssie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [CTDVDDET] "c:\program files\creative\sbaudigy4\dvdaudio\CTDVDDET.EXE"

mRun: [CTSysVol] c:\program files\creative\sbaudigy4\surround mixer\CTSysVol.exe /r

mRun: [updReg] c:\windows\UpdReg.EXE

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [iSUSScheduler] "c:\progra~1\common~1\instal~1\update~1\issch.exe" -start

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup

mRun: [CTHelper] CTHELPER.EXE

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"

IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - d:\program files\hp\smart web printing\hpswp_extensions.dll

IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - d:\program files\hp\smart web printing\hpswp_extensions.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: intuit.com\ttlc

Trusted Zone: scott.mn.us\*.co

Trusted Zone: scott.mn.us\vpn.co

Trusted Zone: soe.com

Trusted Zone: sony.com

Trusted Zone: turbotax.com

DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab

DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - hxxps://vpn.co.scott.mn.us/vdesk/terminal/f5opswati.cab#Version=7001,2011,803,1915

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - hxxps://vpn.co.scott.mn.us/vdesk/terminal/urxvpn.cab#version=6031,2010,1215,1100

DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - hxxps://vpn.co.scott.mn.us/vdesk/terminal/f5opswati.cab#Version=7001,2011,803,1915

DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://vpn.co.scott.mn.us/vdesk/terminal/f5tunsrv.cab#version=6031,2010,1215,1053

DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - hxxps://vpn.co.scott.mn.us/vdesk/terminal/InstallerControl.cab#version=6031,2010,0617,2017

DPF: {49EC7987-E331-44E3-B170-748B58A268B9} - hxxps://vpn.co.scott.mn.us/vdesk/terminal/f5opswati.cab#Version=7001,2011,803,1915

DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - hxxps://vpn.co.scott.mn.us/vdesk/terminal/f5InspectionHost.cab#version=6031,2010,0617,2003

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab

DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} - hxxps://vpn.co.scott.mn.us/vdesk/terminal/urTermProxy.cab#version=6020,2008,0514,2337

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230271662828

DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} - hxxps://vpn.co.scott.mn.us/vdesk/terminal/vdeskctrl.cab#version=6031,2009,1212,1610

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://vpn.co.scott.mn.us/vdesk/terminal/urxshost.cab#version=6031,2010,617,2010

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://vpn.co.scott.mn.us/vdesk/terminal/urxhost.cab#version=6031,2010,902,806

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - hxxps://vpn.co.scott.mn.us/vdesk/terminal/f5opswati.cab#Version=7001,2011,803,1915

DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} - hxxp://update.hpphoto.com/download/HPSWUpdate.ocx

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab

TCP: DhcpNameServer = 65.41.112.27 66.247.107.74

TCP: Interfaces\{25F03309-EEAA-44B3-8FDC-6CDB3D5B2950} : DhcpNameServer = 65.41.112.27 66.247.107.74

TCP: Interfaces\{D1F7B997-A144-4EAF-88DA-62D4FF9E92D1} : DhcpNameServer = 65.41.112.27 66.247.107.74

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\program files\avg\avg9\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-9-16 216400]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-9-16 29712]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-16 243152]

R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2009-8-30 7040]

R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-12-30 12672]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-8-13 2218600]

R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]

R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]

R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2010-12-17 45464]

R3 npusbio;npusbio;c:\windows\system32\drivers\npusbio.sys [2011-8-20 37408]

R3 SWUSBFLT;Microsoft SideWinder VIA Filter Driver;c:\windows\system32\drivers\SWUSBFLT.SYS [2007-8-4 3968]

R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [2008-9-4 33920]

S2 avg9wd;AVG Free WatchDog;d:\program files\avg\avg9\avgwdsvc.exe [2010-9-16 308136]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-29 136176]

S2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-8-7 1247600]

S3 ALSysIO;ALSysIO;\??\d:\temp\alsysio.sys --> d:\temp\ALSysIO.sys [?]

S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2011-3-5 79360]

S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]

S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]

S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]

S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-12-30 13192]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-12-30 8456]

S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [2008-4-17 10752]

S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [2009-8-30 17792]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-29 136176]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S4 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [2007-8-3 14592]

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

2011-11-11 15:21:49 259748 ----a-w- c:\windows\system32\nvdrsdb1.bin

2011-11-11 15:21:49 259748 ----a-w- c:\windows\system32\nvdrsdb0.bin

2011-11-11 15:21:49 1 ----a-w- c:\windows\system32\nvdrssel.bin

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 17:21:00 61328 -c--a-r- c:\windows\system32\drivers\SZKG.sys

2011-09-26 17:21:00 61328 -c--a-r- c:\windows\system32\drivers\is3srv.sys

2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-18 19:19:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-06 13:20:51 1858944 ------w- c:\windows\system32\win32k.sys

2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48:54 43520 ------w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56:39 385024 ------w- c:\windows\system32\html.iec

2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-08-16 22:48:30 59080 -c--a-r- c:\windows\system32\drivers\SZKGFS.sys

.

============= FINISH: 21:20:52.23 ===============

attach.txt

Link to post
Share on other sites

Hello mesaba116 and welcome to Malwarebytes! :welcome:

I sincerely apologize for the delay.

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
***IMPORTANT: save ComboFix to your Desktop***
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
-------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • TDSSKiller report
  • C:\ComboFix.txt
  • checkup.txt

How is your computer running now?

Link to post
Share on other sites

Here are the results of TDSS Killer. It appears clean. I had run it previously, and it identified four threats, which I had removed.

18:34:46.0484 1492 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15

18:34:46.0625 1492 ============================================================

18:34:46.0625 1492 Current date / time: 2011/11/14 18:34:46.0625

18:34:46.0625 1492 SystemInfo:

18:34:46.0625 1492

18:34:46.0625 1492 OS Version: 5.1.2600 ServicePack: 3.0

18:34:46.0625 1492 Product type: Workstation

18:34:46.0625 1492 ComputerName: BASEMENT

18:34:46.0625 1492 UserName: Kevin

18:34:46.0625 1492 Windows directory: C:\WINDOWS

18:34:46.0625 1492 System windows directory: C:\WINDOWS

18:34:46.0625 1492 Processor architecture: Intel x86

18:34:46.0625 1492 Number of processors: 2

18:34:46.0625 1492 Page size: 0x1000

18:34:46.0625 1492 Boot type: Normal boot

18:34:46.0625 1492 ============================================================

18:34:47.0640 1492 Initialize success

18:34:49.0281 2248 ============================================================

18:34:49.0281 2248 Scan started

18:34:49.0281 2248 Mode: Manual;

18:34:49.0281 2248 ============================================================

18:34:50.0906 2248 Abiosdsk - ok

18:34:50.0921 2248 abp480n5 - ok

18:34:50.0953 2248 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

18:34:50.0953 2248 ACPI - ok

18:34:50.0984 2248 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

18:34:50.0984 2248 ACPIEC - ok

18:34:50.0984 2248 adpu160m - ok

18:34:51.0031 2248 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

18:34:51.0031 2248 aec - ok

18:34:51.0062 2248 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys

18:34:51.0078 2248 Afc - ok

18:34:51.0093 2248 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

18:34:51.0125 2248 AFD - ok

18:34:51.0125 2248 Aha154x - ok

18:34:51.0125 2248 aic78u2 - ok

18:34:51.0140 2248 aic78xx - ok

18:34:51.0140 2248 AliIde - ok

18:34:57.0187 2248 ALSysIO - ok

18:34:57.0234 2248 amsint - ok

18:34:57.0265 2248 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

18:34:57.0265 2248 Arp1394 - ok

18:34:57.0281 2248 asc - ok

18:34:57.0281 2248 asc3350p - ok

18:34:57.0281 2248 asc3550 - ok

18:34:57.0312 2248 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

18:34:57.0312 2248 AsyncMac - ok

18:34:57.0328 2248 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

18:34:57.0328 2248 atapi - ok

18:34:57.0328 2248 Atdisk - ok

18:34:57.0359 2248 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

18:34:57.0359 2248 Atmarpc - ok

18:34:57.0375 2248 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

18:34:57.0375 2248 audstub - ok

18:34:57.0421 2248 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

18:34:57.0421 2248 AVGIDSDriver - ok

18:34:57.0453 2248 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

18:34:57.0453 2248 AVGIDSEH - ok

18:34:57.0453 2248 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

18:34:57.0468 2248 AVGIDSFilter - ok

18:34:57.0500 2248 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

18:34:57.0500 2248 AVGIDSShim - ok

18:34:57.0531 2248 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

18:34:57.0546 2248 Avgldx86 - ok

18:34:57.0562 2248 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

18:34:57.0562 2248 Avgmfx86 - ok

18:34:57.0609 2248 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

18:34:57.0609 2248 Avgrkx86 - ok

18:34:57.0640 2248 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

18:34:57.0640 2248 Avgtdix - ok

18:34:57.0671 2248 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

18:34:57.0671 2248 Beep - ok

18:34:57.0687 2248 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

18:34:57.0687 2248 cbidf2k - ok

18:34:57.0703 2248 cd20xrnt - ok

18:34:57.0718 2248 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

18:34:57.0718 2248 Cdaudio - ok

18:34:57.0734 2248 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

18:34:57.0734 2248 Cdfs - ok

18:34:57.0765 2248 Cdrom (f4c3b054903620e23dcdc400f1c6cdd1) C:\WINDOWS\system32\DRIVERS\cdrom.sys

18:34:57.0765 2248 Cdrom - ok

18:34:57.0765 2248 Changer - ok

18:34:57.0781 2248 CmdIde - ok

18:34:57.0812 2248 COMMONFX (ef44c32b1aef62380426b260bf2c66f1) C:\WINDOWS\system32\drivers\COMMONFX.SYS

18:34:57.0812 2248 COMMONFX - ok

18:34:57.0843 2248 COMMONFX.SYS (ef44c32b1aef62380426b260bf2c66f1) C:\WINDOWS\System32\drivers\COMMONFX.SYS

18:34:57.0843 2248 COMMONFX.SYS - ok

18:34:57.0859 2248 Cpqarray - ok

18:34:57.0890 2248 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\WINDOWS\system32\drivers\cpuz132_x32.sys

18:34:57.0906 2248 cpuz132 - ok

18:34:57.0937 2248 ctac32k (357c534b38019b597f51c8bf7186c118) C:\WINDOWS\system32\drivers\ctac32k.sys

18:34:57.0937 2248 ctac32k - ok

18:34:57.0953 2248 ctaud2k (691f8259a1f9c983356d8db2cde8043c) C:\WINDOWS\system32\drivers\ctaud2k.sys

18:34:57.0953 2248 ctaud2k - ok

18:34:57.0984 2248 CTAUDFX (7fc78aa6521ef3d9f16e51efab0bf13b) C:\WINDOWS\system32\drivers\CTAUDFX.SYS

18:34:57.0984 2248 CTAUDFX - ok

18:34:58.0000 2248 CTAUDFX.SYS (7fc78aa6521ef3d9f16e51efab0bf13b) C:\WINDOWS\System32\drivers\CTAUDFX.SYS

18:34:58.0000 2248 CTAUDFX.SYS - ok

18:34:58.0046 2248 ctdvda2k (8545d70b0335a05498f34e7e3f8ca9a2) C:\WINDOWS\system32\drivers\ctdvda2k.sys

18:34:58.0062 2248 ctdvda2k - ok

18:34:58.0078 2248 CTERFXFX (16f448354067914e7deaea709011bd60) C:\WINDOWS\system32\drivers\CTERFXFX.SYS

18:34:58.0078 2248 CTERFXFX - ok

18:34:58.0078 2248 CTERFXFX.SYS (16f448354067914e7deaea709011bd60) C:\WINDOWS\System32\drivers\CTERFXFX.SYS

18:34:58.0078 2248 CTERFXFX.SYS - ok

18:34:58.0093 2248 ctprxy2k (4d71541283aea28fb839007be90b5fc7) C:\WINDOWS\system32\drivers\ctprxy2k.sys

18:34:58.0093 2248 ctprxy2k - ok

18:34:58.0109 2248 CTSBLFX (64c83684661be137023f5186a612cf34) C:\WINDOWS\system32\drivers\CTSBLFX.SYS

18:34:58.0109 2248 CTSBLFX - ok

18:34:58.0140 2248 CTSBLFX.SYS (64c83684661be137023f5186a612cf34) C:\WINDOWS\System32\drivers\CTSBLFX.SYS

18:34:58.0140 2248 CTSBLFX.SYS - ok

18:34:58.0156 2248 ctsfm2k (632194572ebde8d461728cf382a7e964) C:\WINDOWS\system32\drivers\ctsfm2k.sys

18:34:58.0156 2248 ctsfm2k - ok

18:34:58.0156 2248 dac2w2k - ok

18:34:58.0156 2248 dac960nt - ok

18:34:58.0187 2248 dc3d (734bbe7c66e6fd6047a1bd29b9343b30) C:\WINDOWS\system32\DRIVERS\dc3d.sys

18:34:58.0187 2248 dc3d - ok

18:35:03.0765 2248 ddxgb - ok

18:35:03.0843 2248 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

18:35:03.0843 2248 Disk - ok

18:35:03.0906 2248 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

18:35:03.0921 2248 dmboot - ok

18:35:03.0953 2248 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

18:35:03.0953 2248 dmio - ok

18:35:03.0968 2248 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

18:35:03.0968 2248 dmload - ok

18:35:04.0000 2248 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

18:35:04.0000 2248 DMusic - ok

18:35:04.0015 2248 dpti2o - ok

18:35:04.0031 2248 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

18:35:04.0031 2248 drmkaud - ok

18:35:04.0062 2248 emupia (bacd9cc06d7a787e529e7ebf56b671aa) C:\WINDOWS\system32\drivers\emupia2k.sys

18:35:04.0062 2248 emupia - ok

18:35:04.0078 2248 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys

18:35:04.0187 2248 epmntdrv - ok

18:35:04.0203 2248 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys

18:35:04.0218 2248 EuGdiDrv - ok

18:35:04.0250 2248 f5ipfw (655b4da37044be6f58cd700426b2e242) C:\WINDOWS\system32\drivers\urfltw2k.sys

18:35:04.0250 2248 f5ipfw - ok

18:35:04.0265 2248 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

18:35:04.0265 2248 Fastfat - ok

18:35:04.0296 2248 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

18:35:04.0296 2248 Fdc - ok

18:35:04.0312 2248 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

18:35:04.0312 2248 Fips - ok

18:35:04.0328 2248 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

18:35:04.0328 2248 Flpydisk - ok

18:35:04.0359 2248 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

18:35:04.0359 2248 FltMgr - ok

18:35:04.0390 2248 FNETTBOH (b91c51d44558985ed0593fd5963d1866) C:\WINDOWS\system32\drivers\FNETTBOH.SYS

18:35:04.0406 2248 FNETTBOH - ok

18:35:04.0421 2248 FNETURPX (0a79334fb069c6b38df7ad56a109ea01) C:\WINDOWS\system32\drivers\FNETURPX.SYS

18:35:04.0421 2248 FNETURPX - ok

18:35:04.0453 2248 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

18:35:04.0468 2248 Fs_Rec - ok

18:35:04.0500 2248 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

18:35:04.0500 2248 Ftdisk - ok

18:35:04.0515 2248 GcKernel (72fe2bea6863d4eb93442a1c4fb5ca48) C:\WINDOWS\system32\DRIVERS\GcKernel.sys

18:35:04.0515 2248 GcKernel - ok

18:35:04.0546 2248 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

18:35:04.0546 2248 GEARAspiWDM - ok

18:35:04.0578 2248 gmer (b56eb0a2210980e76390bd670bcb618b) C:\WINDOWS\system32\DRIVERS\gmer.sys

18:35:04.0578 2248 gmer - ok

18:35:04.0609 2248 GoProto (3800262165ce4a2b9d1ed09e2bce3e9c) C:\WINDOWS\system32\DRIVERS\goprot51.sys

18:35:04.0625 2248 GoProto - ok

18:35:04.0656 2248 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

18:35:04.0656 2248 Gpc - ok

18:35:04.0718 2248 ha10kx2k (70606233f3ed0e53cb3ea17f846d6a4f) C:\WINDOWS\system32\drivers\ha10kx2k.sys

18:35:04.0718 2248 ha10kx2k - ok

18:35:04.0750 2248 hap16v2k (a0c69ad2a61e576b0207acdd9626e167) C:\WINDOWS\system32\drivers\hap16v2k.sys

18:35:04.0750 2248 hap16v2k - ok

18:35:04.0781 2248 hap17v2k (2ee89452c574d259ada4fc9fc1c07243) C:\WINDOWS\system32\drivers\hap17v2k.sys

18:35:04.0781 2248 hap17v2k - ok

18:35:04.0796 2248 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

18:35:04.0812 2248 HDAudBus - ok

18:35:04.0828 2248 HIDSwvd (bd205320308fb41c88a4049a2d1764b4) C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys

18:35:04.0828 2248 HIDSwvd - ok

18:35:04.0859 2248 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

18:35:04.0859 2248 hidusb - ok

18:35:04.0859 2248 hpn - ok

18:35:04.0890 2248 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

18:35:04.0906 2248 HPZid412 - ok

18:35:04.0921 2248 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

18:35:04.0921 2248 HPZipr12 - ok

18:35:04.0968 2248 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

18:35:04.0968 2248 HPZius12 - ok

18:35:05.0015 2248 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

18:35:05.0031 2248 HTTP - ok

18:35:05.0062 2248 i2omgmt - ok

18:35:05.0078 2248 i2omp - ok

18:35:05.0109 2248 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys

18:35:05.0109 2248 i8042prt - ok

18:35:05.0156 2248 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

18:35:05.0156 2248 Imapi - ok

18:35:05.0171 2248 ini910u - ok

18:35:05.0281 2248 IntcAzAudAddService (284bcb80391783d328a8d8163e97fd58) C:\WINDOWS\system32\drivers\RtkHDAud.sys

18:35:05.0390 2248 IntcAzAudAddService - ok

18:35:05.0390 2248 IntelIde - ok

18:35:05.0406 2248 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

18:35:05.0406 2248 intelppm - ok

18:35:05.0437 2248 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

18:35:05.0437 2248 Ip6Fw - ok

18:35:05.0468 2248 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

18:35:05.0468 2248 IpFilterDriver - ok

18:35:05.0468 2248 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

18:35:05.0468 2248 IpInIp - ok

18:35:05.0500 2248 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

18:35:05.0500 2248 IpNat - ok

18:35:05.0515 2248 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

18:35:05.0515 2248 IPSec - ok

18:35:05.0531 2248 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

18:35:05.0531 2248 IRENUM - ok

18:35:05.0578 2248 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

18:35:05.0578 2248 isapnp - ok

18:35:05.0593 2248 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

18:35:05.0593 2248 Kbdclass - ok

18:35:05.0609 2248 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

18:35:05.0609 2248 kbdhid - ok

18:35:05.0640 2248 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

18:35:05.0640 2248 kmixer - ok

18:35:05.0671 2248 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

18:35:05.0671 2248 KSecDD - ok

18:35:05.0687 2248 lbrtfdc - ok

18:35:05.0718 2248 Memctl - ok

18:35:05.0750 2248 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

18:35:05.0750 2248 mnmdd - ok

18:35:05.0796 2248 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

18:35:05.0796 2248 Modem - ok

18:35:05.0843 2248 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

18:35:05.0843 2248 Mouclass - ok

18:35:05.0859 2248 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

18:35:05.0859 2248 mouhid - ok

18:35:05.0890 2248 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

18:35:05.0890 2248 MountMgr - ok

18:35:05.0890 2248 mraid35x - ok

18:35:05.0906 2248 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

18:35:05.0906 2248 MRxDAV - ok

18:35:05.0953 2248 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

18:35:06.0000 2248 MRxSmb - ok

18:35:06.0015 2248 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

18:35:06.0015 2248 Msfs - ok

18:35:06.0046 2248 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

18:35:06.0046 2248 MSKSSRV - ok

18:35:06.0062 2248 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

18:35:06.0062 2248 MSPCLOCK - ok

18:35:06.0093 2248 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

18:35:06.0093 2248 MSPQM - ok

18:35:06.0109 2248 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

18:35:06.0109 2248 mssmbios - ok

18:35:06.0140 2248 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

18:35:06.0140 2248 Mup - ok

18:35:06.0140 2248 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

18:35:06.0140 2248 NDIS - ok

18:35:06.0156 2248 NDISRD - ok

18:35:06.0187 2248 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

18:35:06.0203 2248 NdisTapi - ok

18:35:06.0234 2248 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

18:35:06.0234 2248 Ndisuio - ok

18:35:06.0250 2248 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

18:35:06.0250 2248 NdisWan - ok

18:35:06.0265 2248 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

18:35:06.0281 2248 NDProxy - ok

18:35:06.0281 2248 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

18:35:06.0281 2248 NetBIOS - ok

18:35:06.0312 2248 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

18:35:06.0312 2248 NetBT - ok

18:35:06.0328 2248 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

18:35:06.0328 2248 NIC1394 - ok

18:35:06.0343 2248 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

18:35:06.0343 2248 Npfs - ok

18:35:06.0375 2248 npusbio (494fdca436c1ab7a983e7778d34678e1) C:\WINDOWS\system32\Drivers\npusbio.sys

18:35:06.0375 2248 npusbio - ok

18:35:06.0406 2248 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

18:35:06.0421 2248 Ntfs - ok

18:35:06.0453 2248 NuidFltr (37be10ff10a92031fc5a01e8363925cc) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys

18:35:06.0453 2248 NuidFltr - ok

18:35:06.0484 2248 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

18:35:06.0484 2248 Null - ok

18:35:06.0765 2248 nv (f1de35c89d98a883d1b4030dc9896855) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

18:35:07.0031 2248 nv - ok

18:35:07.0078 2248 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

18:35:07.0078 2248 NwlnkFlt - ok

18:35:07.0109 2248 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

18:35:07.0109 2248 NwlnkFwd - ok

18:35:07.0125 2248 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

18:35:07.0125 2248 ohci1394 - ok

18:35:07.0156 2248 ossrv (ae896073e1bbf98fefc2ec52f62c0fba) C:\WINDOWS\system32\drivers\ctoss2k.sys

18:35:07.0156 2248 ossrv - ok

18:35:07.0171 2248 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

18:35:07.0171 2248 Parport - ok

18:35:07.0187 2248 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

18:35:07.0187 2248 PartMgr - ok

18:35:07.0203 2248 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

18:35:07.0203 2248 ParVdm - ok

18:35:07.0218 2248 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

18:35:07.0234 2248 PCI - ok

18:35:07.0234 2248 PCIDump - ok

18:35:07.0265 2248 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

18:35:07.0265 2248 PCIIde - ok

18:35:07.0281 2248 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

18:35:07.0281 2248 Pcmcia - ok

18:35:07.0296 2248 PDCOMP - ok

18:35:07.0296 2248 PDFRAME - ok

18:35:07.0296 2248 PDRELI - ok

18:35:07.0312 2248 PDRFRAME - ok

18:35:07.0312 2248 perc2 - ok

18:35:07.0328 2248 perc2hib - ok

18:35:07.0359 2248 Point32 (7d7a9c17d5455203dea11e5ef886cc59) C:\WINDOWS\system32\DRIVERS\point32.sys

18:35:07.0359 2248 Point32 - ok

18:35:07.0390 2248 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

18:35:07.0390 2248 PptpMiniport - ok

18:35:07.0390 2248 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

18:35:07.0390 2248 PSched - ok

18:35:07.0406 2248 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

18:35:07.0406 2248 Ptilink - ok

18:35:07.0406 2248 ql1080 - ok

18:35:07.0421 2248 Ql10wnt - ok

18:35:07.0421 2248 ql12160 - ok

18:35:07.0437 2248 ql1240 - ok

18:35:07.0437 2248 ql1280 - ok

18:35:07.0453 2248 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

18:35:07.0453 2248 RasAcd - ok

18:35:07.0468 2248 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

18:35:07.0468 2248 Rasl2tp - ok

18:35:07.0468 2248 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

18:35:07.0484 2248 RasPppoe - ok

18:35:07.0484 2248 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

18:35:07.0484 2248 Raspti - ok

18:35:07.0500 2248 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

18:35:07.0500 2248 Rdbss - ok

18:35:07.0515 2248 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

18:35:07.0515 2248 RDPCDD - ok

18:35:07.0546 2248 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

18:35:07.0546 2248 RDPWD - ok

18:35:07.0593 2248 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

18:35:07.0593 2248 redbook - ok

18:35:07.0640 2248 RTLE8023xp (038e5b050019e6ffbdb048c7fa51d592) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

18:35:07.0656 2248 RTLE8023xp - ok

18:35:07.0671 2248 Secdrv (ba0d892d2f786bcebdf03b0a252b47f3) C:\WINDOWS\system32\DRIVERS\secdrv.sys

18:35:07.0687 2248 Secdrv - ok

18:35:07.0718 2248 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

18:35:07.0718 2248 Serial - ok

18:35:07.0734 2248 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

18:35:07.0734 2248 Sfloppy - ok

18:35:07.0734 2248 Simbad - ok

18:35:07.0750 2248 Sparrow - ok

18:35:07.0750 2248 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

18:35:07.0765 2248 splitter - ok

18:35:07.0765 2248 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

18:35:07.0765 2248 sr - ok

18:35:07.0796 2248 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

18:35:07.0796 2248 Srv - ok

18:35:07.0812 2248 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

18:35:07.0812 2248 swenum - ok

18:35:07.0828 2248 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

18:35:07.0828 2248 swmidi - ok

18:35:07.0843 2248 SWUSBFLT (5212178c49079e40831d95ec7596fcc7) C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys

18:35:07.0843 2248 SWUSBFLT - ok

18:35:07.0859 2248 symc810 - ok

18:35:07.0859 2248 symc8xx - ok

18:35:07.0890 2248 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys

18:35:07.0890 2248 symlcbrd - ok

18:35:07.0890 2248 sym_hi - ok

18:35:07.0906 2248 sym_u3 - ok

18:35:07.0906 2248 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

18:35:07.0921 2248 sysaudio - ok

18:35:07.0953 2248 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

18:35:07.0953 2248 Tcpip - ok

18:35:07.0968 2248 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

18:35:07.0968 2248 TDPIPE - ok

18:35:07.0984 2248 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

18:35:07.0984 2248 TDTCP - ok

18:35:07.0984 2248 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

18:35:07.0984 2248 TermDD - ok

18:35:08.0000 2248 TosIde - ok

18:35:08.0015 2248 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

18:35:08.0015 2248 Udfs - ok

18:35:08.0046 2248 UGURU (c3cd138762aab1797805c26bf5defcbe) C:\WINDOWS\system32\drivers\uGuru.sys

18:35:08.0046 2248 UGURU - ok

18:35:08.0062 2248 ultra - ok

18:35:08.0093 2248 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

18:35:08.0093 2248 Update - ok

18:35:08.0125 2248 urvpndrv (b023b2516339f6a8d054b69f6b996364) C:\WINDOWS\system32\DRIVERS\covpndrv.sys

18:35:08.0125 2248 urvpndrv - ok

18:35:08.0156 2248 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

18:35:08.0171 2248 USBAAPL - ok

18:35:08.0203 2248 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

18:35:08.0203 2248 usbaudio - ok

18:35:08.0250 2248 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

18:35:08.0250 2248 usbccgp - ok

18:35:08.0265 2248 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

18:35:08.0265 2248 usbehci - ok

18:35:08.0265 2248 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

18:35:08.0265 2248 usbhub - ok

18:35:08.0281 2248 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

18:35:08.0281 2248 usbprint - ok

18:35:08.0296 2248 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

18:35:08.0296 2248 usbscan - ok

18:35:08.0328 2248 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

18:35:08.0328 2248 USBSTOR - ok

18:35:08.0343 2248 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

18:35:08.0343 2248 usbuhci - ok

18:35:08.0343 2248 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

18:35:08.0343 2248 VgaSave - ok

18:35:08.0359 2248 ViaIde - ok

18:35:08.0390 2248 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

18:35:08.0390 2248 VolSnap - ok

18:35:08.0406 2248 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

18:35:08.0406 2248 Wanarp - ok

18:35:08.0437 2248 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

18:35:08.0437 2248 Wdf01000 - ok

18:35:08.0453 2248 WDICA - ok

18:35:08.0484 2248 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

18:35:08.0484 2248 wdmaud - ok

18:35:08.0531 2248 Winflash - ok

18:35:08.0562 2248 WinUSB (30fc6e5448d0cbaaa95280eeef7fedae) C:\WINDOWS\system32\DRIVERS\winusb.sys

18:35:08.0562 2248 WinUSB - ok

18:35:08.0593 2248 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

18:35:08.0593 2248 WS2IFSL - ok

18:35:08.0640 2248 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

18:35:08.0656 2248 WudfPf - ok

18:35:08.0671 2248 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

18:35:08.0671 2248 WudfRd - ok

18:35:08.0703 2248 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

18:35:08.0812 2248 \Device\Harddisk0\DR0 - ok

18:35:08.0812 2248 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

18:35:08.0812 2248 \Device\Harddisk1\DR1 - ok

18:35:08.0812 2248 Boot (0x1200) (5534f7dbdd7d4e86b25fcfe829f66986) \Device\Harddisk0\DR0\Partition0

18:35:08.0812 2248 \Device\Harddisk0\DR0\Partition0 - ok

18:35:08.0828 2248 Boot (0x1200) (8d0510914116baae12ee130b2ddda227) \Device\Harddisk0\DR0\Partition1

18:35:08.0828 2248 \Device\Harddisk0\DR0\Partition1 - ok

18:35:08.0828 2248 Boot (0x1200) (638e3e0a2487c62b32792ada861332fb) \Device\Harddisk1\DR1\Partition0

18:35:08.0828 2248 \Device\Harddisk1\DR1\Partition0 - ok

18:35:08.0843 2248 ============================================================

18:35:08.0843 2248 Scan finished

18:35:08.0843 2248 ============================================================

18:35:08.0843 2688 Detected object count: 0

18:35:08.0843 2688 Actual detected object count: 0

Link to post
Share on other sites

ComboFix 11-11-15.06 - Kevin 11/15/2011 20:56:11.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1520 [GMT -6:00]

Running from: c:\documents and settings\Kevin\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg

c:\documents and settings\All Users\Application Data\TEMP\AVG\crt_x64.msi

c:\documents and settings\All Users\Application Data\TEMP\AVG\files.dat

c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg

c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg

c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.dat

c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe

c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupcz.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupda.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupfr.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupge.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setuphu.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupid.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupin.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupit.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupjp.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupko.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupms.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupnl.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppb.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppl.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppt.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupru.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsc.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsk.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsp.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setuptr.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupus.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzh.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzt.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\trialkey.dat

c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredis1.cab

c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredist.msi

c:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk

c:\documents and settings\Kevin\Application Data\dwm.exe

c:\documents and settings\Kevin\Application Data\facemoods.com

c:\documents and settings\Kevin\Application Data\facemoods.com\facemoods\Online Games.ico

c:\documents and settings\Kevin\Application Data\facemoods.com\facemoods\us\20101003\kywrds.tat

c:\documents and settings\Kevin\Application Data\facemoods.com\facemoods\us\20101003\kywrds.ttr

c:\program files\Common Files\Uninstall

c:\program files\Search Toolbar

c:\program files\Search Toolbar\icon.ico

c:\program files\Search Toolbar\SearchToolbar.dll

c:\program files\Search Toolbar\SearchToolbarUninstall.exe

c:\program files\Search Toolbar\SearchToolbarUpdater.exe

c:\windows\$NtUninstallKB43429$

c:\windows\$NtUninstallKB43429$\1813571466

c:\windows\$NtUninstallKB43429$\2526003413\@

c:\windows\$NtUninstallKB43429$\2526003413\L(2)\eyuiifro

c:\windows\assembly\GAC_MSIL\desktop.ini

c:\windows\system32\

c:\windows\system32\AC2005DLL.dll

c:\windows\system32\ndisapi.dll

c:\windows\system32\rundll32.exe.exe

.

Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected

Restored copy from - c:\windows\system32\dllcache\cdrom.sys

.

.

((((((((((((((((((((((((( Files Created from 2011-10-16 to 2011-11-16 )))))))))))))))))))))))))))))))

.

.

2011-11-12 14:28 . 2011-11-12 14:28 -------- d-----w- c:\documents and settings\Kevin\Application Data\Malwarebytes

2011-11-12 14:28 . 2011-11-12 14:28 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-11-12 14:28 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-12 06:44 . 2011-11-12 06:44 -------- d-----w- c:\documents and settings\Kevin\Application Data\AVG2012

2011-11-12 06:43 . 2011-11-16 00:55 -------- d-----w- c:\windows\system32\drivers\AVG

2011-11-12 06:43 . 2011-11-12 07:26 -------- dc----w- c:\documents and settings\All Users\Application Data\AVG2012

2011-11-12 03:02 . 2011-11-12 03:02 -------- d-----w- c:\windows\system32\wbem\Repository

2011-11-12 03:01 . 2011-11-12 03:01 -------- d-----w- c:\program files\STOPzilla!

2011-11-12 01:25 . 2011-11-12 01:25 134184 -c--a-r- c:\windows\system32\IS3HTUI5.dll

2011-11-12 01:25 . 2011-11-12 01:25 68648 -c--a-r- c:\windows\system32\IS3Hks5.dll

2011-11-12 01:25 . 2011-11-12 01:25 547880 -c--a-r- c:\windows\system32\SZComp5.dll

2011-11-12 01:25 . 2011-11-12 01:25 482344 -c--a-r- c:\windows\system32\SZBase5.dll

2011-11-12 01:25 . 2011-11-12 01:25 457768 -c--a-r- c:\windows\system32\IS3DBA5.dll

2011-11-12 01:25 . 2011-11-12 01:25 30248 -c--a-r- c:\windows\system32\IS3XDat5.dll

2011-11-12 01:25 . 2011-11-12 01:25 24616 -c--a-r- c:\windows\system32\SZIO5.dll

2011-11-12 01:25 . 2011-11-12 01:25 105512 -c--a-r- c:\windows\system32\IS3Inet5.dll

2011-11-12 01:25 . 2011-11-12 01:25 101416 -c--a-r- c:\windows\system32\IS3Svc5.dll

2011-11-12 01:25 . 2011-11-12 01:25 740392 -c--a-r- c:\windows\system32\IS3Base5.dll

2011-11-12 01:25 . 2011-11-12 01:25 392232 -c--a-r- c:\windows\system32\IS3UI5.dll

2011-11-12 01:25 . 2011-11-12 01:25 232488 -c--a-r- c:\windows\system32\IS3Win325.dll

2011-11-12 01:01 . 2011-11-12 01:01 -------- d-----w- c:\program files\Common Files\iS3

2011-11-12 01:01 . 2011-11-12 02:03 -------- dc----w- c:\documents and settings\All Users\Application Data\STOPzilla!

2011-11-11 21:30 . 2011-11-11 21:30 -------- d-sh--w- c:\documents and settings\Kevin\Local Settings\Application Data\968fc0d5

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-12 06:57 . 2009-03-10 02:13 123336 ----a-w- c:\windows\system32\UAService7.exe

2011-11-12 06:57 . 2011-04-08 03:15 148880 ----a-w- c:\windows\system32\nvsvc32.exe

2011-10-10 14:22 . 2007-08-03 14:38 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-07 12:23 . 2011-10-07 12:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2011-10-04 12:21 . 2011-10-04 12:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys

2011-09-28 07:06 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 17:21 . 2011-09-26 17:21 61328 -c--a-r- c:\windows\system32\drivers\SZKG.sys

2011-09-26 17:21 . 2011-09-26 17:21 61328 -c--a-r- c:\windows\system32\drivers\is3srv.sys

2011-09-26 16:41 . 2007-10-09 18:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 16:41 . 2006-02-28 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 16:41 . 2006-02-28 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-18 19:19 . 2011-09-18 19:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-13 12:30 . 2011-09-13 12:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2011-09-06 13:20 . 2006-02-28 12:00 1858944 ------w- c:\windows\system32\win32k.sys

2011-08-26 16:18 . 2009-08-18 16:30 564632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll

2011-08-26 16:18 . 2009-08-18 16:24 18328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-08-22 23:48 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-04-03 389120]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]

"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 16050176]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 1753192]

"NvMediaCenter"="NvMCTray.dll" [2011-04-08 111208]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-08 13891176]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1298320]

"ISUSScheduler"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2004-04-13 69632]

"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-04-17 196608]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]

"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 18944]

"CTSysVol"="c:\program files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]

"CTHelper"="CTHELPER.EXE" [2010-03-19 19456]

"CTDVDDET"="c:\program files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

"AVG_TRAY"="d:\program files\AVG\avgtray.exe" [2011-10-25 2415456]

"TurboHddUsb"="c:\program files\TurboHddUsb\TurboHddUsb.exe" [2009-08-30 3327488]

"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]

"HP Software Update"="d:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA&inst=NwA3AC0ANAAyADAANwA2ADkANAAxADUALQBUADEALQBCAEEAKwAxAC0ASwBWADMAKwA3AC0AWABMACsAMQAtAFUAQwBBAEwATAArADEALQBVAEMAQQBMAEwAMgArADIALQBUAEIAOAArADIALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAxAC0AWABPADkAKwAxAC0ARgA5AE0AMgArADEALQBEAEQAVAArADEANAA4ADQAMAAtAEQARAA5ADAARgArADEALQBTAFQAOQAwAEYAQQBQAFAAKwAxAC0ARgA5ADAATQAxADIAQQBUACsAMQAtAEYAOQAwAE0AMQAyAEEAKwAxAC0ARgA5ADAATQAxADIAQQBCACsAMQAtAFUAOQA1ACsAMQAtAEYAOQAwAE0AMQAyAEEAVABCAE4AKwAxAA∏=90&ver=9.0.894" [?]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - d:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

TotalMedia Backup Monitor.lnk - d:\program files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe [2009-8-30 278528]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0d:\progra~1\AVG\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\Program Files\\Microsoft Games\\FS2004\\fs9.exe"=

"c:\\WINDOWS\\system32\\dpnsvr.exe"=

"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"f:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\Downloaded Program Files\\TunnelServer.exe"=

"f:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\Flight One Software\\Ultimate Traffic 2\\UT2Services.exe"=

"f:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\Flight One Software\\Ultimate Traffic 2\\UltimateTraffic2.exe"=

"d:\\Program Files\\2K Sports\\MLB 2K10\\mlb2k10.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"d:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

"d:\\Battle of Britain II\\Bob.exe"=

"d:\\Program Files\\AVG\\avgnsx.exe"=

"d:\\Program Files\\AVG\\avgdiagex.exe"=

"d:\\Program Files\\AVG\\avgmfapx.exe"=

"d:\\Program Files\\AVG\\avgemcx.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"56469:TCP"= 56469:TCP:Pando Media Booster

"56469:UDP"= 56469:UDP:Pando Media Booster

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 230608]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]

R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [8/30/2009 5:34 PM 7040]

R2 AVGIDSAgent;AVGIDSAgent;d:\program files\AVG\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]

R2 avgwd;AVG WatchDog;d:\program files\AVG\avgwdsvc.exe [8/2/2011 6:09 AM 192776]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [8/13/2011 9:40 PM 2218600]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/2011 6:21 AM 16720]

R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 8:39 PM 99416]

R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 8:39 PM 555096]

R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 8:39 PM 566360]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [12/17/2010 9:43 PM 45464]

R3 npusbio;npusbio;c:\windows\system32\drivers\npusbio.sys [8/20/2011 9:18 PM 37408]

R3 SWUSBFLT;Microsoft SideWinder VIA Filter Driver;c:\windows\system32\drivers\SWUSBFLT.SYS [8/4/2007 9:44 PM 3968]

R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [9/4/2008 1:53 PM 33920]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]

S3 ALSysIO;ALSysIO;\??\d:\temp\ALSysIO.sys --> d:\temp\ALSysIO.sys [?]

S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 8:39 PM 99416]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [3/5/2011 2:57 PM 79360]

S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 8:39 PM 555096]

S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 8:39 PM 100952]

S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 8:39 PM 100952]

S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 8:39 PM 566360]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [12/30/2009 8:24 PM 13192]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [12/30/2009 8:24 PM 8456]

S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [4/17/2008 8:18 PM 10752]

S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [8/30/2009 5:34 PM 17792]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S4 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [8/3/2007 9:46 AM 14592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-16 c:\windows\Tasks\User_Feed_Synchronization-{D9CC0301-93B3-4A98-A640-47B5700AB124}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]

.

2011-11-12 c:\windows\Tasks\WebReg Photosmart C5200 series.job

- d:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-12 03:27]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.centurylink.net/

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: intuit.com\ttlc

Trusted Zone: scott.mn.us\*.co

Trusted Zone: scott.mn.us\vpn.co

Trusted Zone: soe.com

Trusted Zone: sony.com

Trusted Zone: turbotax.com

TCP: DhcpNameServer = 65.41.112.27 66.247.107.74

DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - hxxps://vpn.co.scott.mn.us/vdesk/terminal/f5opswati.cab#Version=7001,2011,803,1915

DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - hxxps://vpn.co.scott.mn.us/vdesk/terminal/f5opswati.cab#Version=7001,2011,803,1915

DPF: {49EC7987-E331-44E3-B170-748B58A268B9} - hxxps://vpn.co.scott.mn.us/vdesk/terminal/f5opswati.cab#Version=7001,2011,803,1915

DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - hxxps://vpn.co.scott.mn.us/vdesk/terminal/f5opswati.cab#Version=7001,2011,803,1915

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-25625612.sys

AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-15 21:10

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(2928)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

d:\progra~1\AVG\avgrsx.exe

d:\program files\AVG\avgcsrvx.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Creative\Shared Files\CTAudSvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

c:\windows\system32\UAService7.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

d:\program files\AVG\avgnsx.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\RunDLL32.exe

c:\program files\Microsoft IntelliType Pro\dpupdchk.exe

d:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2011-11-15 21:15:26 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-16 03:15

.

Pre-Run: 8,359,264,256 bytes free

Post-Run: 8,513,798,144 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 7671D57FA385912975A85190CA4BE2B8

Results of screen317's Security Check version 0.99.26

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

AVG 2012

OPSWAT AntiVirus and Firewall Integration Libraries

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

HijackThis 2.0.2

CCleaner

Java 6 Update 18

Out of date Java installed!

Adobe Reader X (KB403742..) Adobe Reader Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

``````````End of Log````````````

Link to post
Share on other sites

Hello again,

ComboFix cleaned up most of what was left of the infection. Let's run some more scans to make sure there's no remnants left that it might have missed ;)

------

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

------

Download the latest version of Kaspersky Virus Removal Tool

  • Close all other applications and double-click and run the installer.
  • When the Kaspersky Virus Removal Tool starts, to the right of Security Level click Recommended, and select Settings.
  • In the window that opens (Autoscan), in the Scope tab place a checkmark to the left of Parse email formats.
  • Click the Additional tab and click to place a checkmark to the left of Deep scan, and click OK.
  • Select all the scanable items except for CD-ROM drives and click the Start scan button.
    6zvqld.gif
  • If malware is detected, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
  • After the scan finishes, if any threat remains in the Scan window (Red exclamation point), click the Neutralize all button
  • In the window that opens, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
  • If advised that a special disinfection procedure is required which demands system reboot: click the Ok button to close the window.
  • In the Scan window click the Reports button and select Save to file.
  • Name the report AVPT.txt, and save it to the Desktop.
  • Close AVPTool.
  • You will be prompted if you want to uninstall the program; click Yes.
  • You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.
  • Copy and paste the first part of the report (Detected) that you saved in your next reply.

-----

In your next reply, please include:

  • ESET Online Scan log
  • Kaspersky AVP Tool log

Also, please let me know how things are running now. :)

Link to post
Share on other sites

Here's the ESET log. I can't seem to attach the AVPT on the same note -- I'll try in a second reply. I did notice that, aside from both scans identifying objects, AVG12 alerted to several while some of the scans were running.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=23afafa0ffc0fc43a4911a5a7fe79e63

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=false

# utc_time=2011-11-16 11:22:29

# local_time=2011-11-16 05:22:29 (-0600, Central Standard Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1024 16777175 100 0 0 0 0 0

# compatibility_mode=2304 16777215 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=272973

# found=1

# cleaned=0

# scan_time=3864

C:\Qoobox\Quarantine\C\Program Files\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo application 5DDB11EA4AE68DC90C4D3EB427C290D3 I

Link to post
Share on other sites

Try this scan instead ;):

Please use the Internet Explorer and run a BitDefender Online scan from Here

  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan

Please post the results in your next reply.

Link to post
Share on other sites

Try this scan instead ;):

Please use the Internet Explorer and run a BitDefender Online scan from Here

  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan

Please post the results in your next reply.

I'm not able to get the Quickscan to load. I can get to the screen where it indicates I'm starting the download, but don't see the IE prompt about the Active X Control, and the d/l stays at 0%.

Link to post
Share on other sites

Try Panda Online Scan:

Please go HERE to run Panda ActiveScan 2.0

  • Click the big green Scan now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Once the scan is completed, please hit the notepad icon next to the text Export to:
  • Save it to a convenient location such as your Desktop
  • Post the contents of the ActiveScan.txt in your next reply

Link to post
Share on other sites

Here is the log. It was running so long I let it go overnight. One thing that struck me as odd. When I went to bed, it was 28% complete, and the scan had ID'd 52 infected files. When I got up, it still indicated 28% complete, so I hit cancel, it jumped to 100%, and there are only 32 items on the report. Should I be worried about that?

;***********************************************************************************************************************************************************************************

ANALYSIS: 2011-11-17 05:43:29

PROTECTIONS: 1

MALWARE: 32

SUSPECTS: 0

;***********************************************************************************************************************************************************************************

PROTECTIONS

Description Version Active Updated

;===================================================================================================================================================================================

AVG Anti-Virus Free Edition 2012 2012.0 Yes Yes

;===================================================================================================================================================================================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===================================================================================================================================================================================

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\documents and settings\kevin\cookies\l41igf58.txt

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\documents and settings\kay\cookies\kay@trafficmp[2].txt

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\documents and settings\kay\cookies\rv6gp9s1.txt

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\documents and settings\kevin\cookies\6shs761z.txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\kevin\cookies\zzz0nm3o.txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\kay\cookies\akbaicc9.txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\kay\cookies\xeetl577.txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\kevin\cookies\knnt17uh.txt

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\kay\cookies\kay@247realmedia[1].txt

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\kevin\cookies\wv695o5t.txt

00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\kay\cookies\kay@fastclick[1].txt

00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\kevin\cookies\mbcvtjwt.txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\kevin\cookies\xz18ks0u.txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\kay\cookies\kay@tribalfusion[2].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\kay\cookies\kay@mediaplex[2].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\kevin\cookies\nam7vxqj.txt

00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No c:\documents and settings\kay\cookies\kay@linksynergy[1].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\kevin\cookies\zef25ykd.txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\kay\cookies\kay@com[1].txt

00167647 Cookie/Yadro TrackingCookie No 0 Yes No c:\documents and settings\kevin\cookies\vv6mde6t.txt

00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\documents and settings\kevin\cookies\lj5bhwnt.txt

00167747 Cookie/Azjmp TrackingCookie No 0 Yes No c:\documents and settings\kay\cookies\kay@azjmp[1].txt

00167747 Cookie/Azjmp TrackingCookie No 0 Yes No c:\documents and settings\kevin\cookies\4ut70gqg.txt

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\kay\cookies\kay@statcounter[1].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\kevin\cookies\3cs0sz4a.txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\kay\cookies\kay@apmebf[1].txt

00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\documents and settings\kay\cookies\kay@burstnet[1].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\kay\cookies\kay@serving-sys[2].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\kevin\cookies\432k2j91.txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\kevin\cookies\zluyy2pj.txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\kay\cookies\kay@bs.serving-sys[1].txt

00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\kay\cookies\kay@www.burstbeacon[2].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\kay\cookies\bgg0z5f2.txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\kevin\cookies\cibqdb96.txt

00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No c:\documents and settings\kay\cookies\kay@adrevolver[1].txt

00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\kay\cookies\kay@statse.webtrendslive[2].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\kay\cookies\kay@ads.pointroll[1].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\kevin\cookies\3acfpvd7.txt

00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\kevin\cookies\dd6e4s6n.txt

00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\kay\cookies\kay@overture[2].txt

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\kay\cookies\kay@realmedia[2].txt

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\kevin\cookies\mlxfrv1g.txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\kevin\cookies\jqrlqcf8.txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\kay\cookies\kay@questionmarket[1].txt

00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\documents and settings\kevin\cookies\30k6jevo.txt

00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\documents and settings\kay\cookies\kay@zedo[1].txt

00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\kevin\cookies\xxwz8rzi.txt

00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\kay\cookies\kay@go[2].txt

00199984 Cookie/Searchportal TrackingCookie No 0 Yes No c:\documents and settings\kay\cookies\kay@searchportal.information[1].txt

00207338 Cookie/Target TrackingCookie No 0 Yes No c:\documents and settings\kay\cookies\kay@target[1].txt

00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\documents and settings\kevin\cookies\guh0f9v4.txt

00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No c:\documents and settings\kay\cookies\kay@citi.bridgetrack[2].txt

;===================================================================================================================================================================================

SUSPECTS

Sent Location

;===================================================================================================================================================================================

;===================================================================================================================================================================================

VULNERABILITIES

Id Severity Description

;===================================================================================================================================================================================

;===================================================================================================================================================================================

Link to post
Share on other sites

Your logs appear to be clean :)

Before we move on, please take the time to install the following updates, as using outdated applications leaves you extremely vulnerable to getting infected again:

Java is out of date and older versions contain vulnerabilities. Please update to the newest version.

Download the newest version from here http://www.oracle.com/technetwork/java/javase/downloads/index.html.

It's important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.

Go to Start > Control Panel and open Add or Remove Programs.

Search in the list for all previous installed versions of Java. (J2SE Runtime Environment).

They will have this icon next to them: javaicon.gif

Select each in turn and click Remove.

Once old versions are gone, please install the newest version.

-----

You're using an old version of Adobe Acrobat Reader, this can leave your PC open to vulnerabilities, you can update it here (uninstall version 7.0 first):

Adobe Reader X

Note: I suggest you uncheck an optional, third-party download (eg. McAfee Security Scan Plus).

After successfully installing Adobe Reader X, see this article on how to make this program more secure: Adobe Reader X secures itself by playing in the sandbox.

-----

Please let me know how the updates went, as failed updates may indicate additional malware.

Link to post
Share on other sites

Updating Java and Reader went smoothly -- with one anomoly on Reader. I had to go to the direct download site to get it. The Open/Save As dialog wouldn't open, nor was I asked if I wanted to go through with the download. But in the end, I got them updated, and got the sandbox configs done.

Thank you VERY much for your help, D-Fred!

Link to post
Share on other sites

Glad to hear the updates went well!

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

-------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :)

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.

AntiVir

AVG

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy

A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard

A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.

A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.

If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available

A tutorial on understanding and using firewalls may be found here.

If you use Internet Explorer, it is a good idea to use IE-Spyad for ZonedOut which provides protections against malicious websites. (Requires 2 downloads)

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.

If you are interested, Firefox may be downloaded from here

Opera is available here: http://www.opera.com/download/

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.