AVG showing multiple threats - am I infected

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

OverTheHill62

Thread Starter
Joined
Nov 20, 2011
Messages
48
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: AMD Hammer Family processor - Model Unknown, x86 Family 15 Model 44 Stepping 2
Processor Count: 1
RAM: 2014 Mb
Graphics Card: SiS Mirage Graphics, 32 Mb
Hard Drives: C: Total - 17547 MB, Free - 2654 MB; D: Total - 5459 MB, Free - 5419 MB; E: Total - 16198 MB, Free - 14275 MB; F: Total - 4298 MB, Free - 469 MB; G: Total - 4431 MB, Free - 1002 MB;
Motherboard: , SiS-760
Antivirus: None

It says antivirus none but I do have AVG 2012.

After AVG update on Friday, comp. kept flashing up with multiple threats. 372 quarantined. Shut down comp. Started up again yesterday, Saturday, again avg kept flashing multiple threats. As fast as these were quarantined, they seemed to keep reappearing. My windows\system32 file is full of .exe names.
Computer has slowed to a crawl so that I can't do anything. I am unable to connect to the internet now with the faulty computer, but I can get e-mail. It has taken me so long to get these tests done that you have recommended as the computer is so slow. Hope you can help. Getting desperate as this is the workhorse computer.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:51:05, on 20/11/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Iconix\OEAddOn\OEdmn_6.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\IE New Window Maximizer\iemaximizer.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\WINDOWS\system32\OOBE\msoobe.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Common Files\Iconix\Launcher.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Program Files\Iconix\IEAddOn\IconixBHO_46.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [IconixOEAddOn] "C:\Program Files\Iconix\OEAddOn\OEdmn_6.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [IE New Window Maximizer] C:\Program Files\IE New Window Maximizer\iemaximizer.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_46.dll
O9 - Extra 'Tools' menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_46.dll
O9 - Extra button: Acez.com - Download Free Screen Savers - {88E50F1D-4790-4C6B-BEE3-D54E46B6EEF6} - C:\WINDOWS\acezlink.htm
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\Iconix\IEAddOn\IconixBHO_46.dll
O9 - Extra 'Tools' menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\Iconix\IEAddOn\IconixBHO_46.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ADVFN 4v4 -
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} -
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} -
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} -
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264434143423
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264431327360
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} -
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} -
O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: BecHelperService - Unknown owner - C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iconix Update Service (IconixService) - Unknown owner - C:\Program Files\Common Files\Iconix\IconixService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: NVIDIA Display Srv (tsods) - Unknown owner - C:\WINDOWS\system32\tsods.exe (file missing)
--
End of file - 16789 bytes


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Lesley at 20:18:16 on 2011-11-20
.
============== Running Processes ===============
.
\??\C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
\??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Iconix\OEAddOn\OEdmn_6.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\IE New Window Maximizer\iemaximizer.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Lesley\Desktop\dds.com
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.msn.co.uk/previewx.aspx?q={searchTerms}&FORM=CBPW&first=1&noredir=1
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: IconixBHOClass Class: {761233b6-f228-49e4-8f6b-668499d4e55a} - c:\program files\iconix\ieaddon\IconixBHO_46.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [IE New Window Maximizer] c:\program files\ie new window maximizer\iemaximizer.exe
uRun: [PopUpStopperFreeEdition] "c:\progra~1\panicw~1\pop-up~1\PSFree.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\smax4.exe" /tray
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [IconixOEAddOn] "c:\program files\iconix\oeaddon\OEdmn_6.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRunOnce: [RunNarrator] Narrator.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {88E50F1D-4790-4C6B-BEE3-D54E46B6EEF6} - c:\windows\acezlink.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - {44E212AB-13EA-4CA4-BE65-197FBA170412} - c:\program files\iconix\ieaddon\IconixBHO_46.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {BC3F6B6D-2E49-4603-B028-7411655713F3} - {0CC2F28D-D415-4FC6-A2E4-54B4D983609A} - c:\program files\iconix\ieaddon\IconixBHO_46.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: ADVFN 4v4
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089}
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
DPF: {16095503-786F-4097-AED6-5D567A26D760}
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336}
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166}
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264434143423
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264431327360
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539}
DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38}
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7B107F41-A5C5-4B09-AB05-0A40522CE5A6} : DhcpNameServer = 192.168.0.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R? AVGIDSAgent;AVGIDSAgent
R? FXDRV;FXDRV
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? hwusbdev;Huawei DataCard USB PNP Device
R? hwusbfake;Huawei DataCard USB Fake
R? IconixService;Iconix Update Service
R? MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial
R? RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver
R? SiSV;SiSV
R? tsods;NVIDIA Display Srv
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSEH;AVGIDSEH
S? AVGIDSFilter;AVGIDSFilter
S? AVGIDSShim;AVGIDSShim
S? Avgldx86;AVG AVI Loader Driver
S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx86;AVG Anti-Rootkit Driver
S? Avgtdix;AVG TDI Driver
S? avgwd;AVG WatchDog
S? BecHelperService;BecHelperService
S? MBAMProtector;MBAMProtector
S? MBAMService;MBAMService
S? RapportBuka;RapportBuka
S? RapportCerberus_32301;RapportCerberus_32301
S? RapportEI;RapportEI
S? RapportIaso;RapportIaso
S? RapportKELL;RapportKELL
S? RapportMgmtService;Rapport Management Service
S? RapportPG;RapportPG
.
=============== Created Last 30 ================
.
2011-11-20 20:17:32 33280 ----a-w- c:\windows\system32\efinr.exe
2011-11-20 20:17:22 33280 ----a-w- c:\windows\system32\wqrotw.exe
2011-11-20 20:17:04 33280 ----a-w- c:\windows\system32\etixc.exe
2011-11-20 20:07:23 33280 ----a-w- c:\windows\system32\wbegef.exe
2011-11-20 20:06:36 33280 ----a-w- c:\windows\system32\uulmt.exe
2011-11-20 20:05:39 33280 ----a-w- c:\windows\system32\ctixs.exe
2011-11-20 20:05:36 33280 ----a-w- c:\windows\system32\iqroti.exe
2011-11-20 20:04:39 33280 ----a-w- c:\windows\system32\fbegev.exe
2011-11-20 20:03:59 33280 ----a-w- c:\windows\system32\ttixc.exe
2011-11-20 20:03:23 33280 ----a-w- c:\windows\system32\qbegen.exe
2011-11-20 20:02:28 33280 ----a-w- c:\windows\system32\ybegew.exe
2011-11-20 20:01:37 33280 ----a-w- c:\windows\system32\ffinb.exe
2011-11-20 19:53:25 33280 ----a-w- c:\windows\system32\ptervm.exe
2011-11-20 19:41:28 33280 ----a-w- c:\windows\system32\uweryt.exe
2011-11-20 19:37:31 33280 ----a-w- c:\windows\system32\osodo.exe
2011-11-20 19:37:07 33280 ----a-w- c:\windows\system32\zsody.exe
2011-11-20 19:37:03 33280 ----a-w- c:\windows\system32\usodu.exe
2011-11-20 19:37:03 33280 ----a-w- c:\windows\system32\itixt.exe
2011-11-20 19:35:57 33280 ----a-w- c:\windows\system32\kbegeg.exe
2011-11-20 19:32:17 33280 ----a-w- c:\windows\system32\etixd.exe
2011-11-20 19:18:46 33280 ----a-w- c:\windows\system32\jbegex.exe
2011-11-20 19:17:33 33280 ----a-w- c:\windows\system32\ntixk.exe
2011-11-20 19:08:03 33280 ----a-w- c:\windows\system32\ybegeg.exe
2011-11-20 19:01:14 33280 ----a-w- c:\windows\system32\iqroth.exe
2011-11-20 19:00:17 33280 ----a-w- c:\windows\system32\vsods.exe
2011-11-20 18:59:57 33280 ----a-w- c:\windows\system32\htixv.exe
2011-11-20 18:53:34 33280 ----a-w- c:\windows\system32\yweryh.exe
2011-11-20 18:50:43 33280 ----a-w- c:\windows\system32\csodb.exe
2011-11-20 18:48:30 33280 ----a-w- c:\windows\system32\ztervw.exe
2011-11-20 18:46:09 33280 ----a-w- c:\windows\system32\pbegep.exe
2011-11-20 18:10:00 33280 ----a-w- c:\windows\system32\wulmw.exe
2011-11-20 18:08:51 33280 ----a-w- c:\windows\system32\ftixt.exe
2011-11-20 18:08:34 33280 ----a-w- c:\windows\system32\mfinz.exe
2011-11-20 18:08:26 33280 ----a-w- c:\windows\system32\uqrott.exe
2011-11-20 18:08:25 33280 ----a-w- c:\windows\system32\tfina.exe
2011-11-20 18:07:57 33280 ----a-w- c:\windows\system32\ytervy.exe
2011-11-20 18:07:51 33280 ----a-w- c:\windows\system32\vtixc.exe
2011-11-20 18:07:42 33280 ----a-w- c:\windows\system32\gsodv.exe
2011-11-20 18:07:05 33280 ----a-w- c:\windows\system32\wulmd.exe
2011-11-20 18:06:58 33280 ----a-w- c:\windows\system32\rbegea.exe
2011-11-20 18:05:59 33280 ----a-w- c:\windows\system32\dsodt.exe
2011-11-20 18:05:53 33280 ----a-w- c:\windows\system32\sqrots.exe
2011-11-20 18:05:36 33280 ----a-w- c:\windows\system32\hulmu.exe
2011-11-20 18:05:35 33280 ----a-w- c:\windows\system32\itervx.exe
2011-11-20 18:05:22 33280 ----a-w- c:\windows\system32\osodn.exe
2011-11-20 18:04:51 33280 ----a-w- c:\windows\system32\ybegef.exe
2011-11-20 18:04:34 33280 ----a-w- c:\windows\system32\gulmw.exe
2011-11-20 18:04:30 33280 ----a-w- c:\windows\system32\jbegew.exe
2011-11-20 18:03:29 33280 ----a-w- c:\windows\system32\vsodb.exe
2011-11-20 18:03:18 33280 ----a-w- c:\windows\system32\mfinm.exe
2011-11-20 18:02:43 33280 ----a-w- c:\windows\system32\bbegeq.exe
2011-11-20 18:01:38 33280 ----a-w- c:\windows\system32\nfinm.exe
2011-11-20 18:01:17 33280 ----a-w- c:\windows\system32\gtixt.exe
2011-11-20 18:00:47 33280 ----a-w- c:\windows\system32\nulml.exe
2011-11-20 18:00:25 33280 ----a-w- c:\windows\system32\nsodj.exe
2011-11-20 17:59:05 33280 ----a-w- c:\windows\system32\swerys.exe
2011-11-20 17:58:55 33280 ----a-w- c:\windows\system32\ptixo.exe
2011-11-20 17:58:49 33280 ----a-w- c:\windows\system32\kweryy.exe
2011-11-20 17:58:38 33280 ----a-w- c:\windows\system32\dfinr.exe
2011-11-20 17:58:25 33280 ----a-w- c:\windows\system32\rtervq.exe
2011-11-20 17:56:57 33280 ----a-w- c:\windows\system32\vsodv.exe
2011-11-20 17:56:48 33280 ----a-w- c:\windows\system32\twerys.exe
2011-11-20 17:56:00 33280 ----a-w- c:\windows\system32\wterve.exe
2011-11-20 17:54:50 33280 ----a-w- c:\windows\system32\rweryo.exe
2011-11-20 17:53:36 33280 ----a-w- c:\windows\system32\ztervy.exe
2011-11-20 17:53:34 33280 ----a-w- c:\windows\system32\jbegez.exe
2011-11-20 17:52:25 33280 ----a-w- c:\windows\system32\cqrotp.exe
2011-11-20 17:51:14 33280 ----a-w- c:\windows\system32\xweryg.exe
2011-11-20 17:50:47 33280 ----a-w- c:\windows\system32\cbegeo.exe
2011-11-20 17:50:40 33280 ----a-w- c:\windows\system32\wulme.exe
2011-11-20 17:50:23 33280 ----a-w- c:\windows\system32\zbegez.exe
2011-11-20 17:50:10 33280 ----a-w- c:\windows\system32\ufinb.exe
2011-11-20 17:49:59 33280 ----a-w- c:\windows\system32\fsodu.exe
2011-11-20 17:49:46 33280 ----a-w- c:\windows\system32\iweryg.exe
2011-11-20 17:49:43 33280 ----a-w- c:\windows\system32\zweryz.exe
2011-11-20 17:49:16 33280 ----a-w- c:\windows\system32\jweryz.exe
2011-11-20 17:48:47 33280 ----a-w- c:\windows\system32\pulmn.exe
2011-11-20 17:48:39 33280 ----a-w- c:\windows\system32\bbeger.exe
2011-11-20 17:47:58 33280 ----a-w- c:\windows\system32\kbegej.exe
2011-11-20 17:47:25 33280 ----a-w- c:\windows\system32\kweryj.exe
2011-11-20 17:46:51 33280 ----a-w- c:\windows\system32\tqrotq.exe
2011-11-20 17:46:43 33280 ----a-w- c:\windows\system32\tqrota.exe
2011-11-20 17:46:40 33280 ----a-w- c:\windows\system32\kweryh.exe
2011-11-20 17:46:31 33280 ----a-w- c:\windows\system32\vtixu.exe
2011-11-20 17:46:19 33280 ----a-w- c:\windows\system32\sbeger.exe
2011-11-20 17:46:13 33280 ----a-w- c:\windows\system32\otixl.exe
2011-11-20 17:46:08 33280 ----a-w- c:\windows\system32\ybegex.exe
2011-11-20 17:45:30 33280 ----a-w- c:\windows\system32\esodr.exe
2011-11-20 17:45:28 33280 ----a-w- c:\windows\system32\tfint.exe
2011-11-20 17:45:25 33280 ----a-w- c:\windows\system32\dqrotp.exe
2011-11-20 17:45:08 33280 ----a-w- c:\windows\system32\mqrotl.exe
2011-11-20 17:45:02 33280 ----a-w- c:\windows\system32\lweryk.exe
2011-11-20 17:45:00 33280 ----a-w- c:\windows\system32\ntixn.exe
2011-11-20 17:44:57 33280 ----a-w- c:\windows\system32\gtixv.exe
2011-11-20 17:44:54 33280 ----a-w- c:\windows\system32\dqrotq.exe
2011-11-20 17:44:50 33280 ----a-w- c:\windows\system32\lqroti.exe
2011-11-20 17:44:48 33280 ----a-w- c:\windows\system32\ftixv.exe
2011-11-20 17:44:35 33280 ----a-w- c:\windows\system32\cwerys.exe
2011-11-20 17:44:24 33280 ----a-w- c:\windows\system32\hulmw.exe
2011-11-20 17:44:16 33280 ----a-w- c:\windows\system32\efint.exe
2011-11-20 17:43:27 33280 ----a-w- c:\windows\system32\etixu.exe
2011-11-20 17:42:59 33280 ----a-w- c:\windows\system32\zbegeg.exe
2011-11-20 17:42:44 33280 ----a-w- c:\windows\system32\hulme.exe
2011-11-20 17:42:39 33280 ----a-w- c:\windows\system32\cweryr.exe
2011-11-20 17:41:59 33280 ----a-w- c:\windows\system32\wtixw.exe
2011-11-20 17:41:06 33280 ----a-w- c:\windows\system32\fsods.exe
2011-11-20 17:41:04 33280 ----a-w- c:\windows\system32\ktervy.exe
2011-11-20 17:41:04 33280 ----a-w- c:\windows\system32\htervx.exe
2011-11-20 17:40:52 33280 ----a-w- c:\windows\system32\zbegeh.exe
2011-11-20 17:40:50 33280 ----a-w- c:\windows\system32\pulmo.exe
2011-11-20 17:40:46 33280 ----a-w- c:\windows\system32\nsodk.exe
2011-11-20 17:40:42 33280 ----a-w- c:\windows\system32\otixn.exe
2011-11-20 17:40:01 33280 ----a-w- c:\windows\system32\vulmd.exe
2011-11-20 17:39:50 33280 ----a-w- c:\windows\system32\lfink.exe
2011-11-20 17:39:42 33280 ----a-w- c:\windows\system32\iweryh.exe
2011-11-20 17:39:25 33280 ----a-w- c:\windows\system32\wtervf.exe
2011-11-20 17:33:51 33280 ----a-w- c:\windows\system32\wulmv.exe
2011-11-20 17:33:31 33280 ----a-w- c:\windows\system32\tsodc.exe
2011-11-20 17:32:04 33280 ----a-w- c:\windows\system32\msodl.exe
2011-11-20 17:28:57 33280 ----a-w- c:\windows\system32\gbegef.exe
2011-11-20 17:11:25 33280 ----a-w- c:\windows\system32\mtixm.exe
2011-11-20 17:10:42 33280 ----a-w- c:\windows\system32\xtervx.exe
2011-11-20 17:09:14 33280 ----a-w- c:\windows\system32\ftixu.exe
2011-11-20 17:07:42 33280 ----a-w- c:\windows\system32\hbegeg.exe
2011-11-20 17:07:11 33280 ----a-w- c:\windows\system32\dsodc.exe
2011-11-20 17:06:06 33280 ----a-w- c:\windows\system32\gulmv.exe
2011-11-20 17:05:26 33280 ----a-w- c:\windows\system32\usodt.exe
2011-11-20 17:04:16 33280 ----a-w- c:\windows\system32\nulmn.exe
2011-11-20 17:03:49 33280 ----a-w- c:\windows\system32\fulmv.exe
2011-11-20 17:03:12 33280 ----a-w- c:\windows\system32\eulmd.exe
2011-11-20 16:58:41 33280 ----a-w- c:\windows\system32\ptervo.exe
2011-11-20 16:58:01 33280 ----a-w- c:\windows\system32\qbegeo.exe
2011-11-20 16:55:54 33280 ----a-w- c:\windows\system32\rfinr.exe
2011-11-20 16:55:46 33280 ----a-w- c:\windows\system32\sfina.exe
2011-11-20 16:54:56 33280 ----a-w- c:\windows\system32\xtervw.exe
2011-11-20 16:54:37 33280 ----a-w- c:\windows\system32\sfins.exe
2011-11-20 16:54:32 33280 ----a-w- c:\windows\system32\mtixk.exe
2011-11-20 16:54:21 33280 ----a-w- c:\windows\system32\usods.exe
2011-11-20 16:53:55 33280 ----a-w- c:\windows\system32\wbegew.exe
2011-11-20 16:53:54 33280 ----a-w- c:\windows\system32\bqrotr.exe
2011-11-20 16:53:43 33280 ----a-w- c:\windows\system32\oulmn.exe
2011-11-20 16:52:18 33280 ----a-w- c:\windows\system32\ntixm.exe
2011-11-20 16:52:03 33280 ----a-w- c:\windows\system32\utixu.exe
2011-11-20 16:52:00 33280 ----a-w- c:\windows\system32\tsodt.exe
2011-11-20 16:51:49 33280 ----a-w- c:\windows\system32\lsodj.exe
2011-11-20 16:51:38 33280 ----a-w- c:\windows\system32\ftervu.exe
2011-11-20 16:50:40 33280 ----a-w- c:\windows\system32\gtervw.exe
2011-11-20 16:50:37 33280 ----a-w- c:\windows\system32\gbegev.exe
2011-11-20 16:50:35 33280 ----a-w- c:\windows\system32\fulmu.exe
2011-11-20 16:50:17 33280 ----a-w- c:\windows\system32\yweryy.exe
2011-11-20 16:49:03 33280 ----a-w- c:\windows\system32\dtixc.exe
2011-11-20 16:48:31 33280 ----a-w- c:\windows\system32\ltixl.exe
2011-11-20 16:48:29 33280 ----a-w- c:\windows\system32\hweryx.exe
2011-11-20 16:48:27 33280 ----a-w- c:\windows\system32\wtervv.exe
2011-11-20 16:48:27 33280 ----a-w- c:\windows\system32\csodr.exe
2011-11-20 16:48:20 33280 ----a-w- c:\windows\system32\eulmu.exe
2011-11-20 16:48:14 33280 ----a-w- c:\windows\system32\pweryo.exe
2011-11-20 16:48:08 33280 ----a-w- c:\windows\system32\jqrotz.exe
2011-11-20 16:48:04 33280 ----a-w- c:\windows\system32\qweryq.exe
2011-11-20 16:46:28 33280 ----a-w- c:\windows\system32\wtervw.exe
2011-11-20 16:46:10 33280 ----a-w- c:\windows\system32\gtervv.exe
2011-11-20 16:45:43 33280 ----a-w- c:\windows\system32\vulmu.exe
2011-11-20 16:45:33 33280 ----a-w- c:\windows\system32\dtixt.exe
2011-11-20 16:45:30 33280 ----a-w- c:\windows\system32\gbegew.exe
2011-11-20 16:45:29 33280 ----a-w- c:\windows\system32\utixt.exe
2011-11-20 16:45:26 33280 ----a-w- c:\windows\system32\zqroty.exe
2011-11-20 16:45:20 33280 ----a-w- c:\windows\system32\zqrotz.exe
2011-11-20 16:45:19 33280 ----a-w- c:\windows\system32\zweryy.exe
2011-11-20 16:44:41 33280 ----a-w- c:\windows\system32\iweryy.exe
2011-11-20 16:44:39 33280 ----a-w- c:\windows\system32\rqrotr.exe
2011-11-20 16:44:39 33280 ----a-w- c:\windows\system32\iweryx.exe
2011-11-20 16:44:34 33280 ----a-w- c:\windows\system32\dsods.exe
2011-11-20 16:44:23 33280 ----a-w- c:\windows\system32\obegen.exe
2011-11-20 16:44:17 33280 ----a-w- c:\windows\system32\bqrotq.exe
2011-11-20 16:44:07 33280 ----a-w- c:\windows\system32\cfinr.exe
2011-11-20 16:43:48 33280 ----a-w- c:\windows\system32\ksodk.exe
2011-11-20 16:43:39 33280 ----a-w- c:\windows\system32\obegeo.exe
2011-11-20 16:43:37 33280 ----a-w- c:\windows\system32\mulmm.exe
2011-11-20 16:43:19 33280 ----a-w- c:\windows\system32\ntervn.exe
2011-11-20 16:43:18 33280 ----a-w- c:\windows\system32\kfinj.exe
2011-11-20 16:43:14 33280 ----a-w- c:\windows\system32\ksodj.exe
2011-11-20 16:42:56 33280 ----a-w- c:\windows\system32\vtervv.exe
2011-11-20 16:42:45 33280 ----a-w- c:\windows\system32\dtixs.exe
2011-11-20 16:42:39 33280 ----a-w- c:\windows\system32\csods.exe
2011-11-20 16:42:33 33280 ----a-w- c:\windows\system32\hbegew.exe
2011-11-20 16:42:27 33280 ----a-w- c:\windows\system32\rqrotq.exe
2011-11-20 16:42:23 33280 ----a-w- c:\windows\system32\xulmu.exe
2011-11-20 16:42:06 33280 ----a-w- c:\windows\system32\jqroty.exe
2011-11-20 16:42:04 33280 ----a-w- c:\windows\system32\hweryw.exe
2011-11-20 16:41:54 33280 ----a-w- c:\windows\system32\jfinz.exe
2011-11-20 16:41:53 33280 ----a-w- c:\windows\system32\vulmv.exe
2011-11-20 16:41:47 33280 ----a-w- c:\windows\system32\ftervv.exe
2011-11-20 16:41:47 33280 ----a-w- c:\windows\system32\bfinr.exe
2011-11-20 16:41:41 33280 ----a-w- c:\windows\system32\mtixl.exe
2011-11-20 16:41:39 33280 ----a-w- c:\windows\system32\lsodk.exe
2011-11-20 16:41:30 33280 ----a-w- c:\windows\system32\vulme.exe
2011-11-20 16:41:29 33280 ----a-w- c:\windows\system32\ssods.exe
2011-11-20 16:41:14 33280 ----a-w- c:\windows\system32\xweryx.exe
2011-11-20 16:40:26 33280 ----a-w- c:\windows\system32\mulml.exe
2011-11-20 16:40:22 33280 ----a-w- c:\windows\system32\ptervn.exe
2011-11-20 16:39:29 33280 ----a-w- c:\windows\system32\sfinr.exe
2011-11-20 16:39:16 33280 ----a-w- c:\windows\system32\eulmt.exe
2011-11-20 16:38:58 33280 ----a-w- c:\windows\system32\xbegex.exe
2011-11-20 16:38:44 33280 ----a-w- c:\windows\system32\xbegew.exe
2011-11-20 16:38:11 33280 ----a-w- c:\windows\system32\qqrotq.exe
2011-11-20 16:37:00 33280 ----a-w- c:\windows\system32\ltixk.exe
2011-11-20 16:35:29 33280 ----a-w- c:\windows\system32\etixt.exe
2011-11-20 16:35:15 33280 ----a-w- c:\windows\system32\hbegef.exe
2011-11-20 16:29:36 33280 ----a-w- c:\windows\system32\qbegeq.exe
2011-11-20 16:27:19 33280 ----a-w- c:\windows\system32\xbegeg.exe
2011-11-20 16:25:41 33280 ----a-w- c:\windows\system32\ybegey.exe
2011-11-20 16:24:50 33280 ----a-w- c:\windows\system32\qbegep.exe
2011-11-20 16:24:23 33280 ----a-w- c:\windows\system32\ibegex.exe
2011-11-20 16:24:21 33280 ----a-w- c:\windows\system32\hbegex.exe
2011-11-20 16:19:09 33280 ----a-w- c:\windows\system32\otervm.exe
2011-11-20 16:19:03 33280 ----a-w- c:\windows\system32\otervo.exe
2011-11-20 16:14:09 33280 ----a-w- c:\windows\system32\zbegex.exe
2011-11-20 16:12:26 33280 ----a-w- c:\windows\system32\sweryr.exe
2011-11-20 16:09:36 33280 ----a-w- c:\windows\system32\rweryp.exe
2011-11-20 16:09:33 33280 ----a-w- c:\windows\system32\zqroti.exe
2011-11-20 16:07:15 33280 ----a-w- c:\windows\system32\zweryi.exe
2011-11-20 16:06:37 33280 ----a-w- c:\windows\system32\jweryy.exe
2011-11-20 16:05:30 33280 ----a-w- c:\windows\system32\rqrota.exe
2011-11-20 16:04:06 33280 ----a-w- c:\windows\system32\bweryr.exe
2011-11-20 16:01:08 33280 ----a-w- c:\windows\system32\sqrotr.exe
2011-11-20 15:57:51 33280 ----a-w- c:\windows\system32\wulmu.exe
2011-11-20 15:50:47 33280 ----a-w- c:\windows\system32\gulmu.exe
2011-11-20 15:47:54 33280 ----a-w- c:\windows\system32\lqrotl.exe
2011-11-20 15:47:52 33280 ----a-w- c:\windows\system32\kweryk.exe
2011-11-20 15:47:51 33280 ----a-w- c:\windows\system32\bbegeo.exe
2011-11-20 15:47:48 33280 ----a-w- c:\windows\system32\mfinl.exe
2011-11-20 15:47:35 33280 ----a-w- c:\windows\system32\rbegeq.exe
2011-11-20 15:47:35 33280 ----a-w- c:\windows\system32\qtervn.exe
2011-11-20 15:47:34 33280 ----a-w- c:\windows\system32\oulml.exe
2011-11-20 15:47:19 33280 ----a-w- c:\windows\system32\ytervx.exe
2011-11-20 15:43:39 33280 ----a-w- c:\windows\system32\wtixt.exe
2011-11-20 15:41:50 33280 ----a-w- c:\windows\system32\jweryg.exe
2011-11-20 15:41:48 33280 ----a-w- c:\windows\system32\wsodv.exe
2011-11-20 15:41:41 33280 ----a-w- c:\windows\system32\vsodu.exe
2011-11-20 15:41:37 33280 ----a-w- c:\windows\system32\cweryp.exe
2011-11-20 15:41:36 33280 ----a-w- c:\windows\system32\sbegep.exe
2011-11-20 15:41:34 33280 ----a-w- c:\windows\system32\hulmx.exe
2011-11-20 15:41:32 33280 ----a-w- c:\windows\system32\qtervq.exe
2011-11-20 15:41:09 33280 ----a-w- c:\windows\system32\mqroty.exe
2011-11-20 15:41:08 33280 ----a-w- c:\windows\system32\ptixl.exe
2011-11-20 15:37:59 33280 ----a-w- c:\windows\system32\kqrotz.exe
2011-11-20 15:37:45 33280 ----a-w- c:\windows\system32\usodc.exe
2011-11-20 15:37:17 33280 ----a-w- c:\windows\system32\sqrotq.exe
2011-11-20 15:31:51 33280 ----a-w- c:\windows\system32\ufint.exe
2011-11-20 15:31:05 33280 ----a-w- c:\windows\system32\xulmw.exe
2011-11-20 15:29:59 33280 ----a-w- c:\windows\system32\rweryr.exe
2011-11-20 15:29:59 33280 ----a-w- c:\windows\system32\gulme.exe
2011-11-20 15:29:28 33280 ----a-w- c:\windows\system32\gterve.exe
2011-11-20 14:39:37 33280 ----a-w- c:\windows\system32\tfinb.exe
2011-11-20 14:29:08 33280 ----a-w- c:\windows\system32\jqroti.exe
2011-11-20 14:28:52 33280 ----a-w- c:\windows\system32\tsodb.exe
2011-11-20 14:28:37 33280 ----a-w- c:\windows\system32\rweryq.exe
2011-11-20 14:22:54 33280 ----a-w- c:\windows\system32\kqrotj.exe
2011-11-20 14:21:53 33280 ----a-w- c:\windows\system32\bqrotp.exe
2011-11-20 14:20:11 33280 ----a-w- c:\windows\system32\cqrots.exe
2011-11-20 14:19:59 33280 ----a-w- c:\windows\system32\wtixv.exe
2011-11-20 14:19:22 33280 ----a-w- c:\windows\system32\xtervf.exe
2011-11-20 14:18:24 33280 ----a-w- c:\windows\system32\sqrotb.exe
2011-11-20 14:18:21 33280 ----a-w- c:\windows\system32\rtervo.exe
2011-11-20 14:18:09 33280 ----a-w- c:\windows\system32\hweryg.exe
2011-11-20 14:17:50 33280 ----a-w- c:\windows\system32\lfinj.exe
2011-11-20 14:17:06 33280 ----a-w- c:\windows\system32\lbegek.exe
2011-11-20 14:16:05 33280 ----a-w- c:\windows\system32\esods.exe
2011-11-20 14:14:00 33280 ----a-w- c:\windows\system32\ntixl.exe
2011-11-20 14:13:56 33280 ----a-w- c:\windows\system32\fterve.exe
2011-11-20 14:10:23 33280 ----a-w- c:\windows\system32\vtixt.exe
2011-11-20 14:08:58 33280 ----a-w- c:\windows\system32\jfini.exe
2011-11-20 14:08:49 33280 ----a-w- c:\windows\system32\bweryp.exe
2011-11-20 14:05:07 33280 ----a-w- c:\windows\system32\fsodr.exe
2011-11-20 14:02:00 33280 ----a-w- c:\windows\system32\kqroti.exe
2011-11-20 14:00:55 33280 ----a-w- c:\windows\system32\cfins.exe
2011-11-20 13:57:45 33280 ----a-w- c:\windows\system32\xtervg.exe
2011-11-20 13:56:18 33280 ----a-w- c:\windows\system32\lfinl.exe
2011-11-20 13:55:54 33280 ----a-w- c:\windows\system32\bfina.exe
2011-11-20 13:55:20 33280 ----a-w- c:\windows\system32\xterve.exe
2011-11-20 13:55:19 33280 ----a-w- c:\windows\system32\pulmm.exe
2011-11-20 13:55:12 33280 ----a-w- c:\windows\system32\hterve.exe
2011-11-20 13:54:24 33280 ----a-w- c:\windows\system32\zbegey.exe
2011-11-20 13:54:22 33280 ----a-w- c:\windows\system32\xtervv.exe
2011-11-20 13:54:09 33280 ----a-w- c:\windows\system32\ptervp.exe
2011-11-20 13:53:24 33280 ----a-w- c:\windows\system32\ibegey.exe
2011-11-20 13:53:18 33280 ----a-w- c:\windows\system32\xbegef.exe
2011-11-20 13:49:31 33280 ----a-w- c:\windows\system32\tqrott.exe
2011-11-20 13:48:38 33280 ----a-w- c:\windows\system32\jweryx.exe
2011-11-20 13:48:17 33280 ----a-w- c:\windows\system32\cfinb.exe
2011-11-20 13:47:29 33280 ----a-w- c:\windows\system32\sfinb.exe
2011-11-20 13:46:47 33280 ----a-w- c:\windows\system32\utixc.exe
2011-11-20 13:45:18 33280 ----a-w- c:\windows\system32\gtervf.exe
2011-11-20 13:44:28 33280 ----a-w- c:\windows\system32\lweryx.exe
2011-11-20 13:43:46 33280 ----a-w- c:\windows\system32\jweryh.exe
2011-11-20 13:42:29 33280 ----a-w- c:\windows\system32\msodj.exe
2011-11-20 13:41:29 33280 ----a-w- c:\windows\system32\ttixs.exe
2011-11-20 13:40:23 33280 ----a-w- c:\windows\system32\yweryi.exe
2011-11-20 13:40:11 33280 ----a-w- c:\windows\system32\vulmf.exe
2011-11-20 13:27:03 33280 ----a-w- c:\windows\system32\bweryq.exe
2011-11-20 13:26:51 33280 ----a-w- c:\windows\system32\dfins.exe
2011-11-20 13:24:44 33280 ----a-w- c:\windows\system32\kfink.exe
2011-11-20 13:24:28 33280 ----a-w- c:\windows\system32\nsodm.exe
2011-11-20 13:24:26 33280 ----a-w- c:\windows\system32\qweryo.exe
2011-11-20 13:24:25 33280 ----a-w- c:\windows\system32\esodu.exe
2011-11-20 13:23:43 33280 ----a-w- c:\windows\system32\efinu.exe
2011-11-20 13:23:01 33280 ----a-w- c:\windows\system32\cqrotq.exe
2011-11-20 13:22:53 33280 ----a-w- c:\windows\system32\kqrotk.exe
2011-11-20 13:18:21 33280 ----a-w- c:\windows\system32\vtixv.exe
2011-11-20 13:18:16 33280 ----a-w- c:\windows\system32\lqrotk.exe
2011-11-20 13:18:05 33280 ----a-w- c:\windows\system32\jtervf.exe
2011-11-20 13:17:52 33280 ----a-w- c:\windows\system32\lqroty.exe
2011-11-20 13:13:46 33280 ----a-w- c:\windows\system32\kfini.exe
2011-11-20 13:13:33 33280 ----a-w- c:\windows\system32\tfins.exe
2011-11-20 13:12:23 33280 ----a-w- c:\windows\system32\cfina.exe
2011-11-20 13:12:17 33280 ----a-w- c:\windows\system32\tqrots.exe
2011-11-20 13:12:15 33280 ----a-w- c:\windows\system32\dfint.exe
2011-11-20 13:12:08 33280 ----a-w- c:\windows\system32\qtervp.exe
2011-11-20 13:05:05 33280 ----a-w- c:\windows\system32\tfinr.exe
2011-11-20 13:04:12 33280 ----a-w- c:\windows\system32\lfinz.exe
2011-11-20 13:03:58 33280 ----a-w- c:\windows\system32\bqrota.exe
2011-11-20 13:03:30 33280 ----a-w- c:\windows\system32\msodk.exe
2011-11-20 13:02:53 33280 ----a-w- c:\windows\system32\kweryz.exe
2011-11-20 13:02:48 33280 ----a-w- c:\windows\system32\uqrots.exe
2011-11-20 13:02:46 33280 ----a-w- c:\windows\system32\esodb.exe
2011-11-20 13:02:40 33280 ----a-w- c:\windows\system32\bweryo.exe
2011-11-20 13:02:27 33280 ----a-w- c:\windows\system32\mfinj.exe
2011-11-20 12:58:10 33280 ----a-w- c:\windows\system32\esodt.exe
2011-11-20 12:57:07 33280 ----a-w- c:\windows\system32\oulmo.exe
2011-11-20 12:57:01 33280 ----a-w- c:\windows\system32\htervw.exe
2011-11-20 12:56:35 33280 ----a-w- c:\windows\system32\lsodl.exe
2011-11-20 12:56:00 33280 ----a-w- c:\windows\system32\tweryp.exe
2011-11-20 12:55:57 33280 ----a-w- c:\windows\system32\hqrotx.exe
2011-11-20 12:55:37 33280 ----a-w- c:\windows\system32\kqroty.exe
2011-11-20 12:55:30 33280 ----a-w- c:\windows\system32\dtixd.exe
2011-11-20 12:55:14 33280 ----a-w- c:\windows\system32\dqrots.exe
2011-11-20 12:55:08 33280 ----a-w- c:\windows\system32\cfinc.exe
2011-11-20 12:54:57 33280 ----a-w- c:\windows\system32\yqroth.exe
2011-11-20 12:54:57 33280 ----a-w- c:\windows\system32\jfiny.exe
2011-11-20 12:54:54 33280 ----a-w- c:\windows\system32\dqrotd.exe
2011-11-20 12:54:52 33280 ----a-w- c:\windows\system32\yulmx.exe
2011-11-20 12:54:47 33280 ----a-w- c:\windows\system32\ytervf.exe
2011-11-20 12:54:39 33280 ----a-w- c:\windows\system32\gweryw.exe
2011-11-20 12:54:13 33280 ----a-w- c:\windows\system32\nbegen.exe
2011-11-20 12:54:09 33280 ----a-w- c:\windows\system32\wbegev.exe
2011-11-20 12:53:13 33280 ----a-w- c:\windows\system32\yqroty.exe
2011-11-20 12:53:00 33280 ----a-w- c:\windows\system32\lulml.exe
2011-11-20 12:52:38 33280 ----a-w- c:\windows\system32\qqrota.exe
2011-11-20 12:52:24 33280 ----a-w- c:\windows\system32\rqrotb.exe
2011-11-20 12:52:20 33280 ----a-w- c:\windows\system32\zfinz.exe
2011-11-20 12:52:19 33280 ----a-w- c:\windows\system32\zweryx.exe
2011-11-20 12:52:14 33280 ----a-w- c:\windows\system32\pbegen.exe
2011-11-20 12:52:02 33280 ----a-w- c:\windows\system32\uulmd.exe
2011-11-20 12:50:57 33280 ----a-w- c:\windows\system32\bsodr.exe
2011-11-20 12:49:59 33280 ----a-w- c:\windows\system32\yqroti.exe
2011-11-20 11:25:43 33280 ----a-w- c:\windows\system32\oulmm.exe
2011-11-20 11:24:38 33280 ----a-w- c:\windows\system32\yweryg.exe
2011-11-07 21:28:38 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
==================== Find3M ====================
.
2011-11-20 12:51:54 33280 ----a-w- c:\windows\system32\stixc.exe
2011-11-20 12:50:55 33280 ----a-w- c:\windows\system32\rsodb.exe
2011-11-20 12:49:57 33280 ----a-w- c:\windows\system32\wbegeg.exe
2011-10-25 09:24:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-07 06:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 06:21:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-13 05:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-08-31 17:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 20:34:45.37 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
.
==== Installed Programs ======================
.
1 Nutty Santa Screen Saver
3Connect
Acez.com Toolbar Button
Adobe Flash Player 11 ActiveX
Adobe Reader 8.3.1
Adobe® Photoshop® Album Starter Edition 3.0
Adobe® Photoshop® Album Starter Edition 3.0.1
Ancestral Author 2.7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AVG 2012
Belarc Advisor 6.0
Big Fish Games: Game Manager
Bonjour
CCleaner (remove only)
CDDRV_Installer
ClearType Tuning Control Panel Applet
Click to Call with Skype
Compatibility Pack for the 2007 Office system
Coupon Printer
CreataCard Gold 2
Digital Photography Winter Fun Pack
Doc Scrubber v1.1
Easy Print Calendar 4 Freeware Edition (remove only)
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Image Clip Palette
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant
EPSON Web-To-Page
ESDX4800_4200 User's Guide
EZ Fonts
Family Tree Maker 2005
GENViewer Lite 1.14
GENViewer version 1.12
Google Earth
Google Update Helper
Google Updater
Hidden in Time: Mirror Mirror
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Huawei modem
Iconix™ eMail ID
IE New Window Maximizer 2.4
IrfanView (remove only)
iTunes
Java(TM) 6 Update 11
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
KhalInstallWrapper
Living Snow Globes Wallpaper #2
Lizardtech DjVu Control (autoinstall)
Logitech Desktop Messenger
Logitech SetPoint
Lotus SmartSuite 97
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft Office Converter Pack
Microsoft Office Excel Viewer 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Zoo Tycoon Card Flip Game
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My 3D Christmas Tree Full Screen Saver
NatWest Business Software
Nero
Night Before Christmas Full Screen Saver
Paragon Partition Manager 2005
ParLoc3
Photo Loader 2.3E
Photohands 1.0E
Picasa 3
PIF DESIGNER
Pop-Up Stopper Free Edition
QuickTime
Rapport
RealPlayer
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
SiS Mirage Graphics
SiSAGP driver
snowglobe
Snowy Winter Wonderland Saver
Sony Ericsson Media Manager 1.1
SoundMAX
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
SpywareBlaster 4.4
SpywareGuard v2.2
SuperUtility
UK-Info 2004 SE
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Vodafone PC Assistant V1.8.19
WebFldrs XP
WinBMD
Windows 7 Upgrade Advisor
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
20/11/2011 18:07:40, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
20/11/2011 07:46:39, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
20/11/2011 07:46:24, error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
20/11/2011 07:46:10, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVGIDSAgent service to connect.
19/11/2011 23:34:57, error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
18/11/2011 09:36:09, error: Service Control Manager [7000] - The Iconix Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
18/11/2011 09:36:07, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Iconix Update Service service to connect.
18/11/2011 09:36:06, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service IconixService with arguments "" in order to run the server: {0F76009B-E27B-4023-BEE4-605D217E8D4D}
18/11/2011 09:27:20, error: Service Control Manager [7034] - The NVIDIA Display Srv service terminated unexpectedly. It has done this 1 time(s).
15/11/2011 19:24:02, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
15/11/2011 19:23:28, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 00016CCEEEF0 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-11-20 20:15:55
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 Maxtor_6E040L0 rev.NAR61590
Running: dmn95xtd.exe; Driver: C:\DOCUME~1\Lesley\LOCALS~1\Temp\kwtiypow.sys

---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider)
AttachedDevice \FileSystem\Fastfat \Fat sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip mdvrmng.sys
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp mdvrmng.sys
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp mdvrmng.sys
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp mdvrmng.sys
---- EOF - GMER 1.0.15 ----
 

jeffce

Malware Specialist
Joined
May 10, 2011
Messages
1,727
Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Watch Topic button to the right of your topic title and then choosing the notification method ( Recommended: Inmediate Notification)
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.


Vista and Windows 7 users:
These tools MUST be run from the executable (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")


Stay with this topic until I give you the all clean post.
----------

Please download aswMBR to your desktop.

  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.


Click the image to enlarge it
----------
 

OverTheHill62

Thread Starter
Joined
Nov 20, 2011
Messages
48
Hi Jeff. Thanks for coming to my rescue. One other thing has happened, I've lost my XP genuine copy validation, and only have 2 days left for activation but I can't do this!

The multiple threat is being given as Trojan horse BackDoor.Agent.AOEI by AVG and I keep clicking the remove all unhealed button. Incidentally, it is the free AVG version I have.

Herewith MBR log as requested

Lesley


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-21 08:45:23
-----------------------------
08:45:23.640 OS Version: Windows 5.1.2600 Service Pack 3
08:45:23.671 Number of processors: 1 586 0x2C02
08:45:23.687 ComputerName: SUPERGIRL UserName: Lesley
08:45:33.828 Initialize success
08:46:12.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
08:46:12.609 Disk 0 Vendor: Maxtor_6E040L0 NAR61590 Size: 39205MB BusType: 3
08:46:12.640 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-17
08:46:12.640 Disk 1 Vendor: WDC_WD102AA 05.05B05 Size: 9787MB BusType: 3
08:46:14.015 Disk 0 MBR read successfully
08:46:14.093 Disk 0 MBR scan
08:46:14.093 Disk 0 Windows XP default MBR code
08:46:14.125 Disk 0 scanning sectors +80292870
08:46:14.234 Disk 0 scanning C:\WINDOWS\system32\drivers
08:47:18.265 Service scanning
08:47:25.375 Modules scanning
08:49:52.859 Disk 0 trace - called modules:
08:49:52.875 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys siside.sys
08:49:52.890 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a752ab8]
08:49:53.375 3 CLASSPNP.SYS[ba0f8fd7] -> nt!IofCallDriver -> \Device\00000063[0x8a78e1b0]
08:49:53.375 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a709d98]
08:49:53.390 Scan finished successfully
08:58:39.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Lesley\Desktop\MBR.dat"
08:58:39.312 The log file has been saved successfully to "C:\Documents and Settings\Lesley\Desktop\aswMBR.txt"
 

jeffce

Malware Specialist
Joined
May 10, 2011
Messages
1,727
Hi OvertheHill62,

Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
----------
 

OverTheHill62

Thread Starter
Joined
Nov 20, 2011
Messages
48
ComboFix 11-11-21.01 - Lesley 21/11/2011 16:17:08.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2014.1348 [GMT 0:00]
Running from: c:\documents and settings\Lesley\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Lesley\Favorites\Acez.com - Download Free Screen Savers!.url
c:\documents and settings\Lesley\WINDOWS
c:\windows\acezcold.ico
c:\windows\acezhot.ico
c:\windows\acezlink.htm
c:\windows\bwUnin-8.1.1.50-8876480SL.exe
c:\windows\ST6UNST.000
c:\windows\winhelp.ini
.
----- File Replicators -----
.
c:\windows\system32\afina.exe
c:\windows\system32\aqrotq.exe
c:\windows\system32\bbegeo.exe
c:\windows\system32\bbegeq.exe
c:\windows\system32\bbeger.exe
c:\windows\system32\bfina.exe
c:\windows\system32\bfinb.exe
c:\windows\system32\bfinj.exe
c:\windows\system32\bfinq.exe
c:\windows\system32\bfinr.exe
c:\windows\system32\bqrota.exe
c:\windows\system32\bqrotp.exe
c:\windows\system32\bqrotq.exe
c:\windows\system32\bqrotr.exe
c:\windows\system32\bsodb.exe
c:\windows\system32\bsodr.exe
c:\windows\system32\btervn.exe
c:\windows\system32\btervq.exe
c:\windows\system32\btixq.exe
c:\windows\system32\bweryo.exe
c:\windows\system32\bweryq.exe
c:\windows\system32\bweryr.exe
c:\windows\system32\cbegeo.exe
c:\windows\system32\cfina.exe
c:\windows\system32\cfinb.exe
c:\windows\system32\cfinc.exe
c:\windows\system32\cfinq.exe
c:\windows\system32\cfinr.exe
c:\windows\system32\cfins.exe
c:\windows\system32\cqrotp.exe
c:\windows\system32\cqrotq.exe
c:\windows\system32\cqrotr.exe
c:\windows\system32\cqrots.exe
c:\windows\system32\csodb.exe
c:\windows\system32\csodc.exe
c:\windows\system32\csodr.exe
c:\windows\system32\csods.exe
c:\windows\system32\ctervm.exe
c:\windows\system32\ctixc.exe
c:\windows\system32\ctixs.exe
c:\windows\system32\cweryp.exe
c:\windows\system32\cweryr.exe
c:\windows\system32\cwerys.exe
c:\windows\system32\dfinr.exe
c:\windows\system32\dfins.exe
c:\windows\system32\dfint.exe
c:\windows\system32\dqrotc.exe
c:\windows\system32\dqrotd.exe
c:\windows\system32\dqrotp.exe
c:\windows\system32\dqrotq.exe
c:\windows\system32\dqrots.exe
c:\windows\system32\dsodc.exe
c:\windows\system32\dsods.exe
c:\windows\system32\dsodt.exe
c:\windows\system32\dtixd.exe
c:\windows\system32\dtixs.exe
c:\windows\system32\dtixt.exe
c:\windows\system32\dulmd.exe
c:\windows\system32\efinr.exe
c:\windows\system32\efint.exe
c:\windows\system32\efinu.exe
c:\windows\system32\eqrota.exe
c:\windows\system32\esodb.exe
c:\windows\system32\esodr.exe
c:\windows\system32\esods.exe
c:\windows\system32\esodt.exe
c:\windows\system32\esodu.exe
c:\windows\system32\eterve.exe
c:\windows\system32\etervu.exe
c:\windows\system32\etixc.exe
c:\windows\system32\etixd.exe
c:\windows\system32\etixt.exe
c:\windows\system32\etixu.exe
c:\windows\system32\eulmd.exe
c:\windows\system32\eulme.exe
c:\windows\system32\eulmt.exe
c:\windows\system32\eulmu.exe
c:\windows\system32\eweryo.exe
c:\windows\system32\fbegef.exe
c:\windows\system32\fbegev.exe
c:\windows\system32\ffinb.exe
c:\windows\system32\fqrotv.exe
c:\windows\system32\fsodr.exe
c:\windows\system32\fsods.exe
c:\windows\system32\fsodu.exe
c:\windows\system32\fsodv.exe
c:\windows\system32\fterve.exe
c:\windows\system32\ftervf.exe
c:\windows\system32\ftervu.exe
c:\windows\system32\ftervv.exe
c:\windows\system32\ftixd.exe
c:\windows\system32\ftixt.exe
c:\windows\system32\ftixu.exe
c:\windows\system32\ftixv.exe
c:\windows\system32\fulmd.exe
c:\windows\system32\fulme.exe
c:\windows\system32\fulmu.exe
c:\windows\system32\fulmv.exe
c:\windows\system32\gbegef.exe
c:\windows\system32\gbegeg.exe
c:\windows\system32\gbegev.exe
c:\windows\system32\gbegew.exe
c:\windows\system32\gqrotv.exe
c:\windows\system32\gsodv.exe
c:\windows\system32\gterve.exe
c:\windows\system32\gtervf.exe
c:\windows\system32\gtervu.exe
c:\windows\system32\gtervv.exe
c:\windows\system32\gtervw.exe
c:\windows\system32\gtixt.exe
c:\windows\system32\gtixv.exe
c:\windows\system32\gtixw.exe
c:\windows\system32\gulme.exe
c:\windows\system32\gulmu.exe
c:\windows\system32\gulmv.exe
c:\windows\system32\gulmw.exe
c:\windows\system32\gweryg.exe
c:\windows\system32\gweryp.exe
c:\windows\system32\gweryw.exe
c:\windows\system32\hbegef.exe
c:\windows\system32\hbegeg.exe
c:\windows\system32\hbegev.exe
c:\windows\system32\hbegew.exe
c:\windows\system32\hbegex.exe
c:\windows\system32\hqroth.exe
c:\windows\system32\hqrotx.exe
c:\windows\system32\hsodx.exe
c:\windows\system32\hterve.exe
c:\windows\system32\htervv.exe
c:\windows\system32\htervw.exe
c:\windows\system32\htervx.exe
c:\windows\system32\htixg.exe
c:\windows\system32\htixv.exe
c:\windows\system32\hulme.exe
c:\windows\system32\hulmu.exe
c:\windows\system32\hulmw.exe
c:\windows\system32\hulmx.exe
c:\windows\system32\hweryg.exe
c:\windows\system32\hweryh.exe
c:\windows\system32\hweryw.exe
c:\windows\system32\hweryx.exe
c:\windows\system32\ibegew.exe
c:\windows\system32\ibegex.exe
c:\windows\system32\ibegey.exe
c:\windows\system32\ifini.exe
c:\windows\system32\iqroth.exe
c:\windows\system32\iqroti.exe
c:\windows\system32\iqrotx.exe
c:\windows\system32\iqroty.exe
c:\windows\system32\isody.exe
c:\windows\system32\itervx.exe
c:\windows\system32\itervy.exe
c:\windows\system32\itixt.exe
c:\windows\system32\iulmi.exe
c:\windows\system32\iulmx.exe
c:\windows\system32\iulmy.exe
c:\windows\system32\iweryg.exe
c:\windows\system32\iweryh.exe
c:\windows\system32\iweryx.exe
c:\windows\system32\iweryy.exe
c:\windows\system32\jbegef.exe
c:\windows\system32\jbegew.exe
c:\windows\system32\jbegex.exe
c:\windows\system32\jbegey.exe
c:\windows\system32\jbegez.exe
c:\windows\system32\jfini.exe
c:\windows\system32\jfinj.exe
c:\windows\system32\jfiny.exe
c:\windows\system32\jfinz.exe
c:\windows\system32\jqroti.exe
c:\windows\system32\jqroty.exe
c:\windows\system32\jqrotz.exe
c:\windows\system32\jsodj.exe
c:\windows\system32\jtervf.exe
c:\windows\system32\jtervz.exe
c:\windows\system32\julmy.exe
c:\windows\system32\julmz.exe
c:\windows\system32\jweryg.exe
c:\windows\system32\jweryh.exe
c:\windows\system32\jweryx.exe
c:\windows\system32\jweryy.exe
c:\windows\system32\jweryz.exe
c:\windows\system32\kbegef.exe
c:\windows\system32\kbegeg.exe
c:\windows\system32\kbegej.exe
c:\windows\system32\kbegek.exe
c:\windows\system32\kfini.exe
c:\windows\system32\kfinj.exe
c:\windows\system32\kfink.exe
c:\windows\system32\kfinr.exe
c:\windows\system32\kfinz.exe
c:\windows\system32\kqroti.exe
c:\windows\system32\kqrotj.exe
c:\windows\system32\kqrotk.exe
c:\windows\system32\kqrotz.exe
c:\windows\system32\ksodj.exe .. failed to delete
c:\windows\system32\ksodk.exe
c:\windows\system32\ksodz.exe
c:\windows\system32\ktervf.exe
c:\windows\system32\ktervj.exe
c:\windows\system32\ktervy.exe
c:\windows\system32\ktixh.exe
c:\windows\system32\ktixk.exe
c:\windows\system32\kulmz.exe
c:\windows\system32\kweryh.exe
c:\windows\system32\kweryj.exe
c:\windows\system32\kweryk.exe
c:\windows\system32\kweryp.exe
c:\windows\system32\kweryy.exe
c:\windows\system32\kweryz.exe
c:\windows\system32\lbegeg.exe
c:\windows\system32\lbegek.exe
c:\windows\system32\lbegel.exe
c:\windows\system32\lfini.exe
c:\windows\system32\lfinj.exe
c:\windows\system32\lfink.exe
c:\windows\system32\lfinl.exe
c:\windows\system32\lfinz.exe
c:\windows\system32\lqroti.exe
c:\windows\system32\lqrotj.exe
c:\windows\system32\lqrotk.exe
c:\windows\system32\lqrotl.exe
c:\windows\system32\lqroty.exe
c:\windows\system32\lsodj.exe
c:\windows\system32\lsodk.exe
c:\windows\system32\lsodl.exe
c:\windows\system32\lsods.exe
c:\windows\system32\ltixk.exe
c:\windows\system32\ltixl.exe
c:\windows\system32\lulmk.exe
c:\windows\system32\lulml.exe
c:\windows\system32\lulmt.exe
c:\windows\system32\lweryh.exe
c:\windows\system32\lweryk.exe
c:\windows\system32\lweryx.exe
c:\windows\system32\mbegel.exe
c:\windows\system32\mfinj.exe
c:\windows\system32\mfinl.exe
c:\windows\system32\mfinm.exe
c:\windows\system32\mfinz.exe
c:\windows\system32\mqroti.exe
c:\windows\system32\mqrotj.exe
c:\windows\system32\mqrotl.exe
c:\windows\system32\mqroty.exe
c:\windows\system32\msodj.exe
c:\windows\system32\msodk.exe
c:\windows\system32\msodl.exe
c:\windows\system32\msodm.exe
c:\windows\system32\mtervl.exe
c:\windows\system32\mtervm.exe
c:\windows\system32\mtixk.exe
c:\windows\system32\mtixl.exe
c:\windows\system32\mtixt.exe
c:\windows\system32\mulml.exe
c:\windows\system32\mulmm.exe
c:\windows\system32\mulmu.exe
c:\windows\system32\mweryl.exe
c:\windows\system32\mweryx.exe
c:\windows\system32\nbegen.exe
c:\windows\system32\nfinm.exe
c:\windows\system32\nfinz.exe
c:\windows\system32\nqroth.exe
c:\windows\system32\nqrotm.exe
c:\windows\system32\nsodj.exe
c:\windows\system32\nsodk.exe
c:\windows\system32\nsodm.exe
c:\windows\system32\nsodn.exe
c:\windows\system32\ntervm.exe
c:\windows\system32\ntervn.exe
c:\windows\system32\ntervw.exe
c:\windows\system32\ntixk.exe
c:\windows\system32\ntixl.exe
c:\windows\system32\ntixm.exe
c:\windows\system32\ntixn.exe
c:\windows\system32\nulml.exe
c:\windows\system32\nulmm.exe
c:\windows\system32\nulmn.exe
c:\windows\system32\nwerym.exe
c:\windows\system32\obegen.exe
c:\windows\system32\obegeo.exe
c:\windows\system32\oqrotn.exe
c:\windows\system32\osodk.exe
c:\windows\system32\osodl.exe
c:\windows\system32\osodn.exe
c:\windows\system32\osodo.exe
c:\windows\system32\otervm.exe
c:\windows\system32\otervn.exe
c:\windows\system32\otixl.exe
c:\windows\system32\otixn.exe
c:\windows\system32\otixo.exe
c:\windows\system32\oulml.exe
c:\windows\system32\oulmm.exe
c:\windows\system32\oulmn.exe
c:\windows\system32\oulmo.exe
c:\windows\system32\oweryn.exe
c:\windows\system32\oweryo.exe
c:\windows\system32\pbegen.exe
c:\windows\system32\pbegeo.exe
c:\windows\system32\pbegep.exe
c:\windows\system32\pbegex.exe
c:\windows\system32\psodk.exe
c:\windows\system32\ptervm.exe
c:\windows\system32\ptervn.exe
c:\windows\system32\ptervo.exe
c:\windows\system32\ptervp.exe
c:\windows\system32\ptixk.exe
c:\windows\system32\ptixl.exe
c:\windows\system32\ptixo.exe
c:\windows\system32\ptixp.exe
c:\windows\system32\pulml.exe
c:\windows\system32\pulmm.exe
c:\windows\system32\pulmn.exe
c:\windows\system32\pulmo.exe
c:\windows\system32\pweryo.exe
c:\windows\system32\pweryp.exe
c:\windows\system32\qbegen.exe
c:\windows\system32\qbegeo.exe
c:\windows\system32\qbegep.exe
c:\windows\system32\qbegeq.exe
c:\windows\system32\qfina.exe
c:\windows\system32\qqrota.exe
c:\windows\system32\qqrotp.exe
c:\windows\system32\qqrotq.exe
c:\windows\system32\qtervn.exe
c:\windows\system32\qtervp.exe
c:\windows\system32\qtervq.exe
c:\windows\system32\qulmm.exe
c:\windows\system32\qulmp.exe
c:\windows\system32\qweryo.exe
c:\windows\system32\qweryp.exe
c:\windows\system32\qweryq.exe
c:\windows\system32\rbegea.exe
c:\windows\system32\rbegeo.exe
c:\windows\system32\rbegep.exe
c:\windows\system32\rbegeq.exe
c:\windows\system32\rbeger.exe
c:\windows\system32\rfina.exe
c:\windows\system32\rfinb.exe
c:\windows\system32\rfinr.exe
c:\windows\system32\rqrota.exe
c:\windows\system32\rqrotb.exe
c:\windows\system32\rqrotq.exe
c:\windows\system32\rqrotr.exe
c:\windows\system32\rsodb.exe
c:\windows\system32\rtervn.exe
c:\windows\system32\rtervo.exe
c:\windows\system32\rtervq.exe
c:\windows\system32\rulmr.exe
c:\windows\system32\rweryg.exe
c:\windows\system32\rweryo.exe
c:\windows\system32\rweryp.exe
c:\windows\system32\rweryq.exe
c:\windows\system32\rweryr.exe
c:\windows\system32\sbegen.exe
c:\windows\system32\sbegeo.exe
c:\windows\system32\sbegep.exe
c:\windows\system32\sbeger.exe
c:\windows\system32\sfina.exe
c:\windows\system32\sfinb.exe
c:\windows\system32\sfinr.exe
c:\windows\system32\sfins.exe
c:\windows\system32\sqrota.exe
c:\windows\system32\sqrotb.exe
c:\windows\system32\sqrotq.exe
c:\windows\system32\sqrotr.exe
c:\windows\system32\sqrots.exe
c:\windows\system32\ssodb.exe
c:\windows\system32\ssodc.exe
c:\windows\system32\ssodr.exe
c:\windows\system32\ssods.exe
c:\windows\system32\stervr.exe
c:\windows\system32\stervs.exe
c:\windows\system32\stixc.exe
c:\windows\system32\stixs.exe
c:\windows\system32\sweryk.exe
c:\windows\system32\sweryp.exe
c:\windows\system32\sweryq.exe
c:\windows\system32\sweryr.exe
c:\windows\system32\swerys.exe
c:\windows\system32\tfina.exe
c:\windows\system32\tfinb.exe
c:\windows\system32\tfinc.exe
c:\windows\system32\tfinr.exe
c:\windows\system32\tfins.exe
c:\windows\system32\tfint.exe
c:\windows\system32\tqrota.exe
c:\windows\system32\tqrotq.exe
c:\windows\system32\tqrotr.exe
c:\windows\system32\tqrots.exe
c:\windows\system32\tqrott.exe
c:\windows\system32\tsodb.exe
c:\windows\system32\tsodc.exe
c:\windows\system32\tsodt.exe
c:\windows\system32\ttervn.exe
c:\windows\system32\ttixc.exe
c:\windows\system32\ttixd.exe
c:\windows\system32\ttixs.exe
c:\windows\system32\ttixt.exe
c:\windows\system32\tulmd.exe
c:\windows\system32\tweryp.exe
c:\windows\system32\tweryq.exe
c:\windows\system32\twerys.exe
c:\windows\system32\ufina.exe
c:\windows\system32\ufinb.exe
c:\windows\system32\ufins.exe
c:\windows\system32\ufint.exe
c:\windows\system32\uqrota.exe
c:\windows\system32\uqrots.exe
c:\windows\system32\uqrott.exe
c:\windows\system32\usodc.exe
c:\windows\system32\usods.exe
c:\windows\system32\usodt.exe
c:\windows\system32\usodu.exe
c:\windows\system32\uterve.exe
c:\windows\system32\utixd.exe
c:\windows\system32\utixt.exe
c:\windows\system32\utixu.exe
c:\windows\system32\uulmd.exe
c:\windows\system32\uulme.exe
c:\windows\system32\uulmt.exe
c:\windows\system32\uulmu.exe
c:\windows\system32\uweryp.exe
c:\windows\system32\uweryt.exe
c:\windows\system32\uweryu.exe
c:\windows\system32\vbeger.exe
c:\windows\system32\vfinr.exe
c:\windows\system32\vfinu.exe
c:\windows\system32\vsodb.exe
c:\windows\system32\vsods.exe
c:\windows\system32\vsodu.exe
c:\windows\system32\vsodv.exe
c:\windows\system32\vterve.exe
c:\windows\system32\vtervf.exe
c:\windows\system32\vtervu.exe
c:\windows\system32\vtervv.exe
c:\windows\system32\vtixc.exe
c:\windows\system32\vtixt.exe
c:\windows\system32\vtixv.exe
c:\windows\system32\vulmd.exe
c:\windows\system32\vulme.exe
c:\windows\system32\vulmf.exe
c:\windows\system32\vulmn.exe
c:\windows\system32\vulmu.exe
c:\windows\system32\vulmv.exe
c:\windows\system32\vweryu.exe
c:\windows\system32\wbegeg.exe
c:\windows\system32\wbegev.exe
c:\windows\system32\wbegew.exe
c:\windows\system32\wqrotq.exe
c:\windows\system32\wqrotw.exe
c:\windows\system32\wsodv.exe
c:\windows\system32\wsodw.exe
c:\windows\system32\wterve.exe
c:\windows\system32\wtervf.exe
c:\windows\system32\wtervv.exe
c:\windows\system32\wtervw.exe
c:\windows\system32\wtixt.exe
c:\windows\system32\wtixv.exe
c:\windows\system32\wtixw.exe
c:\windows\system32\wulmd.exe
c:\windows\system32\wulme.exe
c:\windows\system32\wulmu.exe
c:\windows\system32\wulmv.exe
c:\windows\system32\wulmw.exe
c:\windows\system32\xbegef.exe
c:\windows\system32\xbegeg.exe
c:\windows\system32\xbegew.exe
c:\windows\system32\xbegex.exe
c:\windows\system32\xfinx.exe
c:\windows\system32\xterve.exe
c:\windows\system32\xtervf.exe
c:\windows\system32\xtervg.exe
c:\windows\system32\xtervv.exe
c:\windows\system32\xtervw.exe
c:\windows\system32\xtervx.exe
c:\windows\system32\xtixd.exe
c:\windows\system32\xtixt.exe
c:\windows\system32\xtixu.exe
c:\windows\system32\xtixw.exe
c:\windows\system32\xulme.exe
c:\windows\system32\xulmm.exe
c:\windows\system32\xulmu.exe
c:\windows\system32\xulmw.exe
c:\windows\system32\xulmx.exe
c:\windows\system32\xweryg.exe
c:\windows\system32\xweryh.exe
c:\windows\system32\xweryw.exe
c:\windows\system32\xweryx.exe
c:\windows\system32\ybegef.exe
c:\windows\system32\ybegeg.exe
c:\windows\system32\ybegew.exe
c:\windows\system32\ybegex.exe
c:\windows\system32\ybegey.exe
c:\windows\system32\yqroth.exe
c:\windows\system32\yqroti.exe
c:\windows\system32\yqroty.exe
c:\windows\system32\ytervf.exe
c:\windows\system32\ytervx.exe
c:\windows\system32\ytervy.exe
c:\windows\system32\ytixh.exe
c:\windows\system32\ytixt.exe
c:\windows\system32\ytixx.exe
c:\windows\system32\yulmx.exe
c:\windows\system32\yweryg.exe
c:\windows\system32\yweryh.exe
c:\windows\system32\yweryi.exe
c:\windows\system32\yweryx.exe
c:\windows\system32\yweryy.exe
c:\windows\system32\zbegeg.exe
c:\windows\system32\zbegeh.exe
c:\windows\system32\zbegex.exe
c:\windows\system32\zbegey.exe
c:\windows\system32\zbegez.exe
c:\windows\system32\zfini.exe
c:\windows\system32\zfinj.exe
c:\windows\system32\zfiny.exe
c:\windows\system32\zfinz.exe
c:\windows\system32\zqroti.exe
c:\windows\system32\zqrotj.exe
c:\windows\system32\zqrotw.exe
c:\windows\system32\zqroty.exe
c:\windows\system32\zqrotz.exe
c:\windows\system32\zsodc.exe
c:\windows\system32\zsodx.exe
c:\windows\system32\zsody.exe
c:\windows\system32\ztervf.exe
c:\windows\system32\ztervv.exe
c:\windows\system32\ztervw.exe
c:\windows\system32\ztervy.exe
c:\windows\system32\zulmy.exe
c:\windows\system32\zulmz.exe
c:\windows\system32\zweryh.exe
c:\windows\system32\zweryi.exe
c:\windows\system32\zweryx.exe
c:\windows\system32\zweryy.exe
c:\windows\system32\zweryz.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-21 to 2011-11-21 )))))))))))))))))))))))))))))))
.
.
2011-11-21 14:15 . 2011-11-21 16:29 33280 ----a-w- c:\windows\system32\ksodj.exe
2011-11-07 21:28 . 2011-11-07 21:28 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-25 09:24 . 2011-06-02 08:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-07 06:23 . 2010-09-07 02:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 06:21 . 2010-08-19 20:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-13 05:30 . 2010-09-07 02:48 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-08-31 17:00 . 2011-07-30 15:46 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 15:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IE New Window Maximizer"="c:\program files\IE New Window Maximizer\iemaximizer.exe" [2005-02-08 356352]
"PopUpStopperFreeEdition"="c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe" [2003-04-29 524288]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-04 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2005-05-26 49152]
"IconixOEAddOn"="c:\program files\Iconix\OEAddOn\OEdmn_6.exe" [2010-03-04 342872]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-24 2415456]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Lesley\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Photo Loader supervisory.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Photo Loader supervisory.lnk
backup=c:\windows\pss\Photo Loader supervisory.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TextBridge Instant Access OCR.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TextBridge Instant Access OCR.lnk
backup=c:\windows\pss\TextBridge Instant Access OCR.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Lesley^Start Menu^Programs^Startup^Lotus QuickStart.lnk]
path=c:\documents and settings\Lesley\Start Menu\Programs\Startup\Lotus QuickStart.lnk
backup=c:\windows\pss\Lotus QuickStart.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Lesley^Start Menu^Programs^Startup^Lotus SmartSuite 97 Registration.lnk]
path=c:\documents and settings\Lesley\Start Menu\Programs\Startup\Lotus SmartSuite 97 Registration.lnk
backup=c:\windows\pss\Lotus SmartSuite 97 Registration.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Lesley^Start Menu^Programs^Startup^Watch.lnk]
path=c:\documents and settings\Lesley\Start Menu\Programs\Startup\Watch.lnk
backup=c:\windows\pss\Watch.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Lesley^Start Menu^Programs^Startup^Winter Fun Wallpaper Changer.lnk]
path=c:\documents and settings\Lesley\Start Menu\Programs\Startup\Winter Fun Wallpaper Changer.lnk
backup=c:\windows\pss\Winter Fun Wallpaper Changer.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-06 22:46 57344 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLSTATEXE]
2004-05-27 11:07 1659050 ------w- c:\program files\Voyager 105 ADSL Modem\DSLSTAT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 15:36 305440 -c--a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 02:12 76304 -c--a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2008-02-29 02:12 76304 -c--a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2008-08-21 01:18 443968 -c--a-w- c:\program files\Picasa2\PicasaMediaDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 00:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 16:07 2260480 -csha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)
"iPod Service"=3 (0x3)
"CiSvc"=3 (0x3)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\NWBusinessSoftware\\MyBusiness.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 15:27 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 02:48 32592]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [07/11/2011 21:28 56208]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 02:48 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07/09/2010 02:49 295248]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [25/02/2010 13:10 390528]
R1 RapportCerberus_32301;RapportCerberus_32301;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys [07/11/2011 21:30 227312]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [07/11/2011 21:28 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [07/11/2011 21:28 164112]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02/08/2011 05:09 192776]
R2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [27/09/2010 07:13 1737464]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [30/07/2011 15:46 366152]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [07/11/2011 21:28 931640]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 20:42 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 20:42 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 20:42 16720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [30/07/2011 15:46 22216]
R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [08/08/2011 08:16 21520]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 06:25 4433248]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31/12/2009 13:45 135664]
S2 IconixService;Iconix Update Service;c:\program files\Common Files\Iconix\IconixService.exe [31/07/2008 21:57 283992]
S2 tsods;NVIDIA Display Srv;c:\windows\system32\tsods.exe --> c:\windows\system32\tsods.exe [?]
S3 FXDRV;FXDRV;c:\program files\SuperUtility\Fxdrv.sys [10/01/2006 10:34 13440]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [31/12/2009 13:45 135664]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [27/09/2010 07:11 100736]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [27/09/2010 07:02 102656]
S3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows\system32\drivers\hmvmdm.sys [13/10/2008 14:01 101120]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?]
S3 SiSV;SiSV;c:\windows\system32\drivers\SiSV.sys [27/11/2005 13:11 50432]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - RAPPORTIASO
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
2011-11-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-08 07:58]
.
2011-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 13:44]
.
2011-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 13:44]
.
2011-11-21 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 15:50]
.
2011-11-21 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2004-05-12 13:45]
.
2011-11-21 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-10-22 12:39]
.
2011-11-20 c:\windows\Tasks\User_Feed_Synchronization-{3B4C8217-2FF3-49BA-A069-7CAF273E4C52}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 04:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.msn.co.uk/previewx.aspx?q={searchTerms}&FORM=CBPW&first=1&noredir=1
uStart Page = hxxp://www.google.co.uk/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{88E50F1D-4790-4C6B-BEE3-D54E46B6EEF6} - c:\windows\acezlink.htm
TCP: DhcpNameServer = 192.168.0.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: ADVFN 4v4
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-DataLayer - c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe
MSConfigStartUp-DSLAGENTEXE - c:\program files\Voyager 105 ADSL Modem\dslagent.exe
MSConfigStartUp-InCD - c:\program files\Ahead\InCD\InCD.exe
MSConfigStartUp-PCSuiteTrayApplication - c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
MSConfigStartUp-PcSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
MSConfigStartUp-SmcService - c:\progra~1\Sygate\SPF\smc.exe
MSConfigStartUp-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
MSConfigStartUp-SpeedItUpEX - c:\program files\Speeditup Free\SpeedItUp.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-21 16:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1292428093-1303643608-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(760)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\windows\system32\msacm32.drv
.
- - - - - - - > 'lsass.exe'(820)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'csrss.exe'(736)
c:\windows\system32\WININET.dll
.
Completion time: 2011-11-21 16:44:23
ComboFix-quarantined-files.txt 2011-11-21 16:44
.
Pre-Run: 2,578,542,592 bytes free
Post-Run: 3,067,416,576 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 5D64B184322CFD8A35E333C2DB0053DF
 

jeffce

Malware Specialist
Joined
May 10, 2011
Messages
1,727
Hi OverTheHill62,

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    Code:
    DDS:: 
    uStart Page = hxxp://www.google.co.uk/
    BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089}
    DPF: {16095503-786F-4097-AED6-5D567A26D760}
    DPF: {474F00F5-3853-492C-AC3A-476512BBC336}
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166}
    DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539}
    DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
    DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38}
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    
    File::
    c:\windows\system32\ksodj.exe
    c:\program files\Ask.com\GenericAskToolbar.dll
    c:\program files\Ask.com\UpdateTask.exe
    
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
    [-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
 

OverTheHill62

Thread Starter
Joined
Nov 20, 2011
Messages
48
ComboFix 11-11-21.01 - Lesley 21/11/2011 20:53:38.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2014.1176 [GMT 0:00]
Running from: c:\documents and settings\Lesley\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Lesley\Desktop\CFScript.txt
.
FILE ::
"c:\program files\Ask.com\GenericAskToolbar.dll"
"c:\program files\Ask.com\UpdateTask.exe"
"c:\windows\system32\ksodj.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
----- File Replicators -----
.
c:\windows\system32\afina.exe
c:\windows\system32\bfina.exe
c:\windows\system32\bfinb.exe
c:\windows\system32\bfinq.exe
c:\windows\system32\bfinr.exe
c:\windows\system32\bqrotq.exe
c:\windows\system32\bqrotr.exe
c:\windows\system32\bsodb.exe
c:\windows\system32\cfinr.exe
c:\windows\system32\cfins.exe
c:\windows\system32\csodb.exe
c:\windows\system32\csodc.exe
c:\windows\system32\csodr.exe
c:\windows\system32\csods.exe
c:\windows\system32\ctixc.exe
c:\windows\system32\dsods.exe
c:\windows\system32\dsodt.exe
c:\windows\system32\dtixc.exe
c:\windows\system32\dtixd.exe
c:\windows\system32\dtixs.exe
c:\windows\system32\dtixt.exe
c:\windows\system32\dulmd.exe
c:\windows\system32\eterve.exe
c:\windows\system32\etixd.exe
c:\windows\system32\etixt.exe
c:\windows\system32\etixu.exe
c:\windows\system32\eulmd.exe
c:\windows\system32\eulme.exe
c:\windows\system32\eulmt.exe
c:\windows\system32\eulmu.exe
c:\windows\system32\fbegef.exe
c:\windows\system32\fterve.exe
c:\windows\system32\ftervf.exe
c:\windows\system32\ftervu.exe
c:\windows\system32\ftervv.exe
c:\windows\system32\fulmu.exe
c:\windows\system32\gbegef.exe
c:\windows\system32\gbegeg.exe
c:\windows\system32\gbegev.exe
c:\windows\system32\gbegew.exe
c:\windows\system32\gterve.exe
c:\windows\system32\gtervf.exe
c:\windows\system32\gtervu.exe
c:\windows\system32\gtervv.exe
c:\windows\system32\gtervw.exe
c:\windows\system32\gweryg.exe
c:\windows\system32\hbegew.exe
c:\windows\system32\hqroth.exe
c:\windows\system32\hterve.exe
c:\windows\system32\hweryh.exe
c:\windows\system32\hweryw.exe
c:\windows\system32\hweryx.exe
c:\windows\system32\ifini.exe
c:\windows\system32\iqroth.exe
c:\windows\system32\iqroti.exe
c:\windows\system32\iqrotx.exe
c:\windows\system32\iqroty.exe
c:\windows\system32\iweryh.exe
c:\windows\system32\iweryx.exe
c:\windows\system32\iweryy.exe
c:\windows\system32\jfinj.exe
c:\windows\system32\jfinz.exe
c:\windows\system32\jqroti.exe
c:\windows\system32\jqroty.exe
c:\windows\system32\jqrotz.exe
c:\windows\system32\jsodj.exe
c:\windows\system32\jweryz.exe
c:\windows\system32\kfinj.exe
c:\windows\system32\kfink.exe
c:\windows\system32\kfinz.exe
c:\windows\system32\kqrotk.exe
c:\windows\system32\kqrotz.exe
c:\windows\system32\ksodj.exe
c:\windows\system32\ksodk.exe
c:\windows\system32\ktixk.exe
c:\windows\system32\lbegef.exe
c:\windows\system32\lfinj.exe
c:\windows\system32\lfinz.exe
c:\windows\system32\lqroti.exe
c:\windows\system32\lsodj.exe
c:\windows\system32\lsodk.exe
c:\windows\system32\lsodl.exe
c:\windows\system32\ltixk.exe
c:\windows\system32\ltixl.exe
c:\windows\system32\lulml.exe
c:\windows\system32\msodk.exe
c:\windows\system32\msodl.exe
c:\windows\system32\mtervm.exe
c:\windows\system32\mtixk.exe
c:\windows\system32\mtixl.exe
c:\windows\system32\mtixm.exe
c:\windows\system32\mulml.exe
c:\windows\system32\mulmm.exe
c:\windows\system32\nbegen.exe
c:\windows\system32\ntervm.exe
c:\windows\system32\ntervn.exe
c:\windows\system32\ntixl.exe
c:\windows\system32\ntixm.exe
c:\windows\system32\nulml.exe
c:\windows\system32\nulmm.exe
c:\windows\system32\nulmn.exe
c:\windows\system32\obegen.exe
c:\windows\system32\obegeo.exe
c:\windows\system32\otervm.exe
c:\windows\system32\otervn.exe
c:\windows\system32\otervo.exe
c:\windows\system32\otixn.exe
c:\windows\system32\oulmm.exe
c:\windows\system32\pbegen.exe
c:\windows\system32\pbegeo.exe
c:\windows\system32\ptervn.exe
c:\windows\system32\ptervo.exe
c:\windows\system32\pweryo.exe
c:\windows\system32\pweryp.exe
c:\windows\system32\qbegeo.exe
c:\windows\system32\qfina.exe
c:\windows\system32\qqrotp.exe
c:\windows\system32\qqrotq.exe
c:\windows\system32\qweryo.exe
c:\windows\system32\qweryp.exe
c:\windows\system32\qweryq.exe
c:\windows\system32\rfina.exe
c:\windows\system32\rfinb.exe
c:\windows\system32\rfinr.exe
c:\windows\system32\rqrota.exe
c:\windows\system32\rqrotq.exe
c:\windows\system32\rqrotr.exe
c:\windows\system32\rsodb.exe
c:\windows\system32\rweryp.exe
c:\windows\system32\rweryq.exe
c:\windows\system32\sfinr.exe
c:\windows\system32\sfins.exe
c:\windows\system32\sqrotr.exe
c:\windows\system32\ssodb.exe
c:\windows\system32\ssodc.exe
c:\windows\system32\ssods.exe
c:\windows\system32\stixc.exe
c:\windows\system32\tfinb.exe
c:\windows\system32\tfins.exe
c:\windows\system32\tsodb.exe
c:\windows\system32\tsodc.exe
c:\windows\system32\tsodt.exe
c:\windows\system32\ttixc.exe
c:\windows\system32\ttixd.exe
c:\windows\system32\ttixs.exe
c:\windows\system32\ttixt.exe
c:\windows\system32\tulmd.exe
c:\windows\system32\usodt.exe
c:\windows\system32\usodu.exe
c:\windows\system32\utixd.exe
c:\windows\system32\utixt.exe .. failed to delete
c:\windows\system32\utixu.exe
c:\windows\system32\uulmd.exe
c:\windows\system32\uulme.exe
c:\windows\system32\uulmu.exe
c:\windows\system32\vsodd.exe
c:\windows\system32\vtervf.exe
c:\windows\system32\vtervv.exe
c:\windows\system32\vtixu.exe
c:\windows\system32\vulme.exe
c:\windows\system32\vulmu.exe
c:\windows\system32\vulmv.exe
c:\windows\system32\wbegef.exe
c:\windows\system32\wbegeg.exe
c:\windows\system32\wbegew.exe
c:\windows\system32\wtervf.exe
c:\windows\system32\wtervg.exe
c:\windows\system32\wtervv.exe
c:\windows\system32\wtervw.exe
c:\windows\system32\wulme.exe
c:\windows\system32\wulmv.exe
c:\windows\system32\xbegeg.exe
c:\windows\system32\xbegew.exe
c:\windows\system32\xbegex.exe
c:\windows\system32\xtervg.exe
c:\windows\system32\xtervv.exe
c:\windows\system32\xtervw.exe
c:\windows\system32\xulmw.exe
c:\windows\system32\xweryg.exe
c:\windows\system32\xweryh.exe
c:\windows\system32\xweryx.exe
c:\windows\system32\ybegew.exe
c:\windows\system32\ybegex.exe
c:\windows\system32\yqroti.exe
c:\windows\system32\yweryg.exe
c:\windows\system32\yweryh.exe
c:\windows\system32\yweryx.exe
c:\windows\system32\yweryy.exe
c:\windows\system32\zfinj.exe
c:\windows\system32\zqroti.exe
c:\windows\system32\zqroty.exe
c:\windows\system32\zqrotz.exe
c:\windows\system32\ztervy.exe
c:\windows\system32\zweryy.exe
c:\windows\system32\zweryz.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-21 to 2011-11-21 )))))))))))))))))))))))))))))))
.
.
2011-11-21 17:05 . 2011-11-21 21:04 33280 ----a-w- c:\windows\system32\utixt.exe
2011-11-07 21:28 . 2011-11-07 21:28 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-25 09:24 . 2011-06-02 08:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-07 06:23 . 2010-09-07 02:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 06:21 . 2010-08-19 20:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-13 05:30 . 2010-09-07 02:48 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-08-31 17:00 . 2011-07-30 15:46 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IE New Window Maximizer"="c:\program files\IE New Window Maximizer\iemaximizer.exe" [2005-02-08 356352]
"PopUpStopperFreeEdition"="c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe" [2003-04-29 524288]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-04 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2005-05-26 49152]
"IconixOEAddOn"="c:\program files\Iconix\OEAddOn\OEdmn_6.exe" [2010-03-04 342872]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-24 2415456]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Lesley\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Photo Loader supervisory.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Photo Loader supervisory.lnk
backup=c:\windows\pss\Photo Loader supervisory.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TextBridge Instant Access OCR.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TextBridge Instant Access OCR.lnk
backup=c:\windows\pss\TextBridge Instant Access OCR.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Lesley^Start Menu^Programs^Startup^Lotus QuickStart.lnk]
path=c:\documents and settings\Lesley\Start Menu\Programs\Startup\Lotus QuickStart.lnk
backup=c:\windows\pss\Lotus QuickStart.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Lesley^Start Menu^Programs^Startup^Lotus SmartSuite 97 Registration.lnk]
path=c:\documents and settings\Lesley\Start Menu\Programs\Startup\Lotus SmartSuite 97 Registration.lnk
backup=c:\windows\pss\Lotus SmartSuite 97 Registration.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Lesley^Start Menu^Programs^Startup^Watch.lnk]
path=c:\documents and settings\Lesley\Start Menu\Programs\Startup\Watch.lnk
backup=c:\windows\pss\Watch.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Lesley^Start Menu^Programs^Startup^Winter Fun Wallpaper Changer.lnk]
path=c:\documents and settings\Lesley\Start Menu\Programs\Startup\Winter Fun Wallpaper Changer.lnk
backup=c:\windows\pss\Winter Fun Wallpaper Changer.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-06 22:46 57344 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLSTATEXE]
2004-05-27 11:07 1659050 ------w- c:\program files\Voyager 105 ADSL Modem\DSLSTAT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 15:36 305440 -c--a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 02:12 76304 -c--a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2008-02-29 02:12 76304 -c--a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2008-08-21 01:18 443968 -c--a-w- c:\program files\Picasa2\PicasaMediaDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 00:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 16:07 2260480 -csha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)
"iPod Service"=3 (0x3)
"CiSvc"=3 (0x3)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\NWBusinessSoftware\\MyBusiness.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 15:27 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 02:48 32592]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [07/11/2011 21:28 56208]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 02:48 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07/09/2010 02:49 295248]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [25/02/2010 13:10 390528]
R1 RapportCerberus_32301;RapportCerberus_32301;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys [07/11/2011 21:30 227312]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [07/11/2011 21:28 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [07/11/2011 21:28 164112]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02/08/2011 05:09 192776]
R2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [27/09/2010 07:13 1737464]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [30/07/2011 15:46 366152]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [07/11/2011 21:28 931640]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 20:42 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 20:42 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 20:42 16720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [30/07/2011 15:46 22216]
R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [08/08/2011 08:16 21520]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 06:25 4433248]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31/12/2009 13:45 135664]
S2 IconixService;Iconix Update Service;c:\program files\Common Files\Iconix\IconixService.exe [31/07/2008 21:57 283992]
S2 tsods;NVIDIA Display Srv;c:\windows\system32\tsods.exe --> c:\windows\system32\tsods.exe [?]
S3 FXDRV;FXDRV;c:\program files\SuperUtility\Fxdrv.sys [10/01/2006 10:34 13440]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [31/12/2009 13:45 135664]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [27/09/2010 07:11 100736]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [27/09/2010 07:02 102656]
S3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows\system32\drivers\hmvmdm.sys [13/10/2008 14:01 101120]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?]
S3 SiSV;SiSV;c:\windows\system32\drivers\SiSV.sys [27/11/2005 13:11 50432]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - RAPPORTIASO
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
2011-11-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-08 07:58]
.
2011-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 13:44]
.
2011-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 13:44]
.
2011-11-21 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 15:50]
.
2011-11-21 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2004-05-12 13:45]
.
2011-11-21 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-10-22 12:39]
.
2011-11-20 c:\windows\Tasks\User_Feed_Synchronization-{3B4C8217-2FF3-49BA-A069-7CAF273E4C52}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 04:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.msn.co.uk/previewx.aspx?q={searchTerms}&FORM=CBPW&first=1&noredir=1
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{88E50F1D-4790-4C6B-BEE3-D54E46B6EEF6} - c:\windows\acezlink.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: ADVFN 4v4
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-21 21:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1292428093-1303643608-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(760)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\windows\system32\msacm32.drv
.
- - - - - - - > 'lsass.exe'(820)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(40296)
c:\windows\system32\WININET.dll
c:\program files\Iconix\OEAddOn\OEldr_7.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
- - - - - - - > 'csrss.exe'(736)
c:\windows\system32\WININET.dll
.
Completion time: 2011-11-21 21:10:25
ComboFix-quarantined-files.txt 2011-11-21 21:10
ComboFix2.txt 2011-11-21 16:44
.
Pre-Run: 2,955,776,000 bytes free
Post-Run: 3,009,851,392 bytes free
.
- - End Of File - - F95318E4197AE284474387D59F98014F
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
81,728
OTH62:

After Jeff is through with you, I'll be glad to assist you.

Your computer has several programs and add-ons that need to be uninstalled, updated, or replaced.

-------------------------------------------------------
 

jeffce

Malware Specialist
Joined
May 10, 2011
Messages
1,727
Hi,

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)
 

OverTheHill62

Thread Starter
Joined
Nov 20, 2011
Messages
48
17:20:31.0671 4676 TDSS rootkit removing tool 2.6.20.0 Nov 22 2011 12:05:55
17:20:33.0671 4676 ============================================================
17:20:33.0687 4676 Current date / time: 2011/11/22 17:20:33.0671
17:20:33.0687 4676 SystemInfo:
17:20:33.0687 4676
17:20:33.0687 4676 OS Version: 5.1.2600 ServicePack: 3.0
17:20:33.0687 4676 Product type: Workstation
17:20:33.0687 4676 ComputerName: SUPERGIRL
17:20:33.0718 4676 UserName: Lesley
17:20:33.0718 4676 Windows directory: C:\WINDOWS
17:20:33.0718 4676 System windows directory: C:\WINDOWS
17:20:33.0718 4676 Processor architecture: Intel x86
17:20:33.0718 4676 Number of processors: 1
17:20:33.0718 4676 Page size: 0x1000
17:20:33.0750 4676 Boot type: Normal boot
17:20:33.0750 4676 ============================================================
17:20:36.0921 4676 Initialize success
17:20:50.0171 2684 ============================================================
17:20:50.0171 2684 Scan started
17:20:50.0171 2684 Mode: Manual;
17:20:50.0171 2684 ============================================================
17:20:52.0187 2684 Abiosdsk - ok
17:20:52.0703 2684 abp480n5 - ok
17:20:53.0296 2684 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:20:53.0468 2684 ACPI - ok
17:20:54.0000 2684 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:20:54.0046 2684 ACPIEC - ok
17:20:54.0531 2684 adpu160m - ok
17:20:55.0140 2684 aeaudio (9f59ae2de835641fbb0c6afd80d8fa9b) C:\WINDOWS\system32\drivers\aeaudio.sys
17:20:55.0203 2684 aeaudio - ok
17:20:55.0828 2684 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:20:55.0953 2684 aec - ok
17:20:56.0468 2684 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
17:20:56.0531 2684 AegisP - ok
17:20:57.0156 2684 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
17:20:57.0406 2684 AFD - ok
17:20:57.0921 2684 Aha154x - ok
17:20:58.0421 2684 aic78u2 - ok
17:20:58.0953 2684 aic78xx - ok
17:20:59.0406 2684 AliIde - ok
17:20:59.0953 2684 amsint - ok
17:21:00.0453 2684 asc - ok
17:21:00.0968 2684 asc3350p - ok
17:21:01.0484 2684 asc3550 - ok
17:21:02.0125 2684 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:21:02.0171 2684 AsyncMac - ok
17:21:02.0828 2684 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:21:02.0859 2684 atapi - ok
17:21:03.0343 2684 Atdisk - ok
17:21:03.0765 2684 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:21:03.0875 2684 Atmarpc - ok
17:21:04.0406 2684 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:21:04.0437 2684 audstub - ok
17:21:05.0093 2684 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
17:21:05.0156 2684 AVGIDSDriver - ok
17:21:05.0703 2684 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
17:21:05.0734 2684 AVGIDSEH - ok
17:21:06.0281 2684 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
17:21:06.0343 2684 AVGIDSFilter - ok
17:21:06.0953 2684 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
17:21:06.0984 2684 AVGIDSShim - ok
17:21:07.0625 2684 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
17:21:07.0687 2684 Avgldx86 - ok
17:21:08.0234 2684 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
17:21:08.0250 2684 Avgmfx86 - ok
17:21:08.0796 2684 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
17:21:08.0828 2684 Avgrkx86 - ok
17:21:09.0359 2684 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
17:21:09.0515 2684 Avgtdix - ok
17:21:10.0015 2684 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
17:21:10.0171 2684 BANTExt - ok
17:21:10.0750 2684 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:21:10.0765 2684 Beep - ok
17:21:11.0375 2684 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
17:21:11.0515 2684 BVRPMPR5 - ok
17:21:11.0796 2684 catchme - ok
17:21:12.0375 2684 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:21:12.0687 2684 cbidf2k - ok
17:21:13.0328 2684 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:21:13.0515 2684 CCDECODE - ok
17:21:13.0984 2684 cd20xrnt - ok
17:21:14.0515 2684 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:21:14.0546 2684 Cdaudio - ok
17:21:15.0015 2684 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:21:15.0187 2684 Cdfs - ok
17:21:15.0625 2684 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:21:15.0828 2684 Cdrom - ok
17:21:16.0343 2684 Changer - ok
17:21:16.0968 2684 CmdIde - ok
17:21:17.0671 2684 Cpqarray - ok
17:21:18.0281 2684 dac2w2k - ok
17:21:18.0812 2684 dac960nt - ok
17:21:19.0421 2684 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:21:19.0437 2684 Disk - ok
17:21:20.0093 2684 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:21:20.0250 2684 dmboot - ok
17:21:20.0921 2684 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:21:21.0046 2684 dmio - ok
17:21:21.0562 2684 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:21:21.0640 2684 dmload - ok
17:21:22.0234 2684 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:21:22.0484 2684 DMusic - ok
17:21:23.0062 2684 dpti2o - ok
17:21:23.0484 2684 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:21:23.0781 2684 drmkaud - ok
17:21:24.0406 2684 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:21:24.0515 2684 Fastfat - ok
17:21:25.0156 2684 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:21:25.0218 2684 Fdc - ok
17:21:25.0859 2684 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:21:25.0921 2684 Fips - ok
17:21:26.0437 2684 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:21:26.0453 2684 Flpydisk - ok
17:21:27.0062 2684 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:21:27.0187 2684 FltMgr - ok
17:21:27.0718 2684 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:21:27.0812 2684 Fs_Rec - ok
17:21:28.0375 2684 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:21:28.0468 2684 Ftdisk - ok
17:21:28.0609 2684 FXDRV (475ecccfd16edfad542eafab30e7109a) C:\Program Files\SuperUtility\Fxdrv.sys
17:21:28.0812 2684 FXDRV - ok
17:21:29.0359 2684 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
17:21:29.0375 2684 gagp30kx - ok
17:21:29.0921 2684 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:21:29.0937 2684 GEARAspiWDM - ok
17:21:30.0359 2684 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:21:30.0546 2684 Gpc - ok
17:21:31.0281 2684 hpn - ok
17:21:31.0953 2684 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:21:32.0250 2684 HTTP - ok
17:21:32.0859 2684 hwdatacard (20330198554b7ddb44403af21d6ae179) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
17:21:32.0953 2684 hwdatacard - ok
17:21:33.0484 2684 hwusbdev (922065957563d851b5a68b95aadac6ad) C:\WINDOWS\system32\DRIVERS\ewusbdev.sys
17:21:33.0562 2684 hwusbdev - ok
17:21:34.0109 2684 hwusbfake (9be5caeabc6b2eb98b3a4839a55d47a0) C:\WINDOWS\system32\DRIVERS\ewusbfake.sys
17:21:34.0359 2684 hwusbfake - ok
17:21:34.0765 2684 i2omgmt - ok
17:21:35.0156 2684 i2omp - ok
17:21:35.0640 2684 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:21:35.0765 2684 i8042prt - ok
17:21:36.0390 2684 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:21:36.0468 2684 Imapi - ok
17:21:36.0968 2684 ini910u - ok
17:21:37.0343 2684 IntelIde - ok
17:21:38.0109 2684 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:21:38.0171 2684 ip6fw - ok
17:21:38.0718 2684 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:21:38.0750 2684 IpFilterDriver - ok
17:21:39.0296 2684 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:21:39.0359 2684 IpInIp - ok
17:21:39.0953 2684 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:21:40.0109 2684 IpNat - ok
17:21:40.0656 2684 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:21:40.0843 2684 IPSec - ok
17:21:41.0296 2684 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:21:41.0343 2684 IRENUM - ok
17:21:42.0078 2684 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:21:42.0156 2684 isapnp - ok
17:21:42.0687 2684 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:21:42.0750 2684 Kbdclass - ok
17:21:43.0359 2684 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:21:43.0359 2684 kmixer - ok
17:21:43.0750 2684 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:21:43.0953 2684 KSecDD - ok
17:21:44.0515 2684 L8042Kbd (d1968dea7baff4a917858c384339cec8) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
17:21:44.0531 2684 L8042Kbd - ok
17:21:45.0093 2684 L8042mou (d6fc755ff505d99e6cc73e83492310df) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
17:21:45.0265 2684 L8042mou - ok
17:21:45.0687 2684 lbrtfdc - ok
17:21:46.0578 2684 LMouKE (c149bdad13194df16ea33f9f601ed7bf) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
17:21:46.0765 2684 LMouKE - ok
17:21:47.0390 2684 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
17:21:47.0453 2684 MBAMProtector - ok
17:21:48.0046 2684 mdvrmng (4e10e84320a8ec1c12bd0d00973b22ab) C:\WINDOWS\system32\drivers\mdvrmng.sys
17:21:48.0187 2684 mdvrmng - ok
17:21:48.0734 2684 MidiSyn (8c7d037a53b495e7c250fd70b158b581) C:\WINDOWS\system32\drivers\MidiSyn.sys
17:21:48.0796 2684 MidiSyn - ok
17:21:49.0343 2684 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:21:49.0390 2684 mnmdd - ok
17:21:50.0203 2684 MobileAdapter (4a77f036f7234ed24351ac486d2a29b9) C:\WINDOWS\system32\DRIVERS\hmvmdm.sys
17:21:50.0328 2684 MobileAdapter - ok
17:21:50.0812 2684 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:21:50.0937 2684 Modem - ok
17:21:51.0484 2684 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:21:51.0531 2684 Mouclass - ok
17:21:52.0125 2684 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:21:52.0218 2684 MountMgr - ok
17:21:52.0734 2684 mraid35x - ok
17:21:53.0265 2684 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:21:53.0359 2684 MRxDAV - ok
17:21:54.0078 2684 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:21:54.0437 2684 MRxSmb - ok
17:21:55.0031 2684 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:21:55.0078 2684 Msfs - ok
17:21:55.0625 2684 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:21:55.0640 2684 MSKSSRV - ok
17:21:56.0250 2684 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:21:56.0281 2684 MSPCLOCK - ok
17:21:56.0906 2684 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:21:56.0937 2684 MSPQM - ok
17:21:57.0500 2684 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:21:57.0593 2684 mssmbios - ok
17:21:58.0171 2684 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:21:58.0234 2684 MSTEE - ok
17:21:58.0781 2684 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:21:58.0953 2684 Mup - ok
17:21:59.0703 2684 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:21:59.0796 2684 NABTSFEC - ok
17:22:00.0468 2684 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:22:00.0671 2684 NDIS - ok
17:22:01.0281 2684 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:22:01.0484 2684 NdisIP - ok
17:22:02.0062 2684 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:22:02.0171 2684 NdisTapi - ok
17:22:02.0656 2684 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:22:02.0765 2684 Ndisuio - ok
17:22:03.0343 2684 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:22:03.0500 2684 NdisWan - ok
17:22:04.0093 2684 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:22:04.0265 2684 NDProxy - ok
17:22:04.0703 2684 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:22:04.0765 2684 NetBIOS - ok
17:22:05.0359 2684 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:22:05.0625 2684 NetBT - ok
17:22:06.0281 2684 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:22:06.0343 2684 Npfs - ok
17:22:07.0093 2684 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:22:07.0562 2684 Ntfs - ok
17:22:08.0140 2684 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:22:08.0187 2684 Null - ok
17:22:08.0703 2684 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:22:08.0734 2684 NwlnkFlt - ok
17:22:09.0343 2684 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:22:09.0406 2684 NwlnkFwd - ok
17:22:09.0968 2684 OVT511Plus (c5739be3a8eecdf951955a38e1741f45) C:\WINDOWS\system32\Drivers\omcamvid.sys
17:22:14.0343 2684 OVT511Plus - ok
17:22:14.0921 2684 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:22:15.0156 2684 Parport - ok
17:22:15.0750 2684 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:22:15.0812 2684 PartMgr - ok
17:22:16.0375 2684 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:22:16.0390 2684 ParVdm - ok
17:22:16.0875 2684 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:22:17.0000 2684 PCI - ok
17:22:17.0515 2684 PCIDump - ok
17:22:17.0953 2684 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:22:18.0671 2684 PCIIde - ok
17:22:19.0171 2684 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:22:19.0265 2684 Pcmcia - ok
17:22:19.0656 2684 PDCOMP - ok
17:22:20.0078 2684 PDFRAME - ok
17:22:20.0484 2684 PDRELI - ok
17:22:20.0859 2684 PDRFRAME - ok
17:22:21.0296 2684 perc2 - ok
17:22:21.0718 2684 perc2hib - ok
17:22:23.0015 2684 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:22:23.0203 2684 PptpMiniport - ok
17:22:23.0703 2684 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
17:22:23.0718 2684 Processor - ok
17:22:24.0328 2684 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:22:24.0546 2684 PSched - ok
17:22:25.0078 2684 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:22:25.0093 2684 Ptilink - ok
17:22:25.0656 2684 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:22:25.0703 2684 PxHelp20 - ok
17:22:26.0093 2684 ql1080 - ok
17:22:26.0562 2684 Ql10wnt - ok
17:22:26.0953 2684 ql12160 - ok
17:22:27.0437 2684 ql1240 - ok
17:22:27.0859 2684 ql1280 - ok
17:22:28.0593 2684 RapportBuka (e2aa111b00f5205ffd52a57f48b4f642) C:\WINDOWS\system32\drivers\RapportBuka.sys
17:22:28.0984 2684 RapportBuka - ok
17:22:29.0437 2684 RapportCerberus_32301 (2fccc769cdba34c6ab6183aa4d2f7519) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys
17:22:29.0468 2684 RapportCerberus_32301 - ok
17:22:29.0640 2684 RapportEI (5074fe56c70b31909c6b3129280c4cf2) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
17:22:29.0671 2684 RapportEI - ok
17:22:29.0953 2684 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
17:22:30.0125 2684 RapportIaso - ok
17:22:30.0625 2684 RapportKELL (d6c7c196ad59375e9dde68d70db6e7a1) C:\WINDOWS\system32\Drivers\RapportKELL.sys
17:22:30.0796 2684 RapportKELL - ok
17:22:31.0140 2684 RapportPG (1205f9ccc78d152a5cc509f5ee32800d) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
17:22:31.0140 2684 RapportPG - ok
17:22:31.0718 2684 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:22:31.0750 2684 RasAcd - ok
17:22:32.0328 2684 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:22:32.0406 2684 Rasl2tp - ok
17:22:32.0921 2684 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:22:33.0031 2684 RasPppoe - ok
17:22:33.0687 2684 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:22:33.0703 2684 Raspti - ok
17:22:34.0234 2684 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:22:34.0468 2684 Rdbss - ok
17:22:34.0953 2684 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:22:35.0140 2684 RDPCDD - ok
17:22:35.0750 2684 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:22:35.0921 2684 RDPWD - ok
17:22:36.0500 2684 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:22:36.0546 2684 redbook - ok
17:22:37.0140 2684 RTLWUSB - ok
17:22:37.0609 2684 SE27bus (59a9eb4073a39895af314780d0a032fa) C:\WINDOWS\system32\DRIVERS\SE27bus.sys
17:22:37.0843 2684 SE27bus - ok
17:22:38.0437 2684 SE27mdfl (d53e7e53107d1796825540129f8fe89f) C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys
17:22:38.0515 2684 SE27mdfl - ok
17:22:39.0093 2684 SE27mdm (2afa2f65a6e91da5b5070e734769827e) C:\WINDOWS\system32\DRIVERS\SE27mdm.sys
17:22:39.0140 2684 SE27mdm - ok
17:22:39.0718 2684 SE27mgmt (5a33a8d7b44c7bd8abe248b4dcd1ff3c) C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys
17:22:39.0765 2684 SE27mgmt - ok
17:22:40.0406 2684 SE27obex (5da6ff71e94b9134ddd094ebb09f05e6) C:\WINDOWS\system32\DRIVERS\SE27obex.sys
17:22:45.0484 2684 SE27obex - ok
17:22:46.0000 2684 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:22:46.0062 2684 Secdrv - ok
17:22:46.0828 2684 senfilt (bb596a578330ad794c6769b588af6bb4) C:\WINDOWS\system32\drivers\senfilt.sys
17:22:47.0156 2684 senfilt - ok
17:22:47.0593 2684 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:22:47.0781 2684 serenum - ok
17:22:48.0390 2684 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:22:48.0421 2684 Serial - ok
17:22:48.0953 2684 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:22:48.0984 2684 Sfloppy - ok
17:22:49.0609 2684 Simbad - ok
17:22:50.0203 2684 SiS315 (3a340f067230cd93a9cb54687c763e79) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
17:22:50.0343 2684 SiS315 - ok
17:22:50.0765 2684 SiSide (b4485881bd8aed9b157a2e6cf43c2d51) C:\WINDOWS\system32\DRIVERS\siside.sys
17:23:00.0578 2684 SiSide - ok
17:23:01.0156 2684 sisidex (6225224b8e846ac230f8d9b343635910) C:\WINDOWS\system32\drivers\sisidex.sys
17:23:01.0359 2684 sisidex - ok
17:23:01.0812 2684 SiSkp (65a3c0dec8d3b0d5bfb743e397ef98e5) C:\WINDOWS\system32\DRIVERS\srvkp.sys
17:23:01.0921 2684 SiSkp - ok
17:23:02.0484 2684 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys
17:23:02.0515 2684 SISNIC - ok
17:23:02.0921 2684 sisperf (596d4a7052002d2bd344d8937da6f66d) C:\WINDOWS\system32\drivers\sisperf.sys
17:23:03.0046 2684 sisperf - ok
17:23:03.0531 2684 SiSRaid (d0013138311fdab6dafccedfeed59ab1) C:\WINDOWS\system32\DRIVERS\SiSRaid.sys
17:23:03.0609 2684 SiSRaid - ok
17:23:04.0015 2684 SiSV (3a4db551bcbfb9779b67e1982a1a8400) C:\WINDOWS\system32\DRIVERS\SiSV.sys
17:23:04.0140 2684 SiSV - ok
17:23:04.0640 2684 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:23:04.0703 2684 SLIP - ok
17:23:05.0375 2684 smwdm (1319ea66a96250d59665d133c0ff7cd0) C:\WINDOWS\system32\drivers\smwdm.sys
17:23:05.0531 2684 smwdm - ok
17:23:06.0156 2684 Sparrow - ok
17:23:06.0828 2684 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:23:06.0890 2684 splitter - ok
17:23:07.0484 2684 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:23:07.0562 2684 sr - ok
17:23:08.0265 2684 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:23:08.0593 2684 Srv - ok
17:23:09.0203 2684 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:23:09.0250 2684 streamip - ok
17:23:09.0781 2684 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:23:09.0843 2684 swenum - ok
17:23:10.0484 2684 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:23:10.0531 2684 swmidi - ok
17:23:11.0156 2684 symc810 - ok
17:23:11.0562 2684 symc8xx - ok
17:23:12.0125 2684 sym_hi - ok
17:23:12.0531 2684 sym_u3 - ok
17:23:13.0078 2684 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:23:13.0312 2684 sysaudio - ok
17:23:13.0937 2684 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:23:14.0625 2684 Tcpip - ok
17:23:15.0187 2684 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:23:15.0203 2684 TDPIPE - ok
17:23:15.0750 2684 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:23:15.0859 2684 TDTCP - ok
17:23:16.0687 2684 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:23:16.0765 2684 TermDD - ok
17:23:17.0500 2684 TosIde - ok
17:23:18.0437 2684 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:23:18.0562 2684 Udfs - ok
17:23:19.0203 2684 ultra - ok
17:23:19.0781 2684 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:23:20.0234 2684 Update - ok
17:23:21.0234 2684 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:23:21.0343 2684 usbccgp - ok
17:23:21.0968 2684 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:23:22.0078 2684 usbehci - ok
17:23:22.0828 2684 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:23:28.0609 2684 usbhub - ok
17:23:29.0218 2684 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:23:30.0640 2684 usbohci - ok
17:23:31.0078 2684 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:23:31.0109 2684 usbprint - ok
17:23:31.0781 2684 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:23:32.0359 2684 usbscan - ok
17:23:32.0781 2684 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:23:32.0937 2684 USBSTOR - ok
17:23:33.0421 2684 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:23:33.0625 2684 VgaSave - ok
17:23:34.0078 2684 ViaIde - ok
17:23:34.0609 2684 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:23:34.0734 2684 VolSnap - ok
17:23:35.0406 2684 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:23:35.0468 2684 Wanarp - ok
17:23:36.0015 2684 WDICA - ok
17:23:36.0750 2684 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:23:36.0812 2684 wdmaud - ok
17:23:37.0671 2684 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:23:46.0718 2684 WpdUsb - ok
17:23:47.0359 2684 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:23:47.0406 2684 WSTCODEC - ok
17:23:48.0031 2684 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:23:48.0093 2684 WudfPf - ok
17:23:48.0687 2684 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:23:48.0796 2684 WudfRd - ok
17:23:48.0890 2684 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:23:50.0234 2684 \Device\Harddisk0\DR0 - ok
17:23:50.0250 2684 MBR (0x1B8) (6445d5f719231a5914e62ba4dff07d30) \Device\Harddisk1\DR1
17:23:50.0781 2684 \Device\Harddisk1\DR1 - ok
17:23:50.0796 2684 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk3\DR9
17:23:51.0109 2684 \Device\Harddisk3\DR9 - ok
17:23:51.0281 2684 Boot (0x1200) (fcfb79b60041e416f3086dc164d5f0bf) \Device\Harddisk0\DR0\Partition0
17:23:51.0328 2684 \Device\Harddisk0\DR0\Partition0 - ok
17:23:51.0406 2684 Boot (0x1200) (0aee792a8e8e0db780f7e467808323aa) \Device\Harddisk0\DR0\Partition1
17:23:51.0421 2684 \Device\Harddisk0\DR0\Partition1 - ok
17:23:51.0687 2684 Boot (0x1200) (b7e82bd900b180860874aa3219e51c6b) \Device\Harddisk0\DR0\Partition2
17:23:51.0687 2684 \Device\Harddisk0\DR0\Partition2 - ok
17:23:51.0750 2684 Boot (0x1200) (1b8395ef6b5367b7e684dbbb3562b03f) \Device\Harddisk1\DR1\Partition0
17:23:51.0796 2684 \Device\Harddisk1\DR1\Partition0 - ok
17:23:51.0953 2684 Boot (0x1200) (affb2955290580ad395422380e9d7411) \Device\Harddisk1\DR1\Partition1
17:23:51.0953 2684 \Device\Harddisk1\DR1\Partition1 - ok
17:23:52.0000 2684 Boot (0x1200) (517a3b4c2497730c32e6218a1c7fca8d) \Device\Harddisk3\DR9\Partition0
17:23:52.0000 2684 \Device\Harddisk3\DR9\Partition0 - ok
17:23:52.0078 2684 ============================================================
17:23:52.0078 2684 Scan finished
17:23:52.0078 2684 ============================================================
17:23:52.0343 1100 Detected object count: 0
17:23:52.0343 1100 Actual detected object count: 0
17:28:58.0375 5792 Deinitialize success
 

jeffce

Malware Specialist
Joined
May 10, 2011
Messages
1,727
Hi OTH62,

TeaTimer needs to be disabled so that its protection does not interfere with fixes.

How Spybot-S&D protects against the installation of Spyware/Malware.

TeaTimer can be re-enabled once the computer is clean. :)

1. Open Spybot-S&D in Advanced Mode.
2. If it is not already set to do this go to the "Mode" menu and select "Advanced Mode".
3. On the left hand side, click on "Tools".
4. Then click on the Resident Icon in the List.
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.
----------------

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    Code:
    KillAll::
    
    File::
    c:\windows\system32\utixt.exe
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
 

OverTheHill62

Thread Starter
Joined
Nov 20, 2011
Messages
48
Hi Jeff.

Have a problem. Left the machine to do its work as it seemed as if nothing was happening and it was taking forever. For some reason it started to go into standby but didn't complete this. I had to reboot as I couldn't get out of this, so I don't know if anything has happened. I cannot see a log anywhere. Do I re-run the script?

Lesley
 

jeffce

Malware Specialist
Joined
May 10, 2011
Messages
1,727
Yes just try it again. If you still have problems let me know. :)
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
81,728
Go to Control Panel - Power Options.

Set the power scheme to "Always On".

Set all other settings to "Never".

Click Apply.

Uncheck "Enable hibernation".

Click Apply - OK.

Restart the computer.

---------------------------------------------------------

Doing this will keep your computer awake all the time and not allow it to go into standby/sleep/suspend/hibernate mode - which you don't want to happen when you're doing something that's time-consuming and important.

---------------------------------------------------------
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top