1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

AVG showing multiple threats - am I infected

Discussion in 'Virus & Other Malware Removal' started by OverTheHill62, Nov 20, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. OverTheHill62

    OverTheHill62 Thread Starter

    Joined:
    Nov 20, 2011
    Messages:
    48
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
    Processor: AMD Hammer Family processor - Model Unknown, x86 Family 15 Model 44 Stepping 2
    Processor Count: 1
    RAM: 2014 Mb
    Graphics Card: SiS Mirage Graphics, 32 Mb
    Hard Drives: C: Total - 17547 MB, Free - 2654 MB; D: Total - 5459 MB, Free - 5419 MB; E: Total - 16198 MB, Free - 14275 MB; F: Total - 4298 MB, Free - 469 MB; G: Total - 4431 MB, Free - 1002 MB;
    Motherboard: , SiS-760
    Antivirus: None

    It says antivirus none but I do have AVG 2012.

    After AVG update on Friday, comp. kept flashing up with multiple threats. 372 quarantined. Shut down comp. Started up again yesterday, Saturday, again avg kept flashing multiple threats. As fast as these were quarantined, they seemed to keep reappearing. My windows\system32 file is full of .exe names.
    Computer has slowed to a crawl so that I can't do anything. I am unable to connect to the internet now with the faulty computer, but I can get e-mail. It has taken me so long to get these tests done that you have recommended as the computer is so slow. Hope you can help. Getting desperate as this is the workhorse computer.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:51:05, on 20/11/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\smax4.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files\Iconix\OEAddOn\OEdmn_6.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\IE New Window Maximizer\iemaximizer.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\WINDOWS\system32\OOBE\msoobe.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Common Files\Iconix\Launcher.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Program Files\Iconix\IEAddOn\IconixBHO_46.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [IconixOEAddOn] "C:\Program Files\Iconix\OEAddOn\OEdmn_6.exe"
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [IE New Window Maximizer] C:\Program Files\IE New Window Maximizer\iemaximizer.exe
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_46.dll
    O9 - Extra 'Tools' menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_46.dll
    O9 - Extra button: Acez.com - Download Free Screen Savers - {88E50F1D-4790-4C6B-BEE3-D54E46B6EEF6} - C:\WINDOWS\acezlink.htm
    O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\Iconix\IEAddOn\IconixBHO_46.dll
    O9 - Extra 'Tools' menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\Iconix\IEAddOn\IconixBHO_46.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: ADVFN 4v4 -
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} -
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
    O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} -
    O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} -
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} -
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264434143423
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264431327360
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} -
    O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} -
    O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} -
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) -
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: BecHelperService - Unknown owner - C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Iconix Update Service (IconixService) - Unknown owner - C:\Program Files\Common Files\Iconix\IconixService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: NVIDIA Display Srv (tsods) - Unknown owner - C:\WINDOWS\system32\tsods.exe (file missing)
    --
    End of file - 16789 bytes


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Lesley at 20:18:16 on 2011-11-20
    .
    ============== Running Processes ===============
    .
    \??\C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    \??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Analog Devices\SoundMAX\smax4.exe
    C:\Program Files\Iconix\OEAddOn\OEdmn_6.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\IE New Window Maximizer\iemaximizer.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Documents and Settings\Lesley\Desktop\dds.com
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\System32\svchost.exe -k NetworkService
    C:\WINDOWS\System32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://www.google.com
    uSearchMigratedDefaultURL = hxxp://search.msn.co.uk/previewx.aspx?q={searchTerms}&FORM=CBPW&first=1&noredir=1
    uStart Page = hxxp://www.google.co.uk/
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: IconixBHOClass Class: {761233b6-f228-49e4-8f6b-668499d4e55a} - c:\program files\iconix\ieaddon\IconixBHO_46.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    uRun: [IE New Window Maximizer] c:\program files\ie new window maximizer\iemaximizer.exe
    uRun: [PopUpStopperFreeEdition] "c:\progra~1\panicw~1\pop-up~1\PSFree.exe"
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [SoundMAX] "c:\program files\analog devices\soundmax\smax4.exe" /tray
    mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    mRun: [IconixOEAddOn] "c:\program files\iconix\oeaddon\OEdmn_6.exe"
    mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    dRunOnce: [RunNarrator] Narrator.exe
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {88E50F1D-4790-4C6B-BEE3-D54E46B6EEF6} - c:\windows\acezlink.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - {44E212AB-13EA-4CA4-BE65-197FBA170412} - c:\program files\iconix\ieaddon\IconixBHO_46.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {BC3F6B6D-2E49-4603-B028-7411655713F3} - {0CC2F28D-D415-4FC6-A2E4-54B4D983609A} - c:\program files\iconix\ieaddon\IconixBHO_46.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: ADVFN 4v4
    DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089}
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
    DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
    DPF: {16095503-786F-4097-AED6-5D567A26D760}
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
    DPF: {474F00F5-3853-492C-AC3A-476512BBC336}
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166}
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264434143423
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264431327360
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539}
    DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
    DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38}
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{7B107F41-A5C5-4B09-AB05-0A40522CE5A6} : DhcpNameServer = 192.168.0.1
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R? AVGIDSAgent;AVGIDSAgent
    R? FXDRV;FXDRV
    R? gupdate;Google Update Service (gupdate)
    R? gupdatem;Google Update Service (gupdatem)
    R? hwusbdev;Huawei DataCard USB PNP Device
    R? hwusbfake;Huawei DataCard USB Fake
    R? IconixService;Iconix Update Service
    R? MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial
    R? RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver
    R? SiSV;SiSV
    R? tsods;NVIDIA Display Srv
    S? AVGIDSDriver;AVGIDSDriver
    S? AVGIDSEH;AVGIDSEH
    S? AVGIDSFilter;AVGIDSFilter
    S? AVGIDSShim;AVGIDSShim
    S? Avgldx86;AVG AVI Loader Driver
    S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield
    S? Avgrkx86;AVG Anti-Rootkit Driver
    S? Avgtdix;AVG TDI Driver
    S? avgwd;AVG WatchDog
    S? BecHelperService;BecHelperService
    S? MBAMProtector;MBAMProtector
    S? MBAMService;MBAMService
    S? RapportBuka;RapportBuka
    S? RapportCerberus_32301;RapportCerberus_32301
    S? RapportEI;RapportEI
    S? RapportIaso;RapportIaso
    S? RapportKELL;RapportKELL
    S? RapportMgmtService;Rapport Management Service
    S? RapportPG;RapportPG
    .
    =============== Created Last 30 ================
    .
    2011-11-20 20:17:32 33280 ----a-w- c:\windows\system32\efinr.exe
    2011-11-20 20:17:22 33280 ----a-w- c:\windows\system32\wqrotw.exe
    2011-11-20 20:17:04 33280 ----a-w- c:\windows\system32\etixc.exe
    2011-11-20 20:07:23 33280 ----a-w- c:\windows\system32\wbegef.exe
    2011-11-20 20:06:36 33280 ----a-w- c:\windows\system32\uulmt.exe
    2011-11-20 20:05:39 33280 ----a-w- c:\windows\system32\ctixs.exe
    2011-11-20 20:05:36 33280 ----a-w- c:\windows\system32\iqroti.exe
    2011-11-20 20:04:39 33280 ----a-w- c:\windows\system32\fbegev.exe
    2011-11-20 20:03:59 33280 ----a-w- c:\windows\system32\ttixc.exe
    2011-11-20 20:03:23 33280 ----a-w- c:\windows\system32\qbegen.exe
    2011-11-20 20:02:28 33280 ----a-w- c:\windows\system32\ybegew.exe
    2011-11-20 20:01:37 33280 ----a-w- c:\windows\system32\ffinb.exe
    2011-11-20 19:53:25 33280 ----a-w- c:\windows\system32\ptervm.exe
    2011-11-20 19:41:28 33280 ----a-w- c:\windows\system32\uweryt.exe
    2011-11-20 19:37:31 33280 ----a-w- c:\windows\system32\osodo.exe
    2011-11-20 19:37:07 33280 ----a-w- c:\windows\system32\zsody.exe
    2011-11-20 19:37:03 33280 ----a-w- c:\windows\system32\usodu.exe
    2011-11-20 19:37:03 33280 ----a-w- c:\windows\system32\itixt.exe
    2011-11-20 19:35:57 33280 ----a-w- c:\windows\system32\kbegeg.exe
    2011-11-20 19:32:17 33280 ----a-w- c:\windows\system32\etixd.exe
    2011-11-20 19:18:46 33280 ----a-w- c:\windows\system32\jbegex.exe
    2011-11-20 19:17:33 33280 ----a-w- c:\windows\system32\ntixk.exe
    2011-11-20 19:08:03 33280 ----a-w- c:\windows\system32\ybegeg.exe
    2011-11-20 19:01:14 33280 ----a-w- c:\windows\system32\iqroth.exe
    2011-11-20 19:00:17 33280 ----a-w- c:\windows\system32\vsods.exe
    2011-11-20 18:59:57 33280 ----a-w- c:\windows\system32\htixv.exe
    2011-11-20 18:53:34 33280 ----a-w- c:\windows\system32\yweryh.exe
    2011-11-20 18:50:43 33280 ----a-w- c:\windows\system32\csodb.exe
    2011-11-20 18:48:30 33280 ----a-w- c:\windows\system32\ztervw.exe
    2011-11-20 18:46:09 33280 ----a-w- c:\windows\system32\pbegep.exe
    2011-11-20 18:10:00 33280 ----a-w- c:\windows\system32\wulmw.exe
    2011-11-20 18:08:51 33280 ----a-w- c:\windows\system32\ftixt.exe
    2011-11-20 18:08:34 33280 ----a-w- c:\windows\system32\mfinz.exe
    2011-11-20 18:08:26 33280 ----a-w- c:\windows\system32\uqrott.exe
    2011-11-20 18:08:25 33280 ----a-w- c:\windows\system32\tfina.exe
    2011-11-20 18:07:57 33280 ----a-w- c:\windows\system32\ytervy.exe
    2011-11-20 18:07:51 33280 ----a-w- c:\windows\system32\vtixc.exe
    2011-11-20 18:07:42 33280 ----a-w- c:\windows\system32\gsodv.exe
    2011-11-20 18:07:05 33280 ----a-w- c:\windows\system32\wulmd.exe
    2011-11-20 18:06:58 33280 ----a-w- c:\windows\system32\rbegea.exe
    2011-11-20 18:05:59 33280 ----a-w- c:\windows\system32\dsodt.exe
    2011-11-20 18:05:53 33280 ----a-w- c:\windows\system32\sqrots.exe
    2011-11-20 18:05:36 33280 ----a-w- c:\windows\system32\hulmu.exe
    2011-11-20 18:05:35 33280 ----a-w- c:\windows\system32\itervx.exe
    2011-11-20 18:05:22 33280 ----a-w- c:\windows\system32\osodn.exe
    2011-11-20 18:04:51 33280 ----a-w- c:\windows\system32\ybegef.exe
    2011-11-20 18:04:34 33280 ----a-w- c:\windows\system32\gulmw.exe
    2011-11-20 18:04:30 33280 ----a-w- c:\windows\system32\jbegew.exe
    2011-11-20 18:03:29 33280 ----a-w- c:\windows\system32\vsodb.exe
    2011-11-20 18:03:18 33280 ----a-w- c:\windows\system32\mfinm.exe
    2011-11-20 18:02:43 33280 ----a-w- c:\windows\system32\bbegeq.exe
    2011-11-20 18:01:38 33280 ----a-w- c:\windows\system32\nfinm.exe
    2011-11-20 18:01:17 33280 ----a-w- c:\windows\system32\gtixt.exe
    2011-11-20 18:00:47 33280 ----a-w- c:\windows\system32\nulml.exe
    2011-11-20 18:00:25 33280 ----a-w- c:\windows\system32\nsodj.exe
    2011-11-20 17:59:05 33280 ----a-w- c:\windows\system32\swerys.exe
    2011-11-20 17:58:55 33280 ----a-w- c:\windows\system32\ptixo.exe
    2011-11-20 17:58:49 33280 ----a-w- c:\windows\system32\kweryy.exe
    2011-11-20 17:58:38 33280 ----a-w- c:\windows\system32\dfinr.exe
    2011-11-20 17:58:25 33280 ----a-w- c:\windows\system32\rtervq.exe
    2011-11-20 17:56:57 33280 ----a-w- c:\windows\system32\vsodv.exe
    2011-11-20 17:56:48 33280 ----a-w- c:\windows\system32\twerys.exe
    2011-11-20 17:56:00 33280 ----a-w- c:\windows\system32\wterve.exe
    2011-11-20 17:54:50 33280 ----a-w- c:\windows\system32\rweryo.exe
    2011-11-20 17:53:36 33280 ----a-w- c:\windows\system32\ztervy.exe
    2011-11-20 17:53:34 33280 ----a-w- c:\windows\system32\jbegez.exe
    2011-11-20 17:52:25 33280 ----a-w- c:\windows\system32\cqrotp.exe
    2011-11-20 17:51:14 33280 ----a-w- c:\windows\system32\xweryg.exe
    2011-11-20 17:50:47 33280 ----a-w- c:\windows\system32\cbegeo.exe
    2011-11-20 17:50:40 33280 ----a-w- c:\windows\system32\wulme.exe
    2011-11-20 17:50:23 33280 ----a-w- c:\windows\system32\zbegez.exe
    2011-11-20 17:50:10 33280 ----a-w- c:\windows\system32\ufinb.exe
    2011-11-20 17:49:59 33280 ----a-w- c:\windows\system32\fsodu.exe
    2011-11-20 17:49:46 33280 ----a-w- c:\windows\system32\iweryg.exe
    2011-11-20 17:49:43 33280 ----a-w- c:\windows\system32\zweryz.exe
    2011-11-20 17:49:16 33280 ----a-w- c:\windows\system32\jweryz.exe
    2011-11-20 17:48:47 33280 ----a-w- c:\windows\system32\pulmn.exe
    2011-11-20 17:48:39 33280 ----a-w- c:\windows\system32\bbeger.exe
    2011-11-20 17:47:58 33280 ----a-w- c:\windows\system32\kbegej.exe
    2011-11-20 17:47:25 33280 ----a-w- c:\windows\system32\kweryj.exe
    2011-11-20 17:46:51 33280 ----a-w- c:\windows\system32\tqrotq.exe
    2011-11-20 17:46:43 33280 ----a-w- c:\windows\system32\tqrota.exe
    2011-11-20 17:46:40 33280 ----a-w- c:\windows\system32\kweryh.exe
    2011-11-20 17:46:31 33280 ----a-w- c:\windows\system32\vtixu.exe
    2011-11-20 17:46:19 33280 ----a-w- c:\windows\system32\sbeger.exe
    2011-11-20 17:46:13 33280 ----a-w- c:\windows\system32\otixl.exe
    2011-11-20 17:46:08 33280 ----a-w- c:\windows\system32\ybegex.exe
    2011-11-20 17:45:30 33280 ----a-w- c:\windows\system32\esodr.exe
    2011-11-20 17:45:28 33280 ----a-w- c:\windows\system32\tfint.exe
    2011-11-20 17:45:25 33280 ----a-w- c:\windows\system32\dqrotp.exe
    2011-11-20 17:45:08 33280 ----a-w- c:\windows\system32\mqrotl.exe
    2011-11-20 17:45:02 33280 ----a-w- c:\windows\system32\lweryk.exe
    2011-11-20 17:45:00 33280 ----a-w- c:\windows\system32\ntixn.exe
    2011-11-20 17:44:57 33280 ----a-w- c:\windows\system32\gtixv.exe
    2011-11-20 17:44:54 33280 ----a-w- c:\windows\system32\dqrotq.exe
    2011-11-20 17:44:50 33280 ----a-w- c:\windows\system32\lqroti.exe
    2011-11-20 17:44:48 33280 ----a-w- c:\windows\system32\ftixv.exe
    2011-11-20 17:44:35 33280 ----a-w- c:\windows\system32\cwerys.exe
    2011-11-20 17:44:24 33280 ----a-w- c:\windows\system32\hulmw.exe
    2011-11-20 17:44:16 33280 ----a-w- c:\windows\system32\efint.exe
    2011-11-20 17:43:27 33280 ----a-w- c:\windows\system32\etixu.exe
    2011-11-20 17:42:59 33280 ----a-w- c:\windows\system32\zbegeg.exe
    2011-11-20 17:42:44 33280 ----a-w- c:\windows\system32\hulme.exe
    2011-11-20 17:42:39 33280 ----a-w- c:\windows\system32\cweryr.exe
    2011-11-20 17:41:59 33280 ----a-w- c:\windows\system32\wtixw.exe
    2011-11-20 17:41:06 33280 ----a-w- c:\windows\system32\fsods.exe
    2011-11-20 17:41:04 33280 ----a-w- c:\windows\system32\ktervy.exe
    2011-11-20 17:41:04 33280 ----a-w- c:\windows\system32\htervx.exe
    2011-11-20 17:40:52 33280 ----a-w- c:\windows\system32\zbegeh.exe
    2011-11-20 17:40:50 33280 ----a-w- c:\windows\system32\pulmo.exe
    2011-11-20 17:40:46 33280 ----a-w- c:\windows\system32\nsodk.exe
    2011-11-20 17:40:42 33280 ----a-w- c:\windows\system32\otixn.exe
    2011-11-20 17:40:01 33280 ----a-w- c:\windows\system32\vulmd.exe
    2011-11-20 17:39:50 33280 ----a-w- c:\windows\system32\lfink.exe
    2011-11-20 17:39:42 33280 ----a-w- c:\windows\system32\iweryh.exe
    2011-11-20 17:39:25 33280 ----a-w- c:\windows\system32\wtervf.exe
    2011-11-20 17:33:51 33280 ----a-w- c:\windows\system32\wulmv.exe
    2011-11-20 17:33:31 33280 ----a-w- c:\windows\system32\tsodc.exe
    2011-11-20 17:32:04 33280 ----a-w- c:\windows\system32\msodl.exe
    2011-11-20 17:28:57 33280 ----a-w- c:\windows\system32\gbegef.exe
    2011-11-20 17:11:25 33280 ----a-w- c:\windows\system32\mtixm.exe
    2011-11-20 17:10:42 33280 ----a-w- c:\windows\system32\xtervx.exe
    2011-11-20 17:09:14 33280 ----a-w- c:\windows\system32\ftixu.exe
    2011-11-20 17:07:42 33280 ----a-w- c:\windows\system32\hbegeg.exe
    2011-11-20 17:07:11 33280 ----a-w- c:\windows\system32\dsodc.exe
    2011-11-20 17:06:06 33280 ----a-w- c:\windows\system32\gulmv.exe
    2011-11-20 17:05:26 33280 ----a-w- c:\windows\system32\usodt.exe
    2011-11-20 17:04:16 33280 ----a-w- c:\windows\system32\nulmn.exe
    2011-11-20 17:03:49 33280 ----a-w- c:\windows\system32\fulmv.exe
    2011-11-20 17:03:12 33280 ----a-w- c:\windows\system32\eulmd.exe
    2011-11-20 16:58:41 33280 ----a-w- c:\windows\system32\ptervo.exe
    2011-11-20 16:58:01 33280 ----a-w- c:\windows\system32\qbegeo.exe
    2011-11-20 16:55:54 33280 ----a-w- c:\windows\system32\rfinr.exe
    2011-11-20 16:55:46 33280 ----a-w- c:\windows\system32\sfina.exe
    2011-11-20 16:54:56 33280 ----a-w- c:\windows\system32\xtervw.exe
    2011-11-20 16:54:37 33280 ----a-w- c:\windows\system32\sfins.exe
    2011-11-20 16:54:32 33280 ----a-w- c:\windows\system32\mtixk.exe
    2011-11-20 16:54:21 33280 ----a-w- c:\windows\system32\usods.exe
    2011-11-20 16:53:55 33280 ----a-w- c:\windows\system32\wbegew.exe
    2011-11-20 16:53:54 33280 ----a-w- c:\windows\system32\bqrotr.exe
    2011-11-20 16:53:43 33280 ----a-w- c:\windows\system32\oulmn.exe
    2011-11-20 16:52:18 33280 ----a-w- c:\windows\system32\ntixm.exe
    2011-11-20 16:52:03 33280 ----a-w- c:\windows\system32\utixu.exe
    2011-11-20 16:52:00 33280 ----a-w- c:\windows\system32\tsodt.exe
    2011-11-20 16:51:49 33280 ----a-w- c:\windows\system32\lsodj.exe
    2011-11-20 16:51:38 33280 ----a-w- c:\windows\system32\ftervu.exe
    2011-11-20 16:50:40 33280 ----a-w- c:\windows\system32\gtervw.exe
    2011-11-20 16:50:37 33280 ----a-w- c:\windows\system32\gbegev.exe
    2011-11-20 16:50:35 33280 ----a-w- c:\windows\system32\fulmu.exe
    2011-11-20 16:50:17 33280 ----a-w- c:\windows\system32\yweryy.exe
    2011-11-20 16:49:03 33280 ----a-w- c:\windows\system32\dtixc.exe
    2011-11-20 16:48:31 33280 ----a-w- c:\windows\system32\ltixl.exe
    2011-11-20 16:48:29 33280 ----a-w- c:\windows\system32\hweryx.exe
    2011-11-20 16:48:27 33280 ----a-w- c:\windows\system32\wtervv.exe
    2011-11-20 16:48:27 33280 ----a-w- c:\windows\system32\csodr.exe
    2011-11-20 16:48:20 33280 ----a-w- c:\windows\system32\eulmu.exe
    2011-11-20 16:48:14 33280 ----a-w- c:\windows\system32\pweryo.exe
    2011-11-20 16:48:08 33280 ----a-w- c:\windows\system32\jqrotz.exe
    2011-11-20 16:48:04 33280 ----a-w- c:\windows\system32\qweryq.exe
    2011-11-20 16:46:28 33280 ----a-w- c:\windows\system32\wtervw.exe
    2011-11-20 16:46:10 33280 ----a-w- c:\windows\system32\gtervv.exe
    2011-11-20 16:45:43 33280 ----a-w- c:\windows\system32\vulmu.exe
    2011-11-20 16:45:33 33280 ----a-w- c:\windows\system32\dtixt.exe
    2011-11-20 16:45:30 33280 ----a-w- c:\windows\system32\gbegew.exe
    2011-11-20 16:45:29 33280 ----a-w- c:\windows\system32\utixt.exe
    2011-11-20 16:45:26 33280 ----a-w- c:\windows\system32\zqroty.exe
    2011-11-20 16:45:20 33280 ----a-w- c:\windows\system32\zqrotz.exe
    2011-11-20 16:45:19 33280 ----a-w- c:\windows\system32\zweryy.exe
    2011-11-20 16:44:41 33280 ----a-w- c:\windows\system32\iweryy.exe
    2011-11-20 16:44:39 33280 ----a-w- c:\windows\system32\rqrotr.exe
    2011-11-20 16:44:39 33280 ----a-w- c:\windows\system32\iweryx.exe
    2011-11-20 16:44:34 33280 ----a-w- c:\windows\system32\dsods.exe
    2011-11-20 16:44:23 33280 ----a-w- c:\windows\system32\obegen.exe
    2011-11-20 16:44:17 33280 ----a-w- c:\windows\system32\bqrotq.exe
    2011-11-20 16:44:07 33280 ----a-w- c:\windows\system32\cfinr.exe
    2011-11-20 16:43:48 33280 ----a-w- c:\windows\system32\ksodk.exe
    2011-11-20 16:43:39 33280 ----a-w- c:\windows\system32\obegeo.exe
    2011-11-20 16:43:37 33280 ----a-w- c:\windows\system32\mulmm.exe
    2011-11-20 16:43:19 33280 ----a-w- c:\windows\system32\ntervn.exe
    2011-11-20 16:43:18 33280 ----a-w- c:\windows\system32\kfinj.exe
    2011-11-20 16:43:14 33280 ----a-w- c:\windows\system32\ksodj.exe
    2011-11-20 16:42:56 33280 ----a-w- c:\windows\system32\vtervv.exe
    2011-11-20 16:42:45 33280 ----a-w- c:\windows\system32\dtixs.exe
    2011-11-20 16:42:39 33280 ----a-w- c:\windows\system32\csods.exe
    2011-11-20 16:42:33 33280 ----a-w- c:\windows\system32\hbegew.exe
    2011-11-20 16:42:27 33280 ----a-w- c:\windows\system32\rqrotq.exe
    2011-11-20 16:42:23 33280 ----a-w- c:\windows\system32\xulmu.exe
    2011-11-20 16:42:06 33280 ----a-w- c:\windows\system32\jqroty.exe
    2011-11-20 16:42:04 33280 ----a-w- c:\windows\system32\hweryw.exe
    2011-11-20 16:41:54 33280 ----a-w- c:\windows\system32\jfinz.exe
    2011-11-20 16:41:53 33280 ----a-w- c:\windows\system32\vulmv.exe
    2011-11-20 16:41:47 33280 ----a-w- c:\windows\system32\ftervv.exe
    2011-11-20 16:41:47 33280 ----a-w- c:\windows\system32\bfinr.exe
    2011-11-20 16:41:41 33280 ----a-w- c:\windows\system32\mtixl.exe
    2011-11-20 16:41:39 33280 ----a-w- c:\windows\system32\lsodk.exe
    2011-11-20 16:41:30 33280 ----a-w- c:\windows\system32\vulme.exe
    2011-11-20 16:41:29 33280 ----a-w- c:\windows\system32\ssods.exe
    2011-11-20 16:41:14 33280 ----a-w- c:\windows\system32\xweryx.exe
    2011-11-20 16:40:26 33280 ----a-w- c:\windows\system32\mulml.exe
    2011-11-20 16:40:22 33280 ----a-w- c:\windows\system32\ptervn.exe
    2011-11-20 16:39:29 33280 ----a-w- c:\windows\system32\sfinr.exe
    2011-11-20 16:39:16 33280 ----a-w- c:\windows\system32\eulmt.exe
    2011-11-20 16:38:58 33280 ----a-w- c:\windows\system32\xbegex.exe
    2011-11-20 16:38:44 33280 ----a-w- c:\windows\system32\xbegew.exe
    2011-11-20 16:38:11 33280 ----a-w- c:\windows\system32\qqrotq.exe
    2011-11-20 16:37:00 33280 ----a-w- c:\windows\system32\ltixk.exe
    2011-11-20 16:35:29 33280 ----a-w- c:\windows\system32\etixt.exe
    2011-11-20 16:35:15 33280 ----a-w- c:\windows\system32\hbegef.exe
    2011-11-20 16:29:36 33280 ----a-w- c:\windows\system32\qbegeq.exe
    2011-11-20 16:27:19 33280 ----a-w- c:\windows\system32\xbegeg.exe
    2011-11-20 16:25:41 33280 ----a-w- c:\windows\system32\ybegey.exe
    2011-11-20 16:24:50 33280 ----a-w- c:\windows\system32\qbegep.exe
    2011-11-20 16:24:23 33280 ----a-w- c:\windows\system32\ibegex.exe
    2011-11-20 16:24:21 33280 ----a-w- c:\windows\system32\hbegex.exe
    2011-11-20 16:19:09 33280 ----a-w- c:\windows\system32\otervm.exe
    2011-11-20 16:19:03 33280 ----a-w- c:\windows\system32\otervo.exe
    2011-11-20 16:14:09 33280 ----a-w- c:\windows\system32\zbegex.exe
    2011-11-20 16:12:26 33280 ----a-w- c:\windows\system32\sweryr.exe
    2011-11-20 16:09:36 33280 ----a-w- c:\windows\system32\rweryp.exe
    2011-11-20 16:09:33 33280 ----a-w- c:\windows\system32\zqroti.exe
    2011-11-20 16:07:15 33280 ----a-w- c:\windows\system32\zweryi.exe
    2011-11-20 16:06:37 33280 ----a-w- c:\windows\system32\jweryy.exe
    2011-11-20 16:05:30 33280 ----a-w- c:\windows\system32\rqrota.exe
    2011-11-20 16:04:06 33280 ----a-w- c:\windows\system32\bweryr.exe
    2011-11-20 16:01:08 33280 ----a-w- c:\windows\system32\sqrotr.exe
    2011-11-20 15:57:51 33280 ----a-w- c:\windows\system32\wulmu.exe
    2011-11-20 15:50:47 33280 ----a-w- c:\windows\system32\gulmu.exe
    2011-11-20 15:47:54 33280 ----a-w- c:\windows\system32\lqrotl.exe
    2011-11-20 15:47:52 33280 ----a-w- c:\windows\system32\kweryk.exe
    2011-11-20 15:47:51 33280 ----a-w- c:\windows\system32\bbegeo.exe
    2011-11-20 15:47:48 33280 ----a-w- c:\windows\system32\mfinl.exe
    2011-11-20 15:47:35 33280 ----a-w- c:\windows\system32\rbegeq.exe
    2011-11-20 15:47:35 33280 ----a-w- c:\windows\system32\qtervn.exe
    2011-11-20 15:47:34 33280 ----a-w- c:\windows\system32\oulml.exe
    2011-11-20 15:47:19 33280 ----a-w- c:\windows\system32\ytervx.exe
    2011-11-20 15:43:39 33280 ----a-w- c:\windows\system32\wtixt.exe
    2011-11-20 15:41:50 33280 ----a-w- c:\windows\system32\jweryg.exe
    2011-11-20 15:41:48 33280 ----a-w- c:\windows\system32\wsodv.exe
    2011-11-20 15:41:41 33280 ----a-w- c:\windows\system32\vsodu.exe
    2011-11-20 15:41:37 33280 ----a-w- c:\windows\system32\cweryp.exe
    2011-11-20 15:41:36 33280 ----a-w- c:\windows\system32\sbegep.exe
    2011-11-20 15:41:34 33280 ----a-w- c:\windows\system32\hulmx.exe
    2011-11-20 15:41:32 33280 ----a-w- c:\windows\system32\qtervq.exe
    2011-11-20 15:41:09 33280 ----a-w- c:\windows\system32\mqroty.exe
    2011-11-20 15:41:08 33280 ----a-w- c:\windows\system32\ptixl.exe
    2011-11-20 15:37:59 33280 ----a-w- c:\windows\system32\kqrotz.exe
    2011-11-20 15:37:45 33280 ----a-w- c:\windows\system32\usodc.exe
    2011-11-20 15:37:17 33280 ----a-w- c:\windows\system32\sqrotq.exe
    2011-11-20 15:31:51 33280 ----a-w- c:\windows\system32\ufint.exe
    2011-11-20 15:31:05 33280 ----a-w- c:\windows\system32\xulmw.exe
    2011-11-20 15:29:59 33280 ----a-w- c:\windows\system32\rweryr.exe
    2011-11-20 15:29:59 33280 ----a-w- c:\windows\system32\gulme.exe
    2011-11-20 15:29:28 33280 ----a-w- c:\windows\system32\gterve.exe
    2011-11-20 14:39:37 33280 ----a-w- c:\windows\system32\tfinb.exe
    2011-11-20 14:29:08 33280 ----a-w- c:\windows\system32\jqroti.exe
    2011-11-20 14:28:52 33280 ----a-w- c:\windows\system32\tsodb.exe
    2011-11-20 14:28:37 33280 ----a-w- c:\windows\system32\rweryq.exe
    2011-11-20 14:22:54 33280 ----a-w- c:\windows\system32\kqrotj.exe
    2011-11-20 14:21:53 33280 ----a-w- c:\windows\system32\bqrotp.exe
    2011-11-20 14:20:11 33280 ----a-w- c:\windows\system32\cqrots.exe
    2011-11-20 14:19:59 33280 ----a-w- c:\windows\system32\wtixv.exe
    2011-11-20 14:19:22 33280 ----a-w- c:\windows\system32\xtervf.exe
    2011-11-20 14:18:24 33280 ----a-w- c:\windows\system32\sqrotb.exe
    2011-11-20 14:18:21 33280 ----a-w- c:\windows\system32\rtervo.exe
    2011-11-20 14:18:09 33280 ----a-w- c:\windows\system32\hweryg.exe
    2011-11-20 14:17:50 33280 ----a-w- c:\windows\system32\lfinj.exe
    2011-11-20 14:17:06 33280 ----a-w- c:\windows\system32\lbegek.exe
    2011-11-20 14:16:05 33280 ----a-w- c:\windows\system32\esods.exe
    2011-11-20 14:14:00 33280 ----a-w- c:\windows\system32\ntixl.exe
    2011-11-20 14:13:56 33280 ----a-w- c:\windows\system32\fterve.exe
    2011-11-20 14:10:23 33280 ----a-w- c:\windows\system32\vtixt.exe
    2011-11-20 14:08:58 33280 ----a-w- c:\windows\system32\jfini.exe
    2011-11-20 14:08:49 33280 ----a-w- c:\windows\system32\bweryp.exe
    2011-11-20 14:05:07 33280 ----a-w- c:\windows\system32\fsodr.exe
    2011-11-20 14:02:00 33280 ----a-w- c:\windows\system32\kqroti.exe
    2011-11-20 14:00:55 33280 ----a-w- c:\windows\system32\cfins.exe
    2011-11-20 13:57:45 33280 ----a-w- c:\windows\system32\xtervg.exe
    2011-11-20 13:56:18 33280 ----a-w- c:\windows\system32\lfinl.exe
    2011-11-20 13:55:54 33280 ----a-w- c:\windows\system32\bfina.exe
    2011-11-20 13:55:20 33280 ----a-w- c:\windows\system32\xterve.exe
    2011-11-20 13:55:19 33280 ----a-w- c:\windows\system32\pulmm.exe
    2011-11-20 13:55:12 33280 ----a-w- c:\windows\system32\hterve.exe
    2011-11-20 13:54:24 33280 ----a-w- c:\windows\system32\zbegey.exe
    2011-11-20 13:54:22 33280 ----a-w- c:\windows\system32\xtervv.exe
    2011-11-20 13:54:09 33280 ----a-w- c:\windows\system32\ptervp.exe
    2011-11-20 13:53:24 33280 ----a-w- c:\windows\system32\ibegey.exe
    2011-11-20 13:53:18 33280 ----a-w- c:\windows\system32\xbegef.exe
    2011-11-20 13:49:31 33280 ----a-w- c:\windows\system32\tqrott.exe
    2011-11-20 13:48:38 33280 ----a-w- c:\windows\system32\jweryx.exe
    2011-11-20 13:48:17 33280 ----a-w- c:\windows\system32\cfinb.exe
    2011-11-20 13:47:29 33280 ----a-w- c:\windows\system32\sfinb.exe
    2011-11-20 13:46:47 33280 ----a-w- c:\windows\system32\utixc.exe
    2011-11-20 13:45:18 33280 ----a-w- c:\windows\system32\gtervf.exe
    2011-11-20 13:44:28 33280 ----a-w- c:\windows\system32\lweryx.exe
    2011-11-20 13:43:46 33280 ----a-w- c:\windows\system32\jweryh.exe
    2011-11-20 13:42:29 33280 ----a-w- c:\windows\system32\msodj.exe
    2011-11-20 13:41:29 33280 ----a-w- c:\windows\system32\ttixs.exe
    2011-11-20 13:40:23 33280 ----a-w- c:\windows\system32\yweryi.exe
    2011-11-20 13:40:11 33280 ----a-w- c:\windows\system32\vulmf.exe
    2011-11-20 13:27:03 33280 ----a-w- c:\windows\system32\bweryq.exe
    2011-11-20 13:26:51 33280 ----a-w- c:\windows\system32\dfins.exe
    2011-11-20 13:24:44 33280 ----a-w- c:\windows\system32\kfink.exe
    2011-11-20 13:24:28 33280 ----a-w- c:\windows\system32\nsodm.exe
    2011-11-20 13:24:26 33280 ----a-w- c:\windows\system32\qweryo.exe
    2011-11-20 13:24:25 33280 ----a-w- c:\windows\system32\esodu.exe
    2011-11-20 13:23:43 33280 ----a-w- c:\windows\system32\efinu.exe
    2011-11-20 13:23:01 33280 ----a-w- c:\windows\system32\cqrotq.exe
    2011-11-20 13:22:53 33280 ----a-w- c:\windows\system32\kqrotk.exe
    2011-11-20 13:18:21 33280 ----a-w- c:\windows\system32\vtixv.exe
    2011-11-20 13:18:16 33280 ----a-w- c:\windows\system32\lqrotk.exe
    2011-11-20 13:18:05 33280 ----a-w- c:\windows\system32\jtervf.exe
    2011-11-20 13:17:52 33280 ----a-w- c:\windows\system32\lqroty.exe
    2011-11-20 13:13:46 33280 ----a-w- c:\windows\system32\kfini.exe
    2011-11-20 13:13:33 33280 ----a-w- c:\windows\system32\tfins.exe
    2011-11-20 13:12:23 33280 ----a-w- c:\windows\system32\cfina.exe
    2011-11-20 13:12:17 33280 ----a-w- c:\windows\system32\tqrots.exe
    2011-11-20 13:12:15 33280 ----a-w- c:\windows\system32\dfint.exe
    2011-11-20 13:12:08 33280 ----a-w- c:\windows\system32\qtervp.exe
    2011-11-20 13:05:05 33280 ----a-w- c:\windows\system32\tfinr.exe
    2011-11-20 13:04:12 33280 ----a-w- c:\windows\system32\lfinz.exe
    2011-11-20 13:03:58 33280 ----a-w- c:\windows\system32\bqrota.exe
    2011-11-20 13:03:30 33280 ----a-w- c:\windows\system32\msodk.exe
    2011-11-20 13:02:53 33280 ----a-w- c:\windows\system32\kweryz.exe
    2011-11-20 13:02:48 33280 ----a-w- c:\windows\system32\uqrots.exe
    2011-11-20 13:02:46 33280 ----a-w- c:\windows\system32\esodb.exe
    2011-11-20 13:02:40 33280 ----a-w- c:\windows\system32\bweryo.exe
    2011-11-20 13:02:27 33280 ----a-w- c:\windows\system32\mfinj.exe
    2011-11-20 12:58:10 33280 ----a-w- c:\windows\system32\esodt.exe
    2011-11-20 12:57:07 33280 ----a-w- c:\windows\system32\oulmo.exe
    2011-11-20 12:57:01 33280 ----a-w- c:\windows\system32\htervw.exe
    2011-11-20 12:56:35 33280 ----a-w- c:\windows\system32\lsodl.exe
    2011-11-20 12:56:00 33280 ----a-w- c:\windows\system32\tweryp.exe
    2011-11-20 12:55:57 33280 ----a-w- c:\windows\system32\hqrotx.exe
    2011-11-20 12:55:37 33280 ----a-w- c:\windows\system32\kqroty.exe
    2011-11-20 12:55:30 33280 ----a-w- c:\windows\system32\dtixd.exe
    2011-11-20 12:55:14 33280 ----a-w- c:\windows\system32\dqrots.exe
    2011-11-20 12:55:08 33280 ----a-w- c:\windows\system32\cfinc.exe
    2011-11-20 12:54:57 33280 ----a-w- c:\windows\system32\yqroth.exe
    2011-11-20 12:54:57 33280 ----a-w- c:\windows\system32\jfiny.exe
    2011-11-20 12:54:54 33280 ----a-w- c:\windows\system32\dqrotd.exe
    2011-11-20 12:54:52 33280 ----a-w- c:\windows\system32\yulmx.exe
    2011-11-20 12:54:47 33280 ----a-w- c:\windows\system32\ytervf.exe
    2011-11-20 12:54:39 33280 ----a-w- c:\windows\system32\gweryw.exe
    2011-11-20 12:54:13 33280 ----a-w- c:\windows\system32\nbegen.exe
    2011-11-20 12:54:09 33280 ----a-w- c:\windows\system32\wbegev.exe
    2011-11-20 12:53:13 33280 ----a-w- c:\windows\system32\yqroty.exe
    2011-11-20 12:53:00 33280 ----a-w- c:\windows\system32\lulml.exe
    2011-11-20 12:52:38 33280 ----a-w- c:\windows\system32\qqrota.exe
    2011-11-20 12:52:24 33280 ----a-w- c:\windows\system32\rqrotb.exe
    2011-11-20 12:52:20 33280 ----a-w- c:\windows\system32\zfinz.exe
    2011-11-20 12:52:19 33280 ----a-w- c:\windows\system32\zweryx.exe
    2011-11-20 12:52:14 33280 ----a-w- c:\windows\system32\pbegen.exe
    2011-11-20 12:52:02 33280 ----a-w- c:\windows\system32\uulmd.exe
    2011-11-20 12:50:57 33280 ----a-w- c:\windows\system32\bsodr.exe
    2011-11-20 12:49:59 33280 ----a-w- c:\windows\system32\yqroti.exe
    2011-11-20 11:25:43 33280 ----a-w- c:\windows\system32\oulmm.exe
    2011-11-20 11:24:38 33280 ----a-w- c:\windows\system32\yweryg.exe
    2011-11-07 21:28:38 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    .
    ==================== Find3M ====================
    .
    2011-11-20 12:51:54 33280 ----a-w- c:\windows\system32\stixc.exe
    2011-11-20 12:50:55 33280 ----a-w- c:\windows\system32\rsodb.exe
    2011-11-20 12:49:57 33280 ----a-w- c:\windows\system32\wbegeg.exe
    2011-10-25 09:24:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-07 06:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2011-10-04 06:21:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
    2011-09-13 05:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2011-08-31 17:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    ============= FINISH: 20:34:45.37 ===============



    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    .
    ==== Installed Programs ======================
    .
    1 Nutty Santa Screen Saver
    3Connect
    Acez.com Toolbar Button
    Adobe Flash Player 11 ActiveX
    Adobe Reader 8.3.1
    Adobe® Photoshop® Album Starter Edition 3.0
    Adobe® Photoshop® Album Starter Edition 3.0.1
    Ancestral Author 2.7
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ask Toolbar
    AVG 2012
    Belarc Advisor 6.0
    Big Fish Games: Game Manager
    Bonjour
    CCleaner (remove only)
    CDDRV_Installer
    ClearType Tuning Control Panel Applet
    Click to Call with Skype
    Compatibility Pack for the 2007 Office system
    Coupon Printer
    CreataCard Gold 2
    Digital Photography Winter Fun Pack
    Doc Scrubber v1.1
    Easy Print Calendar 4 Freeware Edition (remove only)
    EPSON Attach To Email
    EPSON Copy Utility 3
    EPSON Easy Photo Print
    EPSON File Manager
    EPSON Image Clip Palette
    EPSON Printer Software
    EPSON Scan
    EPSON Scan Assistant
    EPSON Web-To-Page
    ESDX4800_4200 User's Guide
    EZ Fonts
    Family Tree Maker 2005
    GENViewer Lite 1.14
    GENViewer version 1.12
    Google Earth
    Google Update Helper
    Google Updater
    Hidden in Time: Mirror Mirror
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB976098-v2)
    Huawei modem
    Iconix™ eMail ID
    IE New Window Maximizer 2.4
    IrfanView (remove only)
    iTunes
    Java(TM) 6 Update 11
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    KhalInstallWrapper
    Living Snow Globes Wallpaper #2
    Lizardtech DjVu Control (autoinstall)
    Logitech Desktop Messenger
    Logitech SetPoint
    Lotus SmartSuite 97
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 97, Professional Edition
    Microsoft Office Converter Pack
    Microsoft Office Excel Viewer 2003
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Zoo Tycoon Card Flip Game
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    My 3D Christmas Tree Full Screen Saver
    NatWest Business Software
    Nero
    Night Before Christmas Full Screen Saver
    Paragon Partition Manager 2005
    ParLoc3
    Photo Loader 2.3E
    Photohands 1.0E
    Picasa 3
    PIF DESIGNER
    Pop-Up Stopper Free Edition
    QuickTime
    Rapport
    RealPlayer
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    SiS Mirage Graphics
    SiSAGP driver
    snowglobe
    Snowy Winter Wonderland Saver
    Sony Ericsson Media Manager 1.1
    SoundMAX
    Spybot - Search & Destroy
    Spybot - Search & Destroy 1.4
    SpywareBlaster 4.4
    SpywareGuard v2.2
    SuperUtility
    UK-Info 2004 SE
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Vodafone PC Assistant V1.8.19
    WebFldrs XP
    WinBMD
    Windows 7 Upgrade Advisor
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage v1.3.0254.0
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Format SDK Hotfix - KB891122
    Windows Media Player 11
    Windows XP Service Pack 3
    .
    ==== Event Viewer Messages From Past Week ========
    .
    20/11/2011 18:07:40, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    20/11/2011 07:46:39, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
    20/11/2011 07:46:24, error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    20/11/2011 07:46:10, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVGIDSAgent service to connect.
    19/11/2011 23:34:57, error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    18/11/2011 09:36:09, error: Service Control Manager [7000] - The Iconix Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    18/11/2011 09:36:07, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Iconix Update Service service to connect.
    18/11/2011 09:36:06, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service IconixService with arguments "" in order to run the server: {0F76009B-E27B-4023-BEE4-605D217E8D4D}
    18/11/2011 09:27:20, error: Service Control Manager [7034] - The NVIDIA Display Srv service terminated unexpectedly. It has done this 1 time(s).
    15/11/2011 19:24:02, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    15/11/2011 19:23:28, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 00016CCEEEF0 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    .
    ==== End Of File ===========================


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-11-20 20:15:55
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 Maxtor_6E040L0 rev.NAR61590
    Running: dmn95xtd.exe; Driver: C:\DOCUME~1\Lesley\LOCALS~1\Temp\kwtiypow.sys

    ---- Devices - GMER 1.0.15 ----
    AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider)
    AttachedDevice \FileSystem\Fastfat \Fat sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip mdvrmng.sys
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp mdvrmng.sys
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp mdvrmng.sys
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp mdvrmng.sys
    ---- EOF - GMER 1.0.15 ----
     
  2. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
    • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Watch Topic button to the right of your topic title and then choosing the notification method ( Recommended: Inmediate Notification)
    • The fixes are specific to your problem and should only be used for the issues on this machine.
    • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
    • It's often worth reading through these instructions and printing them for ease of reference.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.

    IMPORTANT NOTE : Please do not delete anything unless instructed to.
    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
    Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.


    Vista and Windows 7 users:
    These tools MUST be run from the executable (.exe) every time you run them
    with Admin Rights (Right click, choose "Run as Administrator")


    Stay with this topic until I give you the all clean post.
    ----------

    Please download aswMBR to your desktop.

    • Double click the aswMBR icon to run it.
    • Click the Scan button to start scan.
    • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

    [​IMG]
    Click the image to enlarge it
    ----------
     
  3. OverTheHill62

    OverTheHill62 Thread Starter

    Joined:
    Nov 20, 2011
    Messages:
    48
    Hi Jeff. Thanks for coming to my rescue. One other thing has happened, I've lost my XP genuine copy validation, and only have 2 days left for activation but I can't do this!

    The multiple threat is being given as Trojan horse BackDoor.Agent.AOEI by AVG and I keep clicking the remove all unhealed button. Incidentally, it is the free AVG version I have.

    Herewith MBR log as requested

    Lesley


    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-21 08:45:23
    -----------------------------
    08:45:23.640 OS Version: Windows 5.1.2600 Service Pack 3
    08:45:23.671 Number of processors: 1 586 0x2C02
    08:45:23.687 ComputerName: SUPERGIRL UserName: Lesley
    08:45:33.828 Initialize success
    08:46:12.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
    08:46:12.609 Disk 0 Vendor: Maxtor_6E040L0 NAR61590 Size: 39205MB BusType: 3
    08:46:12.640 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-17
    08:46:12.640 Disk 1 Vendor: WDC_WD102AA 05.05B05 Size: 9787MB BusType: 3
    08:46:14.015 Disk 0 MBR read successfully
    08:46:14.093 Disk 0 MBR scan
    08:46:14.093 Disk 0 Windows XP default MBR code
    08:46:14.125 Disk 0 scanning sectors +80292870
    08:46:14.234 Disk 0 scanning C:\WINDOWS\system32\drivers
    08:47:18.265 Service scanning
    08:47:25.375 Modules scanning
    08:49:52.859 Disk 0 trace - called modules:
    08:49:52.875 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys siside.sys
    08:49:52.890 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a752ab8]
    08:49:53.375 3 CLASSPNP.SYS[ba0f8fd7] -> nt!IofCallDriver -> \Device\00000063[0x8a78e1b0]
    08:49:53.375 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a709d98]
    08:49:53.390 Scan finished successfully
    08:58:39.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Lesley\Desktop\MBR.dat"
    08:58:39.312 The log file has been saved successfully to "C:\Documents and Settings\Lesley\Desktop\aswMBR.txt"
     
  4. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi OvertheHill62,

    Please read through these instructions to familarize yourself with what to expect when this tool runs

    Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    [​IMG]

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]

    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    Notes:

    1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ----------
     
  5. OverTheHill62

    OverTheHill62 Thread Starter

    Joined:
    Nov 20, 2011
    Messages:
    48
    ComboFix 11-11-21.01 - Lesley 21/11/2011 16:17:08.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2014.1348 [GMT 0:00]
    Running from: c:\documents and settings\Lesley\Desktop\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Lesley\Favorites\Acez.com - Download Free Screen Savers!.url
    c:\documents and settings\Lesley\WINDOWS
    c:\windows\acezcold.ico
    c:\windows\acezhot.ico
    c:\windows\acezlink.htm
    c:\windows\bwUnin-8.1.1.50-8876480SL.exe
    c:\windows\ST6UNST.000
    c:\windows\winhelp.ini
    .
    ----- File Replicators -----
    .
    c:\windows\system32\afina.exe
    c:\windows\system32\aqrotq.exe
    c:\windows\system32\bbegeo.exe
    c:\windows\system32\bbegeq.exe
    c:\windows\system32\bbeger.exe
    c:\windows\system32\bfina.exe
    c:\windows\system32\bfinb.exe
    c:\windows\system32\bfinj.exe
    c:\windows\system32\bfinq.exe
    c:\windows\system32\bfinr.exe
    c:\windows\system32\bqrota.exe
    c:\windows\system32\bqrotp.exe
    c:\windows\system32\bqrotq.exe
    c:\windows\system32\bqrotr.exe
    c:\windows\system32\bsodb.exe
    c:\windows\system32\bsodr.exe
    c:\windows\system32\btervn.exe
    c:\windows\system32\btervq.exe
    c:\windows\system32\btixq.exe
    c:\windows\system32\bweryo.exe
    c:\windows\system32\bweryq.exe
    c:\windows\system32\bweryr.exe
    c:\windows\system32\cbegeo.exe
    c:\windows\system32\cfina.exe
    c:\windows\system32\cfinb.exe
    c:\windows\system32\cfinc.exe
    c:\windows\system32\cfinq.exe
    c:\windows\system32\cfinr.exe
    c:\windows\system32\cfins.exe
    c:\windows\system32\cqrotp.exe
    c:\windows\system32\cqrotq.exe
    c:\windows\system32\cqrotr.exe
    c:\windows\system32\cqrots.exe
    c:\windows\system32\csodb.exe
    c:\windows\system32\csodc.exe
    c:\windows\system32\csodr.exe
    c:\windows\system32\csods.exe
    c:\windows\system32\ctervm.exe
    c:\windows\system32\ctixc.exe
    c:\windows\system32\ctixs.exe
    c:\windows\system32\cweryp.exe
    c:\windows\system32\cweryr.exe
    c:\windows\system32\cwerys.exe
    c:\windows\system32\dfinr.exe
    c:\windows\system32\dfins.exe
    c:\windows\system32\dfint.exe
    c:\windows\system32\dqrotc.exe
    c:\windows\system32\dqrotd.exe
    c:\windows\system32\dqrotp.exe
    c:\windows\system32\dqrotq.exe
    c:\windows\system32\dqrots.exe
    c:\windows\system32\dsodc.exe
    c:\windows\system32\dsods.exe
    c:\windows\system32\dsodt.exe
    c:\windows\system32\dtixd.exe
    c:\windows\system32\dtixs.exe
    c:\windows\system32\dtixt.exe
    c:\windows\system32\dulmd.exe
    c:\windows\system32\efinr.exe
    c:\windows\system32\efint.exe
    c:\windows\system32\efinu.exe
    c:\windows\system32\eqrota.exe
    c:\windows\system32\esodb.exe
    c:\windows\system32\esodr.exe
    c:\windows\system32\esods.exe
    c:\windows\system32\esodt.exe
    c:\windows\system32\esodu.exe
    c:\windows\system32\eterve.exe
    c:\windows\system32\etervu.exe
    c:\windows\system32\etixc.exe
    c:\windows\system32\etixd.exe
    c:\windows\system32\etixt.exe
    c:\windows\system32\etixu.exe
    c:\windows\system32\eulmd.exe
    c:\windows\system32\eulme.exe
    c:\windows\system32\eulmt.exe
    c:\windows\system32\eulmu.exe
    c:\windows\system32\eweryo.exe
    c:\windows\system32\fbegef.exe
    c:\windows\system32\fbegev.exe
    c:\windows\system32\ffinb.exe
    c:\windows\system32\fqrotv.exe
    c:\windows\system32\fsodr.exe
    c:\windows\system32\fsods.exe
    c:\windows\system32\fsodu.exe
    c:\windows\system32\fsodv.exe
    c:\windows\system32\fterve.exe
    c:\windows\system32\ftervf.exe
    c:\windows\system32\ftervu.exe
    c:\windows\system32\ftervv.exe
    c:\windows\system32\ftixd.exe
    c:\windows\system32\ftixt.exe
    c:\windows\system32\ftixu.exe
    c:\windows\system32\ftixv.exe
    c:\windows\system32\fulmd.exe
    c:\windows\system32\fulme.exe
    c:\windows\system32\fulmu.exe
    c:\windows\system32\fulmv.exe
    c:\windows\system32\gbegef.exe
    c:\windows\system32\gbegeg.exe
    c:\windows\system32\gbegev.exe
    c:\windows\system32\gbegew.exe
    c:\windows\system32\gqrotv.exe
    c:\windows\system32\gsodv.exe
    c:\windows\system32\gterve.exe
    c:\windows\system32\gtervf.exe
    c:\windows\system32\gtervu.exe
    c:\windows\system32\gtervv.exe
    c:\windows\system32\gtervw.exe
    c:\windows\system32\gtixt.exe
    c:\windows\system32\gtixv.exe
    c:\windows\system32\gtixw.exe
    c:\windows\system32\gulme.exe
    c:\windows\system32\gulmu.exe
    c:\windows\system32\gulmv.exe
    c:\windows\system32\gulmw.exe
    c:\windows\system32\gweryg.exe
    c:\windows\system32\gweryp.exe
    c:\windows\system32\gweryw.exe
    c:\windows\system32\hbegef.exe
    c:\windows\system32\hbegeg.exe
    c:\windows\system32\hbegev.exe
    c:\windows\system32\hbegew.exe
    c:\windows\system32\hbegex.exe
    c:\windows\system32\hqroth.exe
    c:\windows\system32\hqrotx.exe
    c:\windows\system32\hsodx.exe
    c:\windows\system32\hterve.exe
    c:\windows\system32\htervv.exe
    c:\windows\system32\htervw.exe
    c:\windows\system32\htervx.exe
    c:\windows\system32\htixg.exe
    c:\windows\system32\htixv.exe
    c:\windows\system32\hulme.exe
    c:\windows\system32\hulmu.exe
    c:\windows\system32\hulmw.exe
    c:\windows\system32\hulmx.exe
    c:\windows\system32\hweryg.exe
    c:\windows\system32\hweryh.exe
    c:\windows\system32\hweryw.exe
    c:\windows\system32\hweryx.exe
    c:\windows\system32\ibegew.exe
    c:\windows\system32\ibegex.exe
    c:\windows\system32\ibegey.exe
    c:\windows\system32\ifini.exe
    c:\windows\system32\iqroth.exe
    c:\windows\system32\iqroti.exe
    c:\windows\system32\iqrotx.exe
    c:\windows\system32\iqroty.exe
    c:\windows\system32\isody.exe
    c:\windows\system32\itervx.exe
    c:\windows\system32\itervy.exe
    c:\windows\system32\itixt.exe
    c:\windows\system32\iulmi.exe
    c:\windows\system32\iulmx.exe
    c:\windows\system32\iulmy.exe
    c:\windows\system32\iweryg.exe
    c:\windows\system32\iweryh.exe
    c:\windows\system32\iweryx.exe
    c:\windows\system32\iweryy.exe
    c:\windows\system32\jbegef.exe
    c:\windows\system32\jbegew.exe
    c:\windows\system32\jbegex.exe
    c:\windows\system32\jbegey.exe
    c:\windows\system32\jbegez.exe
    c:\windows\system32\jfini.exe
    c:\windows\system32\jfinj.exe
    c:\windows\system32\jfiny.exe
    c:\windows\system32\jfinz.exe
    c:\windows\system32\jqroti.exe
    c:\windows\system32\jqroty.exe
    c:\windows\system32\jqrotz.exe
    c:\windows\system32\jsodj.exe
    c:\windows\system32\jtervf.exe
    c:\windows\system32\jtervz.exe
    c:\windows\system32\julmy.exe
    c:\windows\system32\julmz.exe
    c:\windows\system32\jweryg.exe
    c:\windows\system32\jweryh.exe
    c:\windows\system32\jweryx.exe
    c:\windows\system32\jweryy.exe
    c:\windows\system32\jweryz.exe
    c:\windows\system32\kbegef.exe
    c:\windows\system32\kbegeg.exe
    c:\windows\system32\kbegej.exe
    c:\windows\system32\kbegek.exe
    c:\windows\system32\kfini.exe
    c:\windows\system32\kfinj.exe
    c:\windows\system32\kfink.exe
    c:\windows\system32\kfinr.exe
    c:\windows\system32\kfinz.exe
    c:\windows\system32\kqroti.exe
    c:\windows\system32\kqrotj.exe
    c:\windows\system32\kqrotk.exe
    c:\windows\system32\kqrotz.exe
    c:\windows\system32\ksodj.exe .. failed to delete
    c:\windows\system32\ksodk.exe
    c:\windows\system32\ksodz.exe
    c:\windows\system32\ktervf.exe
    c:\windows\system32\ktervj.exe
    c:\windows\system32\ktervy.exe
    c:\windows\system32\ktixh.exe
    c:\windows\system32\ktixk.exe
    c:\windows\system32\kulmz.exe
    c:\windows\system32\kweryh.exe
    c:\windows\system32\kweryj.exe
    c:\windows\system32\kweryk.exe
    c:\windows\system32\kweryp.exe
    c:\windows\system32\kweryy.exe
    c:\windows\system32\kweryz.exe
    c:\windows\system32\lbegeg.exe
    c:\windows\system32\lbegek.exe
    c:\windows\system32\lbegel.exe
    c:\windows\system32\lfini.exe
    c:\windows\system32\lfinj.exe
    c:\windows\system32\lfink.exe
    c:\windows\system32\lfinl.exe
    c:\windows\system32\lfinz.exe
    c:\windows\system32\lqroti.exe
    c:\windows\system32\lqrotj.exe
    c:\windows\system32\lqrotk.exe
    c:\windows\system32\lqrotl.exe
    c:\windows\system32\lqroty.exe
    c:\windows\system32\lsodj.exe
    c:\windows\system32\lsodk.exe
    c:\windows\system32\lsodl.exe
    c:\windows\system32\lsods.exe
    c:\windows\system32\ltixk.exe
    c:\windows\system32\ltixl.exe
    c:\windows\system32\lulmk.exe
    c:\windows\system32\lulml.exe
    c:\windows\system32\lulmt.exe
    c:\windows\system32\lweryh.exe
    c:\windows\system32\lweryk.exe
    c:\windows\system32\lweryx.exe
    c:\windows\system32\mbegel.exe
    c:\windows\system32\mfinj.exe
    c:\windows\system32\mfinl.exe
    c:\windows\system32\mfinm.exe
    c:\windows\system32\mfinz.exe
    c:\windows\system32\mqroti.exe
    c:\windows\system32\mqrotj.exe
    c:\windows\system32\mqrotl.exe
    c:\windows\system32\mqroty.exe
    c:\windows\system32\msodj.exe
    c:\windows\system32\msodk.exe
    c:\windows\system32\msodl.exe
    c:\windows\system32\msodm.exe
    c:\windows\system32\mtervl.exe
    c:\windows\system32\mtervm.exe
    c:\windows\system32\mtixk.exe
    c:\windows\system32\mtixl.exe
    c:\windows\system32\mtixt.exe
    c:\windows\system32\mulml.exe
    c:\windows\system32\mulmm.exe
    c:\windows\system32\mulmu.exe
    c:\windows\system32\mweryl.exe
    c:\windows\system32\mweryx.exe
    c:\windows\system32\nbegen.exe
    c:\windows\system32\nfinm.exe
    c:\windows\system32\nfinz.exe
    c:\windows\system32\nqroth.exe
    c:\windows\system32\nqrotm.exe
    c:\windows\system32\nsodj.exe
    c:\windows\system32\nsodk.exe
    c:\windows\system32\nsodm.exe
    c:\windows\system32\nsodn.exe
    c:\windows\system32\ntervm.exe
    c:\windows\system32\ntervn.exe
    c:\windows\system32\ntervw.exe
    c:\windows\system32\ntixk.exe
    c:\windows\system32\ntixl.exe
    c:\windows\system32\ntixm.exe
    c:\windows\system32\ntixn.exe
    c:\windows\system32\nulml.exe
    c:\windows\system32\nulmm.exe
    c:\windows\system32\nulmn.exe
    c:\windows\system32\nwerym.exe
    c:\windows\system32\obegen.exe
    c:\windows\system32\obegeo.exe
    c:\windows\system32\oqrotn.exe
    c:\windows\system32\osodk.exe
    c:\windows\system32\osodl.exe
    c:\windows\system32\osodn.exe
    c:\windows\system32\osodo.exe
    c:\windows\system32\otervm.exe
    c:\windows\system32\otervn.exe
    c:\windows\system32\otixl.exe
    c:\windows\system32\otixn.exe
    c:\windows\system32\otixo.exe
    c:\windows\system32\oulml.exe
    c:\windows\system32\oulmm.exe
    c:\windows\system32\oulmn.exe
    c:\windows\system32\oulmo.exe
    c:\windows\system32\oweryn.exe
    c:\windows\system32\oweryo.exe
    c:\windows\system32\pbegen.exe
    c:\windows\system32\pbegeo.exe
    c:\windows\system32\pbegep.exe
    c:\windows\system32\pbegex.exe
    c:\windows\system32\psodk.exe
    c:\windows\system32\ptervm.exe
    c:\windows\system32\ptervn.exe
    c:\windows\system32\ptervo.exe
    c:\windows\system32\ptervp.exe
    c:\windows\system32\ptixk.exe
    c:\windows\system32\ptixl.exe
    c:\windows\system32\ptixo.exe
    c:\windows\system32\ptixp.exe
    c:\windows\system32\pulml.exe
    c:\windows\system32\pulmm.exe
    c:\windows\system32\pulmn.exe
    c:\windows\system32\pulmo.exe
    c:\windows\system32\pweryo.exe
    c:\windows\system32\pweryp.exe
    c:\windows\system32\qbegen.exe
    c:\windows\system32\qbegeo.exe
    c:\windows\system32\qbegep.exe
    c:\windows\system32\qbegeq.exe
    c:\windows\system32\qfina.exe
    c:\windows\system32\qqrota.exe
    c:\windows\system32\qqrotp.exe
    c:\windows\system32\qqrotq.exe
    c:\windows\system32\qtervn.exe
    c:\windows\system32\qtervp.exe
    c:\windows\system32\qtervq.exe
    c:\windows\system32\qulmm.exe
    c:\windows\system32\qulmp.exe
    c:\windows\system32\qweryo.exe
    c:\windows\system32\qweryp.exe
    c:\windows\system32\qweryq.exe
    c:\windows\system32\rbegea.exe
    c:\windows\system32\rbegeo.exe
    c:\windows\system32\rbegep.exe
    c:\windows\system32\rbegeq.exe
    c:\windows\system32\rbeger.exe
    c:\windows\system32\rfina.exe
    c:\windows\system32\rfinb.exe
    c:\windows\system32\rfinr.exe
    c:\windows\system32\rqrota.exe
    c:\windows\system32\rqrotb.exe
    c:\windows\system32\rqrotq.exe
    c:\windows\system32\rqrotr.exe
    c:\windows\system32\rsodb.exe
    c:\windows\system32\rtervn.exe
    c:\windows\system32\rtervo.exe
    c:\windows\system32\rtervq.exe
    c:\windows\system32\rulmr.exe
    c:\windows\system32\rweryg.exe
    c:\windows\system32\rweryo.exe
    c:\windows\system32\rweryp.exe
    c:\windows\system32\rweryq.exe
    c:\windows\system32\rweryr.exe
    c:\windows\system32\sbegen.exe
    c:\windows\system32\sbegeo.exe
    c:\windows\system32\sbegep.exe
    c:\windows\system32\sbeger.exe
    c:\windows\system32\sfina.exe
    c:\windows\system32\sfinb.exe
    c:\windows\system32\sfinr.exe
    c:\windows\system32\sfins.exe
    c:\windows\system32\sqrota.exe
    c:\windows\system32\sqrotb.exe
    c:\windows\system32\sqrotq.exe
    c:\windows\system32\sqrotr.exe
    c:\windows\system32\sqrots.exe
    c:\windows\system32\ssodb.exe
    c:\windows\system32\ssodc.exe
    c:\windows\system32\ssodr.exe
    c:\windows\system32\ssods.exe
    c:\windows\system32\stervr.exe
    c:\windows\system32\stervs.exe
    c:\windows\system32\stixc.exe
    c:\windows\system32\stixs.exe
    c:\windows\system32\sweryk.exe
    c:\windows\system32\sweryp.exe
    c:\windows\system32\sweryq.exe
    c:\windows\system32\sweryr.exe
    c:\windows\system32\swerys.exe
    c:\windows\system32\tfina.exe
    c:\windows\system32\tfinb.exe
    c:\windows\system32\tfinc.exe
    c:\windows\system32\tfinr.exe
    c:\windows\system32\tfins.exe
    c:\windows\system32\tfint.exe
    c:\windows\system32\tqrota.exe
    c:\windows\system32\tqrotq.exe
    c:\windows\system32\tqrotr.exe
    c:\windows\system32\tqrots.exe
    c:\windows\system32\tqrott.exe
    c:\windows\system32\tsodb.exe
    c:\windows\system32\tsodc.exe
    c:\windows\system32\tsodt.exe
    c:\windows\system32\ttervn.exe
    c:\windows\system32\ttixc.exe
    c:\windows\system32\ttixd.exe
    c:\windows\system32\ttixs.exe
    c:\windows\system32\ttixt.exe
    c:\windows\system32\tulmd.exe
    c:\windows\system32\tweryp.exe
    c:\windows\system32\tweryq.exe
    c:\windows\system32\twerys.exe
    c:\windows\system32\ufina.exe
    c:\windows\system32\ufinb.exe
    c:\windows\system32\ufins.exe
    c:\windows\system32\ufint.exe
    c:\windows\system32\uqrota.exe
    c:\windows\system32\uqrots.exe
    c:\windows\system32\uqrott.exe
    c:\windows\system32\usodc.exe
    c:\windows\system32\usods.exe
    c:\windows\system32\usodt.exe
    c:\windows\system32\usodu.exe
    c:\windows\system32\uterve.exe
    c:\windows\system32\utixd.exe
    c:\windows\system32\utixt.exe
    c:\windows\system32\utixu.exe
    c:\windows\system32\uulmd.exe
    c:\windows\system32\uulme.exe
    c:\windows\system32\uulmt.exe
    c:\windows\system32\uulmu.exe
    c:\windows\system32\uweryp.exe
    c:\windows\system32\uweryt.exe
    c:\windows\system32\uweryu.exe
    c:\windows\system32\vbeger.exe
    c:\windows\system32\vfinr.exe
    c:\windows\system32\vfinu.exe
    c:\windows\system32\vsodb.exe
    c:\windows\system32\vsods.exe
    c:\windows\system32\vsodu.exe
    c:\windows\system32\vsodv.exe
    c:\windows\system32\vterve.exe
    c:\windows\system32\vtervf.exe
    c:\windows\system32\vtervu.exe
    c:\windows\system32\vtervv.exe
    c:\windows\system32\vtixc.exe
    c:\windows\system32\vtixt.exe
    c:\windows\system32\vtixv.exe
    c:\windows\system32\vulmd.exe
    c:\windows\system32\vulme.exe
    c:\windows\system32\vulmf.exe
    c:\windows\system32\vulmn.exe
    c:\windows\system32\vulmu.exe
    c:\windows\system32\vulmv.exe
    c:\windows\system32\vweryu.exe
    c:\windows\system32\wbegeg.exe
    c:\windows\system32\wbegev.exe
    c:\windows\system32\wbegew.exe
    c:\windows\system32\wqrotq.exe
    c:\windows\system32\wqrotw.exe
    c:\windows\system32\wsodv.exe
    c:\windows\system32\wsodw.exe
    c:\windows\system32\wterve.exe
    c:\windows\system32\wtervf.exe
    c:\windows\system32\wtervv.exe
    c:\windows\system32\wtervw.exe
    c:\windows\system32\wtixt.exe
    c:\windows\system32\wtixv.exe
    c:\windows\system32\wtixw.exe
    c:\windows\system32\wulmd.exe
    c:\windows\system32\wulme.exe
    c:\windows\system32\wulmu.exe
    c:\windows\system32\wulmv.exe
    c:\windows\system32\wulmw.exe
    c:\windows\system32\xbegef.exe
    c:\windows\system32\xbegeg.exe
    c:\windows\system32\xbegew.exe
    c:\windows\system32\xbegex.exe
    c:\windows\system32\xfinx.exe
    c:\windows\system32\xterve.exe
    c:\windows\system32\xtervf.exe
    c:\windows\system32\xtervg.exe
    c:\windows\system32\xtervv.exe
    c:\windows\system32\xtervw.exe
    c:\windows\system32\xtervx.exe
    c:\windows\system32\xtixd.exe
    c:\windows\system32\xtixt.exe
    c:\windows\system32\xtixu.exe
    c:\windows\system32\xtixw.exe
    c:\windows\system32\xulme.exe
    c:\windows\system32\xulmm.exe
    c:\windows\system32\xulmu.exe
    c:\windows\system32\xulmw.exe
    c:\windows\system32\xulmx.exe
    c:\windows\system32\xweryg.exe
    c:\windows\system32\xweryh.exe
    c:\windows\system32\xweryw.exe
    c:\windows\system32\xweryx.exe
    c:\windows\system32\ybegef.exe
    c:\windows\system32\ybegeg.exe
    c:\windows\system32\ybegew.exe
    c:\windows\system32\ybegex.exe
    c:\windows\system32\ybegey.exe
    c:\windows\system32\yqroth.exe
    c:\windows\system32\yqroti.exe
    c:\windows\system32\yqroty.exe
    c:\windows\system32\ytervf.exe
    c:\windows\system32\ytervx.exe
    c:\windows\system32\ytervy.exe
    c:\windows\system32\ytixh.exe
    c:\windows\system32\ytixt.exe
    c:\windows\system32\ytixx.exe
    c:\windows\system32\yulmx.exe
    c:\windows\system32\yweryg.exe
    c:\windows\system32\yweryh.exe
    c:\windows\system32\yweryi.exe
    c:\windows\system32\yweryx.exe
    c:\windows\system32\yweryy.exe
    c:\windows\system32\zbegeg.exe
    c:\windows\system32\zbegeh.exe
    c:\windows\system32\zbegex.exe
    c:\windows\system32\zbegey.exe
    c:\windows\system32\zbegez.exe
    c:\windows\system32\zfini.exe
    c:\windows\system32\zfinj.exe
    c:\windows\system32\zfiny.exe
    c:\windows\system32\zfinz.exe
    c:\windows\system32\zqroti.exe
    c:\windows\system32\zqrotj.exe
    c:\windows\system32\zqrotw.exe
    c:\windows\system32\zqroty.exe
    c:\windows\system32\zqrotz.exe
    c:\windows\system32\zsodc.exe
    c:\windows\system32\zsodx.exe
    c:\windows\system32\zsody.exe
    c:\windows\system32\ztervf.exe
    c:\windows\system32\ztervv.exe
    c:\windows\system32\ztervw.exe
    c:\windows\system32\ztervy.exe
    c:\windows\system32\zulmy.exe
    c:\windows\system32\zulmz.exe
    c:\windows\system32\zweryh.exe
    c:\windows\system32\zweryi.exe
    c:\windows\system32\zweryx.exe
    c:\windows\system32\zweryy.exe
    c:\windows\system32\zweryz.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-21 to 2011-11-21 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-21 14:15 . 2011-11-21 16:29 33280 ----a-w- c:\windows\system32\ksodj.exe
    2011-11-07 21:28 . 2011-11-07 21:28 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-25 09:24 . 2011-06-02 08:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-07 06:23 . 2010-09-07 02:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2011-10-04 06:21 . 2010-08-19 20:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
    2011-09-13 05:30 . 2010-09-07 02:48 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2011-08-31 17:00 . 2011-07-30 15:46 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-02-04 15:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IE New Window Maximizer"="c:\program files\IE New Window Maximizer\iemaximizer.exe" [2005-02-08 356352]
    "PopUpStopperFreeEdition"="c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe" [2003-04-29 524288]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-04 68856]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SiSPower"="SiSPower.dll" [2005-05-26 49152]
    "IconixOEAddOn"="c:\program files\Iconix\OEAddOn\OEdmn_6.exe" [2010-03-04 342872]
    "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
    "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-24 2415456]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]
    .
    c:\documents and settings\Lesley\Start Menu\Programs\Startup\
    SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk
    backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
    backup=c:\windows\pss\Google Updater.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
    backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
    backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
    backup=c:\windows\pss\Office Startup.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Photo Loader supervisory.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Photo Loader supervisory.lnk
    backup=c:\windows\pss\Photo Loader supervisory.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TextBridge Instant Access OCR.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TextBridge Instant Access OCR.lnk
    backup=c:\windows\pss\TextBridge Instant Access OCR.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Lesley^Start Menu^Programs^Startup^Lotus QuickStart.lnk]
    path=c:\documents and settings\Lesley\Start Menu\Programs\Startup\Lotus QuickStart.lnk
    backup=c:\windows\pss\Lotus QuickStart.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Lesley^Start Menu^Programs^Startup^Lotus SmartSuite 97 Registration.lnk]
    path=c:\documents and settings\Lesley\Start Menu\Programs\Startup\Lotus SmartSuite 97 Registration.lnk
    backup=c:\windows\pss\Lotus SmartSuite 97 Registration.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Lesley^Start Menu^Programs^Startup^Watch.lnk]
    path=c:\documents and settings\Lesley\Start Menu\Programs\Startup\Watch.lnk
    backup=c:\windows\pss\Watch.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Lesley^Start Menu^Programs^Startup^Winter Fun Wallpaper Changer.lnk]
    path=c:\documents and settings\Lesley\Start Menu\Programs\Startup\Winter Fun Wallpaper Changer.lnk
    backup=c:\windows\pss\Winter Fun Wallpaper Changer.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    2005-06-06 22:46 57344 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLSTATEXE]
    2004-05-27 11:07 1659050 ------w- c:\program files\Voyager 105 ADSL Modem\DSLSTAT.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-09-21 15:36 305440 -c--a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
    2008-02-29 02:12 76304 -c--a-w- c:\windows\KHALMNPR.Exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
    2008-02-29 02:12 76304 -c--a-w- c:\windows\KHALMNPR.Exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    2008-08-21 01:18 443968 -c--a-w- c:\program files\Picasa2\PicasaMediaDetector.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-09-05 00:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 16:07 2260480 -csha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "aawservice"=2 (0x2)
    "iPod Service"=3 (0x3)
    "CiSvc"=3 (0x3)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
    "ctfmon.exe"=c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirewallOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
    "c:\\Program Files\\NWBusinessSoftware\\MyBusiness.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
    "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 15:27 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 02:48 32592]
    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [07/11/2011 21:28 56208]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 02:48 230608]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07/09/2010 02:49 295248]
    R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [25/02/2010 13:10 390528]
    R1 RapportCerberus_32301;RapportCerberus_32301;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys [07/11/2011 21:30 227312]
    R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [07/11/2011 21:28 71440]
    R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [07/11/2011 21:28 164112]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02/08/2011 05:09 192776]
    R2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [27/09/2010 07:13 1737464]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [30/07/2011 15:46 366152]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [07/11/2011 21:28 931640]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 20:42 134608]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 20:42 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 20:42 16720]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [30/07/2011 15:46 22216]
    R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [08/08/2011 08:16 21520]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 06:25 4433248]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31/12/2009 13:45 135664]
    S2 IconixService;Iconix Update Service;c:\program files\Common Files\Iconix\IconixService.exe [31/07/2008 21:57 283992]
    S2 tsods;NVIDIA Display Srv;c:\windows\system32\tsods.exe --> c:\windows\system32\tsods.exe [?]
    S3 FXDRV;FXDRV;c:\program files\SuperUtility\Fxdrv.sys [10/01/2006 10:34 13440]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [31/12/2009 13:45 135664]
    S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [27/09/2010 07:11 100736]
    S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [27/09/2010 07:02 102656]
    S3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows\system32\drivers\hmvmdm.sys [13/10/2008 14:01 101120]
    S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?]
    S3 SiSV;SiSV;c:\windows\system32\drivers\SiSV.sys [27/11/2005 13:11 50432]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ASWMBR
    *NewlyCreated* - RAPPORTIASO
    *Deregistered* - aswMBR
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-10-31 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
    .
    2011-11-21 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-08 07:58]
    .
    2011-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 13:44]
    .
    2011-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 13:44]
    .
    2011-11-21 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2010-02-04 15:50]
    .
    2011-11-21 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
    - c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2004-05-12 13:45]
    .
    2011-11-21 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
    - c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-10-22 12:39]
    .
    2011-11-20 c:\windows\Tasks\User_Feed_Synchronization-{3B4C8217-2FF3-49BA-A069-7CAF273E4C52}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 04:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://search.msn.co.uk/previewx.aspx?q={searchTerms}&FORM=CBPW&first=1&noredir=1
    uStart Page = hxxp://www.google.co.uk/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {{88E50F1D-4790-4C6B-BEE3-D54E46B6EEF6} - c:\windows\acezlink.htm
    TCP: DhcpNameServer = 192.168.0.1
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    DPF: ADVFN 4v4
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-DataLayer - c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe
    MSConfigStartUp-DSLAGENTEXE - c:\program files\Voyager 105 ADSL Modem\dslagent.exe
    MSConfigStartUp-InCD - c:\program files\Ahead\InCD\InCD.exe
    MSConfigStartUp-PCSuiteTrayApplication - c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    MSConfigStartUp-PcSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
    MSConfigStartUp-SmcService - c:\progra~1\Sygate\SPF\smc.exe
    MSConfigStartUp-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    MSConfigStartUp-SpeedItUpEX - c:\program files\Speeditup Free\SpeedItUp.exe
    MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-21 16:39
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1292428093-1303643608-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(760)
    c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
    c:\program files\common files\logitech\bluetooth\LBTServ.dll
    c:\windows\system32\msacm32.drv
    .
    - - - - - - - > 'lsass.exe'(820)
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'csrss.exe'(736)
    c:\windows\system32\WININET.dll
    .
    Completion time: 2011-11-21 16:44:23
    ComboFix-quarantined-files.txt 2011-11-21 16:44
    .
    Pre-Run: 2,578,542,592 bytes free
    Post-Run: 3,067,416,576 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
    .
    - - End Of File - - 5D64B184322CFD8A35E333C2DB0053DF
     
  6. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi OverTheHill62,

    • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
      Code:
      DDS:: 
      uStart Page = hxxp://www.google.co.uk/
      BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
      BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
      TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
      TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
      DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089}
      DPF: {16095503-786F-4097-AED6-5D567A26D760}
      DPF: {474F00F5-3853-492C-AC3A-476512BBC336}
      DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166}
      DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539}
      DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
      DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38}
      DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
      
      File::
      c:\windows\system32\ksodj.exe
      c:\program files\Ask.com\GenericAskToolbar.dll
      c:\program files\Ask.com\UpdateTask.exe
      
      Registry::
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
      [-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
      [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
      [-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
      [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
      "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
      
    • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

      [​IMG]
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
    ----------
     
  7. OverTheHill62

    OverTheHill62 Thread Starter

    Joined:
    Nov 20, 2011
    Messages:
    48
    ComboFix 11-11-21.01 - Lesley 21/11/2011 20:53:38.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2014.1176 [GMT 0:00]
    Running from: c:\documents and settings\Lesley\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Lesley\Desktop\CFScript.txt
    .
    FILE ::
    "c:\program files\Ask.com\GenericAskToolbar.dll"
    "c:\program files\Ask.com\UpdateTask.exe"
    "c:\windows\system32\ksodj.exe"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ----- File Replicators -----
    .
    c:\windows\system32\afina.exe
    c:\windows\system32\bfina.exe
    c:\windows\system32\bfinb.exe
    c:\windows\system32\bfinq.exe
    c:\windows\system32\bfinr.exe
    c:\windows\system32\bqrotq.exe
    c:\windows\system32\bqrotr.exe
    c:\windows\system32\bsodb.exe
    c:\windows\system32\cfinr.exe
    c:\windows\system32\cfins.exe
    c:\windows\system32\csodb.exe
    c:\windows\system32\csodc.exe
    c:\windows\system32\csodr.exe
    c:\windows\system32\csods.exe
    c:\windows\system32\ctixc.exe
    c:\windows\system32\dsods.exe
    c:\windows\system32\dsodt.exe
    c:\windows\system32\dtixc.exe
    c:\windows\system32\dtixd.exe
    c:\windows\system32\dtixs.exe
    c:\windows\system32\dtixt.exe
    c:\windows\system32\dulmd.exe
    c:\windows\system32\eterve.exe
    c:\windows\system32\etixd.exe
    c:\windows\system32\etixt.exe
    c:\windows\system32\etixu.exe
    c:\windows\system32\eulmd.exe
    c:\windows\system32\eulme.exe
    c:\windows\system32\eulmt.exe
    c:\windows\system32\eulmu.exe
    c:\windows\system32\fbegef.exe
    c:\windows\system32\fterve.exe
    c:\windows\system32\ftervf.exe
    c:\windows\system32\ftervu.exe
    c:\windows\system32\ftervv.exe
    c:\windows\system32\fulmu.exe
    c:\windows\system32\gbegef.exe
    c:\windows\system32\gbegeg.exe
    c:\windows\system32\gbegev.exe
    c:\windows\system32\gbegew.exe
    c:\windows\system32\gterve.exe
    c:\windows\system32\gtervf.exe
    c:\windows\system32\gtervu.exe
    c:\windows\system32\gtervv.exe
    c:\windows\system32\gtervw.exe
    c:\windows\system32\gweryg.exe
    c:\windows\system32\hbegew.exe
    c:\windows\system32\hqroth.exe
    c:\windows\system32\hterve.exe
    c:\windows\system32\hweryh.exe
    c:\windows\system32\hweryw.exe
    c:\windows\system32\hweryx.exe
    c:\windows\system32\ifini.exe
    c:\windows\system32\iqroth.exe
    c:\windows\system32\iqroti.exe
    c:\windows\system32\iqrotx.exe
    c:\windows\system32\iqroty.exe
    c:\windows\system32\iweryh.exe
    c:\windows\system32\iweryx.exe
    c:\windows\system32\iweryy.exe
    c:\windows\system32\jfinj.exe
    c:\windows\system32\jfinz.exe
    c:\windows\system32\jqroti.exe
    c:\windows\system32\jqroty.exe
    c:\windows\system32\jqrotz.exe
    c:\windows\system32\jsodj.exe
    c:\windows\system32\jweryz.exe
    c:\windows\system32\kfinj.exe
    c:\windows\system32\kfink.exe
    c:\windows\system32\kfinz.exe
    c:\windows\system32\kqrotk.exe
    c:\windows\system32\kqrotz.exe
    c:\windows\system32\ksodj.exe
    c:\windows\system32\ksodk.exe
    c:\windows\system32\ktixk.exe
    c:\windows\system32\lbegef.exe
    c:\windows\system32\lfinj.exe
    c:\windows\system32\lfinz.exe
    c:\windows\system32\lqroti.exe
    c:\windows\system32\lsodj.exe
    c:\windows\system32\lsodk.exe
    c:\windows\system32\lsodl.exe
    c:\windows\system32\ltixk.exe
    c:\windows\system32\ltixl.exe
    c:\windows\system32\lulml.exe
    c:\windows\system32\msodk.exe
    c:\windows\system32\msodl.exe
    c:\windows\system32\mtervm.exe
    c:\windows\system32\mtixk.exe
    c:\windows\system32\mtixl.exe
    c:\windows\system32\mtixm.exe
    c:\windows\system32\mulml.exe
    c:\windows\system32\mulmm.exe
    c:\windows\system32\nbegen.exe
    c:\windows\system32\ntervm.exe
    c:\windows\system32\ntervn.exe
    c:\windows\system32\ntixl.exe
    c:\windows\system32\ntixm.exe
    c:\windows\system32\nulml.exe
    c:\windows\system32\nulmm.exe
    c:\windows\system32\nulmn.exe
    c:\windows\system32\obegen.exe
    c:\windows\system32\obegeo.exe
    c:\windows\system32\otervm.exe
    c:\windows\system32\otervn.exe
    c:\windows\system32\otervo.exe
    c:\windows\system32\otixn.exe
    c:\windows\system32\oulmm.exe
    c:\windows\system32\pbegen.exe
    c:\windows\system32\pbegeo.exe
    c:\windows\system32\ptervn.exe
    c:\windows\system32\ptervo.exe
    c:\windows\system32\pweryo.exe
    c:\windows\system32\pweryp.exe
    c:\windows\system32\qbegeo.exe
    c:\windows\system32\qfina.exe
    c:\windows\system32\qqrotp.exe
    c:\windows\system32\qqrotq.exe
    c:\windows\system32\qweryo.exe
    c:\windows\system32\qweryp.exe
    c:\windows\system32\qweryq.exe
    c:\windows\system32\rfina.exe
    c:\windows\system32\rfinb.exe
    c:\windows\system32\rfinr.exe
    c:\windows\system32\rqrota.exe
    c:\windows\system32\rqrotq.exe
    c:\windows\system32\rqrotr.exe
    c:\windows\system32\rsodb.exe
    c:\windows\system32\rweryp.exe
    c:\windows\system32\rweryq.exe
    c:\windows\system32\sfinr.exe
    c:\windows\system32\sfins.exe
    c:\windows\system32\sqrotr.exe
    c:\windows\system32\ssodb.exe
    c:\windows\system32\ssodc.exe
    c:\windows\system32\ssods.exe
    c:\windows\system32\stixc.exe
    c:\windows\system32\tfinb.exe
    c:\windows\system32\tfins.exe
    c:\windows\system32\tsodb.exe
    c:\windows\system32\tsodc.exe
    c:\windows\system32\tsodt.exe
    c:\windows\system32\ttixc.exe
    c:\windows\system32\ttixd.exe
    c:\windows\system32\ttixs.exe
    c:\windows\system32\ttixt.exe
    c:\windows\system32\tulmd.exe
    c:\windows\system32\usodt.exe
    c:\windows\system32\usodu.exe
    c:\windows\system32\utixd.exe
    c:\windows\system32\utixt.exe .. failed to delete
    c:\windows\system32\utixu.exe
    c:\windows\system32\uulmd.exe
    c:\windows\system32\uulme.exe
    c:\windows\system32\uulmu.exe
    c:\windows\system32\vsodd.exe
    c:\windows\system32\vtervf.exe
    c:\windows\system32\vtervv.exe
    c:\windows\system32\vtixu.exe
    c:\windows\system32\vulme.exe
    c:\windows\system32\vulmu.exe
    c:\windows\system32\vulmv.exe
    c:\windows\system32\wbegef.exe
    c:\windows\system32\wbegeg.exe
    c:\windows\system32\wbegew.exe
    c:\windows\system32\wtervf.exe
    c:\windows\system32\wtervg.exe
    c:\windows\system32\wtervv.exe
    c:\windows\system32\wtervw.exe
    c:\windows\system32\wulme.exe
    c:\windows\system32\wulmv.exe
    c:\windows\system32\xbegeg.exe
    c:\windows\system32\xbegew.exe
    c:\windows\system32\xbegex.exe
    c:\windows\system32\xtervg.exe
    c:\windows\system32\xtervv.exe
    c:\windows\system32\xtervw.exe
    c:\windows\system32\xulmw.exe
    c:\windows\system32\xweryg.exe
    c:\windows\system32\xweryh.exe
    c:\windows\system32\xweryx.exe
    c:\windows\system32\ybegew.exe
    c:\windows\system32\ybegex.exe
    c:\windows\system32\yqroti.exe
    c:\windows\system32\yweryg.exe
    c:\windows\system32\yweryh.exe
    c:\windows\system32\yweryx.exe
    c:\windows\system32\yweryy.exe
    c:\windows\system32\zfinj.exe
    c:\windows\system32\zqroti.exe
    c:\windows\system32\zqroty.exe
    c:\windows\system32\zqrotz.exe
    c:\windows\system32\ztervy.exe
    c:\windows\system32\zweryy.exe
    c:\windows\system32\zweryz.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-21 to 2011-11-21 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-21 17:05 . 2011-11-21 21:04 33280 ----a-w- c:\windows\system32\utixt.exe
    2011-11-07 21:28 . 2011-11-07 21:28 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-25 09:24 . 2011-06-02 08:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-07 06:23 . 2010-09-07 02:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2011-10-04 06:21 . 2010-08-19 20:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
    2011-09-13 05:30 . 2010-09-07 02:48 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2011-08-31 17:00 . 2011-07-30 15:46 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IE New Window Maximizer"="c:\program files\IE New Window Maximizer\iemaximizer.exe" [2005-02-08 356352]
    "PopUpStopperFreeEdition"="c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe" [2003-04-29 524288]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-04 68856]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SiSPower"="SiSPower.dll" [2005-05-26 49152]
    "IconixOEAddOn"="c:\program files\Iconix\OEAddOn\OEdmn_6.exe" [2010-03-04 342872]
    "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
    "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-24 2415456]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]
    .
    c:\documents and settings\Lesley\Start Menu\Programs\Startup\
    SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk
    backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
    backup=c:\windows\pss\Google Updater.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
    backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
    backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
    backup=c:\windows\pss\Office Startup.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Photo Loader supervisory.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Photo Loader supervisory.lnk
    backup=c:\windows\pss\Photo Loader supervisory.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TextBridge Instant Access OCR.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TextBridge Instant Access OCR.lnk
    backup=c:\windows\pss\TextBridge Instant Access OCR.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Lesley^Start Menu^Programs^Startup^Lotus QuickStart.lnk]
    path=c:\documents and settings\Lesley\Start Menu\Programs\Startup\Lotus QuickStart.lnk
    backup=c:\windows\pss\Lotus QuickStart.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Lesley^Start Menu^Programs^Startup^Lotus SmartSuite 97 Registration.lnk]
    path=c:\documents and settings\Lesley\Start Menu\Programs\Startup\Lotus SmartSuite 97 Registration.lnk
    backup=c:\windows\pss\Lotus SmartSuite 97 Registration.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Lesley^Start Menu^Programs^Startup^Watch.lnk]
    path=c:\documents and settings\Lesley\Start Menu\Programs\Startup\Watch.lnk
    backup=c:\windows\pss\Watch.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Lesley^Start Menu^Programs^Startup^Winter Fun Wallpaper Changer.lnk]
    path=c:\documents and settings\Lesley\Start Menu\Programs\Startup\Winter Fun Wallpaper Changer.lnk
    backup=c:\windows\pss\Winter Fun Wallpaper Changer.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    2005-06-06 22:46 57344 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLSTATEXE]
    2004-05-27 11:07 1659050 ------w- c:\program files\Voyager 105 ADSL Modem\DSLSTAT.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-09-21 15:36 305440 -c--a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
    2008-02-29 02:12 76304 -c--a-w- c:\windows\KHALMNPR.Exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
    2008-02-29 02:12 76304 -c--a-w- c:\windows\KHALMNPR.Exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    2008-08-21 01:18 443968 -c--a-w- c:\program files\Picasa2\PicasaMediaDetector.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-09-05 00:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 16:07 2260480 -csha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "aawservice"=2 (0x2)
    "iPod Service"=3 (0x3)
    "CiSvc"=3 (0x3)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
    "ctfmon.exe"=c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirewallOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
    "c:\\Program Files\\NWBusinessSoftware\\MyBusiness.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
    "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 15:27 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 02:48 32592]
    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [07/11/2011 21:28 56208]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 02:48 230608]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07/09/2010 02:49 295248]
    R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [25/02/2010 13:10 390528]
    R1 RapportCerberus_32301;RapportCerberus_32301;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys [07/11/2011 21:30 227312]
    R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [07/11/2011 21:28 71440]
    R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [07/11/2011 21:28 164112]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02/08/2011 05:09 192776]
    R2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [27/09/2010 07:13 1737464]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [30/07/2011 15:46 366152]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [07/11/2011 21:28 931640]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 20:42 134608]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 20:42 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 20:42 16720]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [30/07/2011 15:46 22216]
    R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [08/08/2011 08:16 21520]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 06:25 4433248]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31/12/2009 13:45 135664]
    S2 IconixService;Iconix Update Service;c:\program files\Common Files\Iconix\IconixService.exe [31/07/2008 21:57 283992]
    S2 tsods;NVIDIA Display Srv;c:\windows\system32\tsods.exe --> c:\windows\system32\tsods.exe [?]
    S3 FXDRV;FXDRV;c:\program files\SuperUtility\Fxdrv.sys [10/01/2006 10:34 13440]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [31/12/2009 13:45 135664]
    S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [27/09/2010 07:11 100736]
    S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [27/09/2010 07:02 102656]
    S3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows\system32\drivers\hmvmdm.sys [13/10/2008 14:01 101120]
    S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?]
    S3 SiSV;SiSV;c:\windows\system32\drivers\SiSV.sys [27/11/2005 13:11 50432]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ASWMBR
    *NewlyCreated* - RAPPORTIASO
    *Deregistered* - aswMBR
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-10-31 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
    .
    2011-11-21 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-08 07:58]
    .
    2011-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 13:44]
    .
    2011-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 13:44]
    .
    2011-11-21 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2010-02-04 15:50]
    .
    2011-11-21 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
    - c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2004-05-12 13:45]
    .
    2011-11-21 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
    - c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-10-22 12:39]
    .
    2011-11-20 c:\windows\Tasks\User_Feed_Synchronization-{3B4C8217-2FF3-49BA-A069-7CAF273E4C52}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 04:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://search.msn.co.uk/previewx.aspx?q={searchTerms}&FORM=CBPW&first=1&noredir=1
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {{88E50F1D-4790-4C6B-BEE3-D54E46B6EEF6} - c:\windows\acezlink.htm
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    DPF: ADVFN 4v4
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-21 21:06
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1292428093-1303643608-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(760)
    c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
    c:\program files\common files\logitech\bluetooth\LBTServ.dll
    c:\windows\system32\msacm32.drv
    .
    - - - - - - - > 'lsass.exe'(820)
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(40296)
    c:\windows\system32\WININET.dll
    c:\program files\Iconix\OEAddOn\OEldr_7.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    - - - - - - - > 'csrss.exe'(736)
    c:\windows\system32\WININET.dll
    .
    Completion time: 2011-11-21 21:10:25
    ComboFix-quarantined-files.txt 2011-11-21 21:10
    ComboFix2.txt 2011-11-21 16:44
    .
    Pre-Run: 2,955,776,000 bytes free
    Post-Run: 3,009,851,392 bytes free
    .
    - - End Of File - - F95318E4197AE284474387D59F98014F
     
  8. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,887
    First Name:
    Frank
    OTH62:

    After Jeff is through with you, I'll be glad to assist you.

    Your computer has several programs and add-ons that need to be uninstalled, updated, or replaced.

    -------------------------------------------------------
     
  9. OverTheHill62

    OverTheHill62 Thread Starter

    Joined:
    Nov 20, 2011
    Messages:
    48
    OKflavallee. All help gratefully received. Lesley
     
  10. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi,

    Please download TDSSKiller.zip
    • Extract it to your desktop
    • Double click TDSSKiller.exe
    • Press Start Scan
      • Only if Malicious objects are found then ensure Cure is selected
      • Then click Continue > Reboot now
    • Copy and paste the log in your next reply
      • A copy of the log will be saved automatically to the root of the drive (typically C:\)
     
  11. OverTheHill62

    OverTheHill62 Thread Starter

    Joined:
    Nov 20, 2011
    Messages:
    48
    17:20:31.0671 4676 TDSS rootkit removing tool 2.6.20.0 Nov 22 2011 12:05:55
    17:20:33.0671 4676 ============================================================
    17:20:33.0687 4676 Current date / time: 2011/11/22 17:20:33.0671
    17:20:33.0687 4676 SystemInfo:
    17:20:33.0687 4676
    17:20:33.0687 4676 OS Version: 5.1.2600 ServicePack: 3.0
    17:20:33.0687 4676 Product type: Workstation
    17:20:33.0687 4676 ComputerName: SUPERGIRL
    17:20:33.0718 4676 UserName: Lesley
    17:20:33.0718 4676 Windows directory: C:\WINDOWS
    17:20:33.0718 4676 System windows directory: C:\WINDOWS
    17:20:33.0718 4676 Processor architecture: Intel x86
    17:20:33.0718 4676 Number of processors: 1
    17:20:33.0718 4676 Page size: 0x1000
    17:20:33.0750 4676 Boot type: Normal boot
    17:20:33.0750 4676 ============================================================
    17:20:36.0921 4676 Initialize success
    17:20:50.0171 2684 ============================================================
    17:20:50.0171 2684 Scan started
    17:20:50.0171 2684 Mode: Manual;
    17:20:50.0171 2684 ============================================================
    17:20:52.0187 2684 Abiosdsk - ok
    17:20:52.0703 2684 abp480n5 - ok
    17:20:53.0296 2684 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    17:20:53.0468 2684 ACPI - ok
    17:20:54.0000 2684 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    17:20:54.0046 2684 ACPIEC - ok
    17:20:54.0531 2684 adpu160m - ok
    17:20:55.0140 2684 aeaudio (9f59ae2de835641fbb0c6afd80d8fa9b) C:\WINDOWS\system32\drivers\aeaudio.sys
    17:20:55.0203 2684 aeaudio - ok
    17:20:55.0828 2684 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    17:20:55.0953 2684 aec - ok
    17:20:56.0468 2684 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    17:20:56.0531 2684 AegisP - ok
    17:20:57.0156 2684 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
    17:20:57.0406 2684 AFD - ok
    17:20:57.0921 2684 Aha154x - ok
    17:20:58.0421 2684 aic78u2 - ok
    17:20:58.0953 2684 aic78xx - ok
    17:20:59.0406 2684 AliIde - ok
    17:20:59.0953 2684 amsint - ok
    17:21:00.0453 2684 asc - ok
    17:21:00.0968 2684 asc3350p - ok
    17:21:01.0484 2684 asc3550 - ok
    17:21:02.0125 2684 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    17:21:02.0171 2684 AsyncMac - ok
    17:21:02.0828 2684 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    17:21:02.0859 2684 atapi - ok
    17:21:03.0343 2684 Atdisk - ok
    17:21:03.0765 2684 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    17:21:03.0875 2684 Atmarpc - ok
    17:21:04.0406 2684 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    17:21:04.0437 2684 audstub - ok
    17:21:05.0093 2684 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
    17:21:05.0156 2684 AVGIDSDriver - ok
    17:21:05.0703 2684 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
    17:21:05.0734 2684 AVGIDSEH - ok
    17:21:06.0281 2684 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
    17:21:06.0343 2684 AVGIDSFilter - ok
    17:21:06.0953 2684 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
    17:21:06.0984 2684 AVGIDSShim - ok
    17:21:07.0625 2684 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
    17:21:07.0687 2684 Avgldx86 - ok
    17:21:08.0234 2684 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
    17:21:08.0250 2684 Avgmfx86 - ok
    17:21:08.0796 2684 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
    17:21:08.0828 2684 Avgrkx86 - ok
    17:21:09.0359 2684 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
    17:21:09.0515 2684 Avgtdix - ok
    17:21:10.0015 2684 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
    17:21:10.0171 2684 BANTExt - ok
    17:21:10.0750 2684 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    17:21:10.0765 2684 Beep - ok
    17:21:11.0375 2684 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
    17:21:11.0515 2684 BVRPMPR5 - ok
    17:21:11.0796 2684 catchme - ok
    17:21:12.0375 2684 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    17:21:12.0687 2684 cbidf2k - ok
    17:21:13.0328 2684 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    17:21:13.0515 2684 CCDECODE - ok
    17:21:13.0984 2684 cd20xrnt - ok
    17:21:14.0515 2684 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    17:21:14.0546 2684 Cdaudio - ok
    17:21:15.0015 2684 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    17:21:15.0187 2684 Cdfs - ok
    17:21:15.0625 2684 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    17:21:15.0828 2684 Cdrom - ok
    17:21:16.0343 2684 Changer - ok
    17:21:16.0968 2684 CmdIde - ok
    17:21:17.0671 2684 Cpqarray - ok
    17:21:18.0281 2684 dac2w2k - ok
    17:21:18.0812 2684 dac960nt - ok
    17:21:19.0421 2684 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    17:21:19.0437 2684 Disk - ok
    17:21:20.0093 2684 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    17:21:20.0250 2684 dmboot - ok
    17:21:20.0921 2684 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    17:21:21.0046 2684 dmio - ok
    17:21:21.0562 2684 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    17:21:21.0640 2684 dmload - ok
    17:21:22.0234 2684 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    17:21:22.0484 2684 DMusic - ok
    17:21:23.0062 2684 dpti2o - ok
    17:21:23.0484 2684 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    17:21:23.0781 2684 drmkaud - ok
    17:21:24.0406 2684 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    17:21:24.0515 2684 Fastfat - ok
    17:21:25.0156 2684 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    17:21:25.0218 2684 Fdc - ok
    17:21:25.0859 2684 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    17:21:25.0921 2684 Fips - ok
    17:21:26.0437 2684 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    17:21:26.0453 2684 Flpydisk - ok
    17:21:27.0062 2684 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    17:21:27.0187 2684 FltMgr - ok
    17:21:27.0718 2684 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    17:21:27.0812 2684 Fs_Rec - ok
    17:21:28.0375 2684 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    17:21:28.0468 2684 Ftdisk - ok
    17:21:28.0609 2684 FXDRV (475ecccfd16edfad542eafab30e7109a) C:\Program Files\SuperUtility\Fxdrv.sys
    17:21:28.0812 2684 FXDRV - ok
    17:21:29.0359 2684 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
    17:21:29.0375 2684 gagp30kx - ok
    17:21:29.0921 2684 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    17:21:29.0937 2684 GEARAspiWDM - ok
    17:21:30.0359 2684 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    17:21:30.0546 2684 Gpc - ok
    17:21:31.0281 2684 hpn - ok
    17:21:31.0953 2684 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    17:21:32.0250 2684 HTTP - ok
    17:21:32.0859 2684 hwdatacard (20330198554b7ddb44403af21d6ae179) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
    17:21:32.0953 2684 hwdatacard - ok
    17:21:33.0484 2684 hwusbdev (922065957563d851b5a68b95aadac6ad) C:\WINDOWS\system32\DRIVERS\ewusbdev.sys
    17:21:33.0562 2684 hwusbdev - ok
    17:21:34.0109 2684 hwusbfake (9be5caeabc6b2eb98b3a4839a55d47a0) C:\WINDOWS\system32\DRIVERS\ewusbfake.sys
    17:21:34.0359 2684 hwusbfake - ok
    17:21:34.0765 2684 i2omgmt - ok
    17:21:35.0156 2684 i2omp - ok
    17:21:35.0640 2684 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    17:21:35.0765 2684 i8042prt - ok
    17:21:36.0390 2684 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    17:21:36.0468 2684 Imapi - ok
    17:21:36.0968 2684 ini910u - ok
    17:21:37.0343 2684 IntelIde - ok
    17:21:38.0109 2684 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    17:21:38.0171 2684 ip6fw - ok
    17:21:38.0718 2684 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    17:21:38.0750 2684 IpFilterDriver - ok
    17:21:39.0296 2684 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    17:21:39.0359 2684 IpInIp - ok
    17:21:39.0953 2684 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    17:21:40.0109 2684 IpNat - ok
    17:21:40.0656 2684 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    17:21:40.0843 2684 IPSec - ok
    17:21:41.0296 2684 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    17:21:41.0343 2684 IRENUM - ok
    17:21:42.0078 2684 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    17:21:42.0156 2684 isapnp - ok
    17:21:42.0687 2684 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    17:21:42.0750 2684 Kbdclass - ok
    17:21:43.0359 2684 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    17:21:43.0359 2684 kmixer - ok
    17:21:43.0750 2684 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    17:21:43.0953 2684 KSecDD - ok
    17:21:44.0515 2684 L8042Kbd (d1968dea7baff4a917858c384339cec8) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
    17:21:44.0531 2684 L8042Kbd - ok
    17:21:45.0093 2684 L8042mou (d6fc755ff505d99e6cc73e83492310df) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
    17:21:45.0265 2684 L8042mou - ok
    17:21:45.0687 2684 lbrtfdc - ok
    17:21:46.0578 2684 LMouKE (c149bdad13194df16ea33f9f601ed7bf) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
    17:21:46.0765 2684 LMouKE - ok
    17:21:47.0390 2684 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
    17:21:47.0453 2684 MBAMProtector - ok
    17:21:48.0046 2684 mdvrmng (4e10e84320a8ec1c12bd0d00973b22ab) C:\WINDOWS\system32\drivers\mdvrmng.sys
    17:21:48.0187 2684 mdvrmng - ok
    17:21:48.0734 2684 MidiSyn (8c7d037a53b495e7c250fd70b158b581) C:\WINDOWS\system32\drivers\MidiSyn.sys
    17:21:48.0796 2684 MidiSyn - ok
    17:21:49.0343 2684 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    17:21:49.0390 2684 mnmdd - ok
    17:21:50.0203 2684 MobileAdapter (4a77f036f7234ed24351ac486d2a29b9) C:\WINDOWS\system32\DRIVERS\hmvmdm.sys
    17:21:50.0328 2684 MobileAdapter - ok
    17:21:50.0812 2684 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    17:21:50.0937 2684 Modem - ok
    17:21:51.0484 2684 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    17:21:51.0531 2684 Mouclass - ok
    17:21:52.0125 2684 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    17:21:52.0218 2684 MountMgr - ok
    17:21:52.0734 2684 mraid35x - ok
    17:21:53.0265 2684 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    17:21:53.0359 2684 MRxDAV - ok
    17:21:54.0078 2684 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    17:21:54.0437 2684 MRxSmb - ok
    17:21:55.0031 2684 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    17:21:55.0078 2684 Msfs - ok
    17:21:55.0625 2684 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    17:21:55.0640 2684 MSKSSRV - ok
    17:21:56.0250 2684 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    17:21:56.0281 2684 MSPCLOCK - ok
    17:21:56.0906 2684 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    17:21:56.0937 2684 MSPQM - ok
    17:21:57.0500 2684 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    17:21:57.0593 2684 mssmbios - ok
    17:21:58.0171 2684 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    17:21:58.0234 2684 MSTEE - ok
    17:21:58.0781 2684 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    17:21:58.0953 2684 Mup - ok
    17:21:59.0703 2684 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    17:21:59.0796 2684 NABTSFEC - ok
    17:22:00.0468 2684 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    17:22:00.0671 2684 NDIS - ok
    17:22:01.0281 2684 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    17:22:01.0484 2684 NdisIP - ok
    17:22:02.0062 2684 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    17:22:02.0171 2684 NdisTapi - ok
    17:22:02.0656 2684 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    17:22:02.0765 2684 Ndisuio - ok
    17:22:03.0343 2684 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    17:22:03.0500 2684 NdisWan - ok
    17:22:04.0093 2684 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    17:22:04.0265 2684 NDProxy - ok
    17:22:04.0703 2684 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    17:22:04.0765 2684 NetBIOS - ok
    17:22:05.0359 2684 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    17:22:05.0625 2684 NetBT - ok
    17:22:06.0281 2684 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    17:22:06.0343 2684 Npfs - ok
    17:22:07.0093 2684 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    17:22:07.0562 2684 Ntfs - ok
    17:22:08.0140 2684 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    17:22:08.0187 2684 Null - ok
    17:22:08.0703 2684 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    17:22:08.0734 2684 NwlnkFlt - ok
    17:22:09.0343 2684 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    17:22:09.0406 2684 NwlnkFwd - ok
    17:22:09.0968 2684 OVT511Plus (c5739be3a8eecdf951955a38e1741f45) C:\WINDOWS\system32\Drivers\omcamvid.sys
    17:22:14.0343 2684 OVT511Plus - ok
    17:22:14.0921 2684 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    17:22:15.0156 2684 Parport - ok
    17:22:15.0750 2684 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    17:22:15.0812 2684 PartMgr - ok
    17:22:16.0375 2684 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    17:22:16.0390 2684 ParVdm - ok
    17:22:16.0875 2684 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    17:22:17.0000 2684 PCI - ok
    17:22:17.0515 2684 PCIDump - ok
    17:22:17.0953 2684 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    17:22:18.0671 2684 PCIIde - ok
    17:22:19.0171 2684 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    17:22:19.0265 2684 Pcmcia - ok
    17:22:19.0656 2684 PDCOMP - ok
    17:22:20.0078 2684 PDFRAME - ok
    17:22:20.0484 2684 PDRELI - ok
    17:22:20.0859 2684 PDRFRAME - ok
    17:22:21.0296 2684 perc2 - ok
    17:22:21.0718 2684 perc2hib - ok
    17:22:23.0015 2684 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    17:22:23.0203 2684 PptpMiniport - ok
    17:22:23.0703 2684 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    17:22:23.0718 2684 Processor - ok
    17:22:24.0328 2684 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    17:22:24.0546 2684 PSched - ok
    17:22:25.0078 2684 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    17:22:25.0093 2684 Ptilink - ok
    17:22:25.0656 2684 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    17:22:25.0703 2684 PxHelp20 - ok
    17:22:26.0093 2684 ql1080 - ok
    17:22:26.0562 2684 Ql10wnt - ok
    17:22:26.0953 2684 ql12160 - ok
    17:22:27.0437 2684 ql1240 - ok
    17:22:27.0859 2684 ql1280 - ok
    17:22:28.0593 2684 RapportBuka (e2aa111b00f5205ffd52a57f48b4f642) C:\WINDOWS\system32\drivers\RapportBuka.sys
    17:22:28.0984 2684 RapportBuka - ok
    17:22:29.0437 2684 RapportCerberus_32301 (2fccc769cdba34c6ab6183aa4d2f7519) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys
    17:22:29.0468 2684 RapportCerberus_32301 - ok
    17:22:29.0640 2684 RapportEI (5074fe56c70b31909c6b3129280c4cf2) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
    17:22:29.0671 2684 RapportEI - ok
    17:22:29.0953 2684 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
    17:22:30.0125 2684 RapportIaso - ok
    17:22:30.0625 2684 RapportKELL (d6c7c196ad59375e9dde68d70db6e7a1) C:\WINDOWS\system32\Drivers\RapportKELL.sys
    17:22:30.0796 2684 RapportKELL - ok
    17:22:31.0140 2684 RapportPG (1205f9ccc78d152a5cc509f5ee32800d) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
    17:22:31.0140 2684 RapportPG - ok
    17:22:31.0718 2684 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    17:22:31.0750 2684 RasAcd - ok
    17:22:32.0328 2684 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    17:22:32.0406 2684 Rasl2tp - ok
    17:22:32.0921 2684 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    17:22:33.0031 2684 RasPppoe - ok
    17:22:33.0687 2684 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    17:22:33.0703 2684 Raspti - ok
    17:22:34.0234 2684 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    17:22:34.0468 2684 Rdbss - ok
    17:22:34.0953 2684 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    17:22:35.0140 2684 RDPCDD - ok
    17:22:35.0750 2684 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    17:22:35.0921 2684 RDPWD - ok
    17:22:36.0500 2684 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    17:22:36.0546 2684 redbook - ok
    17:22:37.0140 2684 RTLWUSB - ok
    17:22:37.0609 2684 SE27bus (59a9eb4073a39895af314780d0a032fa) C:\WINDOWS\system32\DRIVERS\SE27bus.sys
    17:22:37.0843 2684 SE27bus - ok
    17:22:38.0437 2684 SE27mdfl (d53e7e53107d1796825540129f8fe89f) C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys
    17:22:38.0515 2684 SE27mdfl - ok
    17:22:39.0093 2684 SE27mdm (2afa2f65a6e91da5b5070e734769827e) C:\WINDOWS\system32\DRIVERS\SE27mdm.sys
    17:22:39.0140 2684 SE27mdm - ok
    17:22:39.0718 2684 SE27mgmt (5a33a8d7b44c7bd8abe248b4dcd1ff3c) C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys
    17:22:39.0765 2684 SE27mgmt - ok
    17:22:40.0406 2684 SE27obex (5da6ff71e94b9134ddd094ebb09f05e6) C:\WINDOWS\system32\DRIVERS\SE27obex.sys
    17:22:45.0484 2684 SE27obex - ok
    17:22:46.0000 2684 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    17:22:46.0062 2684 Secdrv - ok
    17:22:46.0828 2684 senfilt (bb596a578330ad794c6769b588af6bb4) C:\WINDOWS\system32\drivers\senfilt.sys
    17:22:47.0156 2684 senfilt - ok
    17:22:47.0593 2684 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    17:22:47.0781 2684 serenum - ok
    17:22:48.0390 2684 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    17:22:48.0421 2684 Serial - ok
    17:22:48.0953 2684 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    17:22:48.0984 2684 Sfloppy - ok
    17:22:49.0609 2684 Simbad - ok
    17:22:50.0203 2684 SiS315 (3a340f067230cd93a9cb54687c763e79) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
    17:22:50.0343 2684 SiS315 - ok
    17:22:50.0765 2684 SiSide (b4485881bd8aed9b157a2e6cf43c2d51) C:\WINDOWS\system32\DRIVERS\siside.sys
    17:23:00.0578 2684 SiSide - ok
    17:23:01.0156 2684 sisidex (6225224b8e846ac230f8d9b343635910) C:\WINDOWS\system32\drivers\sisidex.sys
    17:23:01.0359 2684 sisidex - ok
    17:23:01.0812 2684 SiSkp (65a3c0dec8d3b0d5bfb743e397ef98e5) C:\WINDOWS\system32\DRIVERS\srvkp.sys
    17:23:01.0921 2684 SiSkp - ok
    17:23:02.0484 2684 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys
    17:23:02.0515 2684 SISNIC - ok
    17:23:02.0921 2684 sisperf (596d4a7052002d2bd344d8937da6f66d) C:\WINDOWS\system32\drivers\sisperf.sys
    17:23:03.0046 2684 sisperf - ok
    17:23:03.0531 2684 SiSRaid (d0013138311fdab6dafccedfeed59ab1) C:\WINDOWS\system32\DRIVERS\SiSRaid.sys
    17:23:03.0609 2684 SiSRaid - ok
    17:23:04.0015 2684 SiSV (3a4db551bcbfb9779b67e1982a1a8400) C:\WINDOWS\system32\DRIVERS\SiSV.sys
    17:23:04.0140 2684 SiSV - ok
    17:23:04.0640 2684 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    17:23:04.0703 2684 SLIP - ok
    17:23:05.0375 2684 smwdm (1319ea66a96250d59665d133c0ff7cd0) C:\WINDOWS\system32\drivers\smwdm.sys
    17:23:05.0531 2684 smwdm - ok
    17:23:06.0156 2684 Sparrow - ok
    17:23:06.0828 2684 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    17:23:06.0890 2684 splitter - ok
    17:23:07.0484 2684 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    17:23:07.0562 2684 sr - ok
    17:23:08.0265 2684 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    17:23:08.0593 2684 Srv - ok
    17:23:09.0203 2684 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    17:23:09.0250 2684 streamip - ok
    17:23:09.0781 2684 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    17:23:09.0843 2684 swenum - ok
    17:23:10.0484 2684 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    17:23:10.0531 2684 swmidi - ok
    17:23:11.0156 2684 symc810 - ok
    17:23:11.0562 2684 symc8xx - ok
    17:23:12.0125 2684 sym_hi - ok
    17:23:12.0531 2684 sym_u3 - ok
    17:23:13.0078 2684 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    17:23:13.0312 2684 sysaudio - ok
    17:23:13.0937 2684 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    17:23:14.0625 2684 Tcpip - ok
    17:23:15.0187 2684 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    17:23:15.0203 2684 TDPIPE - ok
    17:23:15.0750 2684 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    17:23:15.0859 2684 TDTCP - ok
    17:23:16.0687 2684 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    17:23:16.0765 2684 TermDD - ok
    17:23:17.0500 2684 TosIde - ok
    17:23:18.0437 2684 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    17:23:18.0562 2684 Udfs - ok
    17:23:19.0203 2684 ultra - ok
    17:23:19.0781 2684 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    17:23:20.0234 2684 Update - ok
    17:23:21.0234 2684 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    17:23:21.0343 2684 usbccgp - ok
    17:23:21.0968 2684 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    17:23:22.0078 2684 usbehci - ok
    17:23:22.0828 2684 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    17:23:28.0609 2684 usbhub - ok
    17:23:29.0218 2684 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    17:23:30.0640 2684 usbohci - ok
    17:23:31.0078 2684 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    17:23:31.0109 2684 usbprint - ok
    17:23:31.0781 2684 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    17:23:32.0359 2684 usbscan - ok
    17:23:32.0781 2684 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    17:23:32.0937 2684 USBSTOR - ok
    17:23:33.0421 2684 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    17:23:33.0625 2684 VgaSave - ok
    17:23:34.0078 2684 ViaIde - ok
    17:23:34.0609 2684 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    17:23:34.0734 2684 VolSnap - ok
    17:23:35.0406 2684 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    17:23:35.0468 2684 Wanarp - ok
    17:23:36.0015 2684 WDICA - ok
    17:23:36.0750 2684 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    17:23:36.0812 2684 wdmaud - ok
    17:23:37.0671 2684 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    17:23:46.0718 2684 WpdUsb - ok
    17:23:47.0359 2684 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    17:23:47.0406 2684 WSTCODEC - ok
    17:23:48.0031 2684 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    17:23:48.0093 2684 WudfPf - ok
    17:23:48.0687 2684 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    17:23:48.0796 2684 WudfRd - ok
    17:23:48.0890 2684 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    17:23:50.0234 2684 \Device\Harddisk0\DR0 - ok
    17:23:50.0250 2684 MBR (0x1B8) (6445d5f719231a5914e62ba4dff07d30) \Device\Harddisk1\DR1
    17:23:50.0781 2684 \Device\Harddisk1\DR1 - ok
    17:23:50.0796 2684 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk3\DR9
    17:23:51.0109 2684 \Device\Harddisk3\DR9 - ok
    17:23:51.0281 2684 Boot (0x1200) (fcfb79b60041e416f3086dc164d5f0bf) \Device\Harddisk0\DR0\Partition0
    17:23:51.0328 2684 \Device\Harddisk0\DR0\Partition0 - ok
    17:23:51.0406 2684 Boot (0x1200) (0aee792a8e8e0db780f7e467808323aa) \Device\Harddisk0\DR0\Partition1
    17:23:51.0421 2684 \Device\Harddisk0\DR0\Partition1 - ok
    17:23:51.0687 2684 Boot (0x1200) (b7e82bd900b180860874aa3219e51c6b) \Device\Harddisk0\DR0\Partition2
    17:23:51.0687 2684 \Device\Harddisk0\DR0\Partition2 - ok
    17:23:51.0750 2684 Boot (0x1200) (1b8395ef6b5367b7e684dbbb3562b03f) \Device\Harddisk1\DR1\Partition0
    17:23:51.0796 2684 \Device\Harddisk1\DR1\Partition0 - ok
    17:23:51.0953 2684 Boot (0x1200) (affb2955290580ad395422380e9d7411) \Device\Harddisk1\DR1\Partition1
    17:23:51.0953 2684 \Device\Harddisk1\DR1\Partition1 - ok
    17:23:52.0000 2684 Boot (0x1200) (517a3b4c2497730c32e6218a1c7fca8d) \Device\Harddisk3\DR9\Partition0
    17:23:52.0000 2684 \Device\Harddisk3\DR9\Partition0 - ok
    17:23:52.0078 2684 ============================================================
    17:23:52.0078 2684 Scan finished
    17:23:52.0078 2684 ============================================================
    17:23:52.0343 1100 Detected object count: 0
    17:23:52.0343 1100 Actual detected object count: 0
    17:28:58.0375 5792 Deinitialize success
     
  12. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi OTH62,

    TeaTimer needs to be disabled so that its protection does not interfere with fixes.

    How Spybot-S&D protects against the installation of Spyware/Malware.

    TeaTimer can be re-enabled once the computer is clean. :)

    1. Open Spybot-S&D in Advanced Mode.
    2. If it is not already set to do this go to the "Mode" menu and select "Advanced Mode".
    3. On the left hand side, click on "Tools".
    4. Then click on the Resident Icon in the List.
    5. Uncheck "Resident TeaTimer" and OK any prompts.
    6. Restart your computer.
    ----------------

    • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
      Code:
      KillAll::
      
      File::
      c:\windows\system32\utixt.exe
      
    • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

      [​IMG]
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
    ----------
     
  13. OverTheHill62

    OverTheHill62 Thread Starter

    Joined:
    Nov 20, 2011
    Messages:
    48
    Hi Jeff.

    Have a problem. Left the machine to do its work as it seemed as if nothing was happening and it was taking forever. For some reason it started to go into standby but didn't complete this. I had to reboot as I couldn't get out of this, so I don't know if anything has happened. I cannot see a log anywhere. Do I re-run the script?

    Lesley
     
  14. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Yes just try it again. If you still have problems let me know. :)
     
  15. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,887
    First Name:
    Frank
    Go to Control Panel - Power Options.

    Set the power scheme to "Always On".

    Set all other settings to "Never".

    Click Apply.

    Uncheck "Enable hibernation".

    Click Apply - OK.

    Restart the computer.

    ---------------------------------------------------------

    Doing this will keep your computer awake all the time and not allow it to go into standby/sleep/suspend/hibernate mode - which you don't want to happen when you're doing something that's time-consuming and important.

    ---------------------------------------------------------
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - showing multiple threats
  1. Dano2
    Replies:
    0
    Views:
    429
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1027754

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice