I.E. Browser Redirect Fix Needed

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

coachese

Thread Starter
Joined
Dec 13, 2011
Messages
4
Here you go. Thanks in advance.



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:11:48 PM, on 12/13/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\system32\SonyIEx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ping.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dave Harding\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.costar.com
O15 - Trusted Zone: *.fnismls.com
O15 - Trusted Zone: *.getmedianow.com
O15 - Trusted Zone: *.live.com
O15 - Trusted Zone: *.showingtime.com
O15 - Trusted Zone: *.sitexdata.com
O15 - Trusted Zone: *.spellchecker.net
O15 - Trusted Zone: *.transactionpoint.com
O15 - Trusted Zone: *.trpoint.com
O15 - Trusted Zone: *.virtualearth.net
O16 - DPF: {0854D220-A90A-466D-BC02-6683183802B7} (PrintPreview Class) - http://snvmls.fnismls.com/Paragon/Codebase/FNISPrintControl.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install-ie/alttiff.cab
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen9.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://maps.cityofreno.net/mgaxctrl.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://216.237.82.150/activex/AxisCamControl.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://facorelogic.webex.com/client/T26L/webex/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F375116A-793C-11D2-BFE1-444553540001} (First American Res MapActiveX Control) - http://realist2.firstamres.com/mapviewer/mapviewer.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SonyIEx - Unknown owner - C:\WINDOWS\system32\SonyIEx.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - http://www.datasourcenev.com/Images/Index.1.jpg
O24 - Desktop Component 1: (no name) - http://images.huffingtonpost.com/gen/40465/thumbs/r-MISSISSIPPI-huge.jpg

--
End of file - 8010 bytes

---------------------

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Dave Harding at 16:12:35 on 2011-12-13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1444 [GMT -8:00]
.
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\system32\SonyIEx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ping.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dave Harding\My Documents\Downloads\HijackThis.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
dRunOnce: [RunNarrator] Narrator.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: mswsock.dll
Trusted Zone: costar.com
Trusted Zone: fnismls.com
Trusted Zone: getmedianow.com
Trusted Zone: live.com
Trusted Zone: showingtime.com
Trusted Zone: sitexdata.com
Trusted Zone: spellchecker.net
Trusted Zone: transactionpoint.com
Trusted Zone: trpoint.com
Trusted Zone: virtualearth.net
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0854D220-A90A-466D-BC02-6683183802B7} - hxxp://snvmls.fnismls.com/Paragon/Codebase/FNISPrintControl.cab
DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/install-ie/alttiff.cab
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - hxxp://w4s2.work4sure.com/c/ge/w4sgeen9.exe
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://maps.cityofreno.net/mgaxctrl.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://216.237.82.150/activex/AxisCamControl.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://facorelogic.webex.com/client/T26L/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F375116A-793C-11D2-BFE1-444553540001} - hxxp://realist2.firstamres.com/mapviewer/mapviewer.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{369CA112-C9EC-4936-9683-10662F543E82} : DhcpNameServer = 10.0.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dave harding\application data\mozilla\firefox\profiles\cyobj7o0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 SonyIEx;SonyIEx;c:\windows\system32\SonyIEx.exe [2007-10-19 126976]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2005-10-5 1251720]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-2 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-2 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
=============== Created Last 30 ================
.
2011-12-13 20:28:34 -------- d-----w- c:\documents and settings\dave harding\local settings\application data\Mozilla
2011-12-13 19:50:13 -------- d-----w- c:\documents and settings\dave harding\application data\Malwarebytes
2011-12-13 19:50:03 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-13 19:50:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-13 19:49:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-02 17:56:41 -------- d--h--w- C:\$AVG
2011-12-02 17:24:57 -------- d-----w- c:\documents and settings\dave harding\application data\AVG2012
2011-12-02 17:06:56 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-12-02 17:06:08 -------- d-----w- c:\windows\system32\drivers\AVG
2011-12-02 17:06:08 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2011-12-02 17:05:27 -------- d-----w- c:\program files\AVG
2011-12-02 16:57:28 -------- d-----w- c:\documents and settings\all users\application data\MFAData
.
==================== Find3M ====================
.
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 14:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 14:21:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 16:12:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 16:13:52.04 ===============

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-14 08:57:20
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_6Y160P0 rev.YAR41BW0
Running: 6gjexsyg.exe; Driver: C:\DOCUME~1\DAVEHA~1\LOCALS~1\Temp\pxtdapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB0E8AF3C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB0E8AFE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB0E8B080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB0E8B11C]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 450 804E2ABC 8 Bytes [E4, AF, E8, B0, 80, B0, E8, ...]
? ivdyahbc.sys The system cannot find the file specified. !
init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xF77CA760]
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB99CEF80]
.text mrxsmb.sys B14A9000 13 Bytes JMP B14A9C0D \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
.text mrxsmb.sys B14A900E 13 Bytes [28, 4A, 4C, B1, 8B, 0D, F4, ...] {SUB [EDX+0x4c], CL; MOV CL, 0x8b; OR EAX, 0xb14c7cf4; TEST CL, 0x1}
.text mrxsmb.sys B14A901C 3 Bytes [85, F4, E5]
.text mrxsmb.sys B14A9021 44 Bytes [6A, 04, 5B, 39, 1D, 44, 71, ...]
.text mrxsmb.sys B14A904F 43 Bytes [68, F0, 4B, 4C, B1, 56, E8, ...]
.text ...
? C:\WINDOWS\system32\DRIVERS\mrxsmb.sys suspicious PE modification

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F8000A
.text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00F9000A
.text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00F5000C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2160] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02C2000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2160] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 02C3000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2160] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 02C1000C
.text C:\WINDOWS\System32\ping.exe[4592] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B4000A
.text C:\WINDOWS\System32\ping.exe[4592] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00B5000A
.text C:\WINDOWS\System32\ping.exe[4592] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009F000A
.text C:\WINDOWS\System32\ping.exe[4592] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A0000A
.text C:\WINDOWS\System32\ping.exe[4592] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 009E000C
.text C:\WINDOWS\System32\ping.exe[4592] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00B8000A
.text C:\WINDOWS\System32\ping.exe[4592] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 00B9000A
.text C:\WINDOWS\System32\ping.exe[4592] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 00BA000A
.text C:\WINDOWS\System32\ping.exe[4592] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00B7000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) B15E0000-B15FA000 (106496 bytes)

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\NetworkService\Cookies\8IQVYVKX.txt 1501 bytes
File C:\Documents and Settings\NetworkService\Cookies\HZ961PE2.txt 98 bytes
File C:\Documents and Settings\NetworkService\Cookies\VV0GZ04S.txt 1501 bytes
File C:\Documents and Settings\NetworkService\Cookies\WM138U1F.txt 3450 bytes
File C:\Documents and Settings\NetworkService\Cookies\2DRRBZV3.txt 529 bytes
File C:\Documents and Settings\NetworkService\Cookies\K6U0UP6G.txt 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0K46R304\down[1] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0K46R304\AdDisplayTrackerServlet[3].htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B53L43UJ\Track[1].txt 1 bytes
File C:\WINDOWS\$NtUninstallKB46035$\1334180950 0 bytes
File C:\WINDOWS\$NtUninstallKB46035$\1334180950\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB46035$\1334180950\bckfg.tmp 850 bytes
File C:\WINDOWS\$NtUninstallKB46035$\1334180950\cfg.ini 198 bytes
File C:\WINDOWS\$NtUninstallKB46035$\1334180950\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB46035$\1334180950\keywords 266 bytes
File C:\WINDOWS\$NtUninstallKB46035$\1334180950\kwrd.dll 223744 bytes
File C:\WINDOWS\$NtUninstallKB46035$\1334180950\L 0 bytes
File C:\WINDOWS\$NtUninstallKB46035$\1334180950\L\odetmngk 456320 bytes
File C:\WINDOWS\$NtUninstallKB46035$\1334180950\lsflt7.ver 5176 bytes
File C:\WINDOWS\$NtUninstallKB46035$\1334180950\U 0 bytes
File C:\WINDOWS\$NtUninstallKB46035$\1334180950\U\[email protected] 2048 bytes
File C:\WINDOWS\$NtUninstallKB46035$\1334180950\U\[email protected] 224768 bytes
File C:\WINDOWS\$NtUninstallKB46035$\1334180950\U\[email protected] 1024 bytes
File C:\WINDOWS\$NtUninstallKB46035$\1334180950\U\[email protected] 1024 bytes
File C:\WINDOWS\$NtUninstallKB46035$\1334180950\U\[email protected] 12800 bytes
File C:\WINDOWS\$NtUninstallKB46035$\1334180950\U\[email protected] 98304 bytes
File C:\WINDOWS\$NtUninstallKB46035$\4043384499 0 bytes

---- EOF - GMER 1.0.15 ----
 

Attachments

CatByte

Malware Specialist
Joined
Feb 24, 2009
Messages
3,930
Hi,

Please do the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT



Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
 

coachese

Thread Starter
Joined
Dec 13, 2011
Messages
4
13:12:08.0500 5280 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
13:12:09.0843 5280 ============================================================
13:12:09.0843 5280 Current date / time: 2011/12/15 13:12:09.0843
13:12:09.0843 5280 SystemInfo:
13:12:09.0843 5280
13:12:09.0843 5280 OS Version: 5.1.2600 ServicePack: 3.0
13:12:09.0843 5280 Product type: Workstation
13:12:09.0843 5280 ComputerName: DAVE
13:12:09.0843 5280 UserName: Dave Harding
13:12:09.0843 5280 Windows directory: C:\WINDOWS
13:12:09.0843 5280 System windows directory: C:\WINDOWS
13:12:09.0843 5280 Processor architecture: Intel x86
13:12:09.0843 5280 Number of processors: 1
13:12:09.0843 5280 Page size: 0x1000
13:12:09.0843 5280 Boot type: Normal boot
13:12:09.0843 5280 ============================================================
13:12:11.0875 5280 Initialize success
13:12:14.0015 4740 ============================================================
13:12:14.0015 4740 Scan started
13:12:14.0015 4740 Mode: Manual;
13:12:14.0015 4740 ============================================================
13:12:15.0921 4740 Abiosdsk - ok
13:12:15.0984 4740 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
13:12:16.0000 4740 abp480n5 - ok
13:12:16.0078 4740 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:12:16.0078 4740 ACPI - ok
13:12:16.0125 4740 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:12:16.0140 4740 ACPIEC - ok
13:12:16.0171 4740 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
13:12:16.0171 4740 adpu160m - ok
13:12:16.0218 4740 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:12:16.0234 4740 aec - ok
13:12:16.0296 4740 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:12:16.0343 4740 AFD - ok
13:12:16.0406 4740 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
13:12:16.0406 4740 agp440 - ok
13:12:16.0437 4740 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
13:12:16.0437 4740 agpCPQ - ok
13:12:16.0453 4740 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
13:12:16.0468 4740 Aha154x - ok
13:12:16.0500 4740 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
13:12:16.0500 4740 aic78u2 - ok
13:12:16.0531 4740 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
13:12:16.0531 4740 aic78xx - ok
13:12:16.0578 4740 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
13:12:16.0578 4740 AliIde - ok
13:12:16.0609 4740 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
13:12:16.0609 4740 alim1541 - ok
13:12:16.0640 4740 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
13:12:16.0640 4740 amdagp - ok
13:12:16.0671 4740 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
13:12:16.0671 4740 amsint - ok
13:12:16.0703 4740 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
13:12:16.0734 4740 asc - ok
13:12:17.0031 4740 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
13:12:17.0031 4740 asc3350p - ok
13:12:17.0062 4740 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
13:12:17.0062 4740 asc3550 - ok
13:12:17.0125 4740 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
13:12:17.0125 4740 ASCTRM - ok
13:12:17.0171 4740 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:12:17.0171 4740 AsyncMac - ok
13:12:17.0203 4740 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:12:17.0203 4740 atapi - ok
13:12:17.0234 4740 Atdisk - ok
13:12:17.0281 4740 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:12:17.0281 4740 Atmarpc - ok
13:12:17.0343 4740 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:12:17.0343 4740 audstub - ok
13:12:17.0437 4740 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
13:12:17.0437 4740 AVGIDSDriver - ok
13:12:17.0484 4740 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
13:12:17.0484 4740 AVGIDSEH - ok
13:12:17.0562 4740 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
13:12:17.0562 4740 AVGIDSFilter - ok
13:12:17.0640 4740 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
13:12:17.0640 4740 AVGIDSShim - ok
13:12:17.0703 4740 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
13:12:17.0703 4740 Avgldx86 - ok
13:12:17.0750 4740 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
13:12:17.0765 4740 Avgmfx86 - ok
13:12:17.0781 4740 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
13:12:17.0781 4740 Avgrkx86 - ok
13:12:17.0843 4740 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
13:12:17.0843 4740 Avgtdix - ok
13:12:17.0890 4740 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:12:17.0890 4740 Beep - ok
13:12:17.0953 4740 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
13:12:17.0953 4740 cbidf - ok
13:12:17.0968 4740 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:12:17.0968 4740 cbidf2k - ok
13:12:18.0015 4740 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
13:12:18.0015 4740 cd20xrnt - ok
13:12:18.0046 4740 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:12:18.0046 4740 Cdaudio - ok
13:12:18.0109 4740 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:12:18.0109 4740 Cdfs - ok
13:12:18.0156 4740 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:12:18.0156 4740 Cdrom - ok
13:12:18.0171 4740 Changer - ok
13:12:18.0234 4740 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
13:12:18.0234 4740 CmdIde - ok
13:12:18.0281 4740 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
13:12:18.0281 4740 Cpqarray - ok
13:12:18.0328 4740 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
13:12:18.0328 4740 dac2w2k - ok
13:12:18.0359 4740 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
13:12:18.0375 4740 dac960nt - ok
13:12:18.0406 4740 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:12:18.0406 4740 Disk - ok
13:12:18.0468 4740 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:12:18.0500 4740 dmboot - ok
13:12:18.0625 4740 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:12:18.0625 4740 dmio - ok
13:12:18.0718 4740 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:12:18.0718 4740 dmload - ok
13:12:18.0812 4740 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:12:18.0812 4740 DMusic - ok
13:12:18.0921 4740 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
13:12:18.0921 4740 dpti2o - ok
13:12:18.0984 4740 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:12:18.0984 4740 drmkaud - ok
13:12:19.0078 4740 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
13:12:19.0093 4740 drvmcdb - ok
13:12:19.0140 4740 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
13:12:19.0140 4740 drvnddm - ok
13:12:19.0203 4740 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
13:12:19.0203 4740 E100B - ok
13:12:19.0281 4740 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:12:19.0281 4740 Fastfat - ok
13:12:19.0343 4740 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:12:19.0343 4740 Fdc - ok
13:12:19.0390 4740 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:12:19.0390 4740 Fips - ok
13:12:19.0453 4740 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:12:19.0453 4740 Flpydisk - ok
13:12:19.0500 4740 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:12:19.0500 4740 FltMgr - ok
13:12:19.0609 4740 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:12:19.0609 4740 Fs_Rec - ok
13:12:19.0765 4740 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:12:19.0765 4740 Ftdisk - ok
13:12:19.0906 4740 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:12:19.0906 4740 Gpc - ok
13:12:19.0984 4740 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:12:19.0984 4740 HidUsb - ok
13:12:20.0062 4740 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
13:12:20.0062 4740 hpn - ok
13:12:20.0203 4740 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:12:20.0203 4740 HTTP - ok
13:12:20.0250 4740 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
13:12:20.0250 4740 i2omgmt - ok
13:12:20.0328 4740 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
13:12:20.0328 4740 i2omp - ok
13:12:20.0406 4740 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:12:20.0406 4740 i8042prt - ok
13:12:20.0546 4740 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
13:12:20.0593 4740 ialm - ok
13:12:20.0703 4740 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:12:20.0703 4740 Imapi - ok
13:12:20.0796 4740 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
13:12:20.0812 4740 ini910u - ok
13:12:20.0921 4740 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
13:12:21.0031 4740 IntelC51 - ok
13:12:21.0156 4740 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
13:12:21.0171 4740 IntelC52 - ok
13:12:21.0250 4740 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
13:12:21.0250 4740 IntelC53 - ok
13:12:21.0296 4740 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:12:21.0296 4740 IntelIde - ok
13:12:21.0359 4740 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:12:21.0359 4740 intelppm - ok
13:12:21.0437 4740 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:12:21.0437 4740 Ip6Fw - ok
13:12:21.0546 4740 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:12:21.0546 4740 IpFilterDriver - ok
13:12:21.0656 4740 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:12:21.0656 4740 IpInIp - ok
13:12:21.0734 4740 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:12:21.0734 4740 IpNat - ok
13:12:21.0796 4740 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:12:21.0796 4740 IPSec - ok
13:12:21.0875 4740 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:12:21.0875 4740 IRENUM - ok
13:12:21.0953 4740 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:12:21.0953 4740 isapnp - ok
13:12:22.0015 4740 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:12:22.0015 4740 Kbdclass - ok
13:12:22.0078 4740 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:12:22.0078 4740 kbdhid - ok
13:12:22.0140 4740 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:12:22.0140 4740 kmixer - ok
13:12:22.0218 4740 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:12:22.0218 4740 KSecDD - ok
13:12:22.0296 4740 lbrtfdc - ok
13:12:22.0359 4740 MBAMSwissArmy - ok
13:12:22.0421 4740 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:12:22.0421 4740 mnmdd - ok
13:12:22.0484 4740 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:12:22.0484 4740 Modem - ok
13:12:22.0578 4740 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
13:12:22.0578 4740 MODEMCSA - ok
13:12:22.0703 4740 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
13:12:22.0703 4740 mohfilt - ok
13:12:22.0843 4740 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:12:22.0843 4740 Mouclass - ok
13:12:22.0953 4740 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:12:22.0953 4740 mouhid - ok
13:12:23.0093 4740 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:12:23.0093 4740 MountMgr - ok
13:12:23.0187 4740 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
13:12:23.0187 4740 mraid35x - ok
13:12:23.0250 4740 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:12:23.0265 4740 MRxDAV - ok
13:12:23.0406 4740 MRxSmb (6f807578ff723052afd59a633b0ac607) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:12:23.0421 4740 MRxSmb - ok
13:12:23.0515 4740 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:12:23.0515 4740 Msfs - ok
13:12:23.0625 4740 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:12:23.0625 4740 MSKSSRV - ok
13:12:23.0750 4740 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:12:23.0750 4740 MSPCLOCK - ok
13:12:23.0875 4740 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:12:23.0875 4740 MSPQM - ok
13:12:23.0984 4740 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:12:23.0984 4740 mssmbios - ok
13:12:24.0078 4740 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:12:24.0078 4740 Mup - ok
13:12:24.0218 4740 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:12:24.0218 4740 NDIS - ok
13:12:24.0359 4740 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:12:24.0375 4740 NdisTapi - ok
13:12:24.0453 4740 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:12:24.0453 4740 Ndisuio - ok
13:12:24.0546 4740 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:12:24.0546 4740 NdisWan - ok
13:12:24.0640 4740 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:12:24.0656 4740 NDProxy - ok
13:12:24.0734 4740 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:12:24.0734 4740 NetBIOS - ok
13:12:24.0875 4740 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:12:24.0890 4740 NetBT - ok
13:12:25.0046 4740 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\NPF.sys
13:12:25.0046 4740 NPF - ok
13:12:25.0125 4740 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:12:25.0125 4740 Npfs - ok
13:12:25.0234 4740 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:12:25.0234 4740 Ntfs - ok
13:12:25.0328 4740 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:12:25.0328 4740 Null - ok
13:12:25.0468 4740 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:12:25.0515 4740 nv - ok
13:12:25.0640 4740 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:12:25.0640 4740 NwlnkFlt - ok
13:12:25.0734 4740 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:12:25.0750 4740 NwlnkFwd - ok
13:12:25.0890 4740 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:12:25.0890 4740 Parport - ok
13:12:25.0937 4740 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:12:25.0937 4740 PartMgr - ok
13:12:26.0015 4740 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:12:26.0015 4740 ParVdm - ok
13:12:26.0093 4740 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:12:26.0093 4740 PCI - ok
13:12:26.0171 4740 PCIDump - ok
13:12:26.0265 4740 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:12:26.0265 4740 PCIIde - ok
13:12:26.0390 4740 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:12:26.0390 4740 Pcmcia - ok
13:12:26.0453 4740 PDCOMP - ok
13:12:26.0515 4740 PDFRAME - ok
13:12:26.0562 4740 PDRELI - ok
13:12:26.0687 4740 PDRFRAME - ok
13:12:26.0937 4740 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
13:12:27.0015 4740 perc2 - ok
13:12:27.0078 4740 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
13:12:27.0078 4740 perc2hib - ok
13:12:27.0171 4740 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:12:27.0171 4740 PptpMiniport - ok
13:12:27.0203 4740 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:12:27.0203 4740 PSched - ok
13:12:27.0218 4740 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:12:27.0234 4740 Ptilink - ok
13:12:27.0281 4740 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:12:27.0281 4740 PxHelp20 - ok
13:12:27.0328 4740 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
13:12:27.0328 4740 ql1080 - ok
13:12:27.0359 4740 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
13:12:27.0375 4740 Ql10wnt - ok
13:12:27.0390 4740 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
13:12:27.0390 4740 ql12160 - ok
13:12:27.0421 4740 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
13:12:27.0421 4740 ql1240 - ok
13:12:27.0453 4740 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
13:12:27.0453 4740 ql1280 - ok
13:12:27.0500 4740 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:12:27.0500 4740 RasAcd - ok
13:12:27.0531 4740 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:12:27.0546 4740 Rasl2tp - ok
13:12:27.0578 4740 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:12:27.0578 4740 RasPppoe - ok
13:12:27.0593 4740 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:12:27.0593 4740 Raspti - ok
13:12:27.0656 4740 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:12:27.0656 4740 Rdbss - ok
13:12:27.0687 4740 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:12:27.0687 4740 RDPCDD - ok
13:12:27.0750 4740 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:12:27.0750 4740 rdpdr - ok
13:12:27.0812 4740 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
13:12:27.0828 4740 RDPWD - ok
13:12:27.0875 4740 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:12:27.0890 4740 redbook - ok
13:12:27.0984 4740 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:12:27.0984 4740 Secdrv - ok
13:12:28.0062 4740 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
13:12:28.0156 4740 senfilt - ok
13:12:28.0187 4740 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:12:28.0187 4740 serenum - ok
13:12:28.0203 4740 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:12:28.0203 4740 Serial - ok
13:12:28.0234 4740 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:12:28.0250 4740 Sfloppy - ok
13:12:28.0265 4740 Simbad - ok
13:12:28.0328 4740 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
13:12:28.0343 4740 sisagp - ok
13:12:28.0390 4740 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
13:12:28.0406 4740 smwdm - ok
13:12:28.0453 4740 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
13:12:28.0453 4740 Sparrow - ok
13:12:28.0515 4740 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:12:28.0515 4740 splitter - ok
13:12:28.0546 4740 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:12:28.0546 4740 sr - ok
13:12:28.0656 4740 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:12:28.0671 4740 Srv - ok
13:12:28.0718 4740 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
13:12:28.0718 4740 sscdbhk5 - ok
13:12:28.0750 4740 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
13:12:28.0750 4740 ssrtln - ok
13:12:28.0796 4740 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:12:28.0796 4740 swenum - ok
13:12:28.0812 4740 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:12:28.0828 4740 swmidi - ok
13:12:28.0890 4740 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
13:12:28.0890 4740 symc810 - ok
13:12:28.0921 4740 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
13:12:28.0921 4740 symc8xx - ok
13:12:28.0968 4740 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
13:12:28.0968 4740 symlcbrd - ok
13:12:29.0015 4740 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
13:12:29.0031 4740 sym_hi - ok
13:12:29.0046 4740 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
13:12:29.0062 4740 sym_u3 - ok
13:12:29.0078 4740 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:12:29.0078 4740 sysaudio - ok
13:12:29.0171 4740 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:12:29.0187 4740 Tcpip - ok
13:12:29.0250 4740 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:12:29.0250 4740 TDPIPE - ok
13:12:29.0281 4740 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:12:29.0281 4740 TDTCP - ok
13:12:29.0328 4740 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:12:29.0328 4740 TermDD - ok
13:12:29.0406 4740 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
13:12:29.0406 4740 tfsnboio - ok
13:12:29.0421 4740 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
13:12:29.0421 4740 tfsncofs - ok
13:12:29.0453 4740 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
13:12:29.0453 4740 tfsndrct - ok
13:12:29.0468 4740 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
13:12:29.0484 4740 tfsndres - ok
13:12:29.0500 4740 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
13:12:29.0500 4740 tfsnifs - ok
13:12:29.0531 4740 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
13:12:29.0531 4740 tfsnopio - ok
13:12:29.0546 4740 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
13:12:29.0546 4740 tfsnpool - ok
13:12:29.0578 4740 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
13:12:29.0578 4740 tfsnudf - ok
13:12:29.0609 4740 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
13:12:29.0609 4740 tfsnudfa - ok
13:12:29.0656 4740 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
13:12:29.0656 4740 TosIde - ok
13:12:29.0718 4740 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:12:29.0718 4740 Udfs - ok
13:12:29.0765 4740 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
13:12:29.0765 4740 ultra - ok
13:12:29.0859 4740 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:12:29.0859 4740 Update - ok
13:12:29.0937 4740 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:12:29.0937 4740 usbccgp - ok
13:12:30.0000 4740 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:12:30.0000 4740 usbehci - ok
13:12:30.0062 4740 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:12:30.0062 4740 usbhub - ok
13:12:30.0125 4740 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:12:30.0125 4740 usbscan - ok
13:12:30.0171 4740 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:12:30.0171 4740 USBSTOR - ok
13:12:30.0187 4740 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:12:30.0187 4740 usbuhci - ok
13:12:30.0218 4740 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:12:30.0218 4740 VgaSave - ok
13:12:30.0265 4740 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
13:12:30.0281 4740 viaagp - ok
13:12:30.0312 4740 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
13:12:30.0312 4740 ViaIde - ok
13:12:30.0359 4740 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:12:30.0359 4740 VolSnap - ok
13:12:30.0406 4740 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:12:30.0406 4740 Wanarp - ok
13:12:30.0437 4740 wanatw - ok
13:12:30.0453 4740 WDICA - ok
13:12:30.0484 4740 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:12:30.0484 4740 wdmaud - ok
13:12:30.0640 4740 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:12:30.0656 4740 WudfPf - ok
13:12:30.0671 4740 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:12:30.0671 4740 WudfRd - ok
13:12:30.0718 4740 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
13:12:30.0718 4740 \Device\Harddisk0\DR0 - ok
13:12:30.0734 4740 Boot (0x1200) (7b0272a2a6631e5c422890956a0880c4) \Device\Harddisk0\DR0\Partition0
13:12:30.0734 4740 \Device\Harddisk0\DR0\Partition0 - ok
13:12:30.0734 4740 ============================================================
13:12:30.0734 4740 Scan finished
13:12:30.0750 4740 ============================================================
13:12:30.0765 4268 Detected object count: 0
13:12:30.0765 4268 Actual detected object count: 0




----------------------

ComboFix 11-12-15.02 - Dave Harding 12/15/2011 13:36:14.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1610 [GMT -8:00]
Running from: c:\documents and settings\Dave Harding\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Dave Harding\Application Data\Start
c:\documents and settings\Dave Harding\Application Data\Start\temp_20E5ACDA\flash.10.0.32.18.ocx
c:\documents and settings\Dave Harding\g2mdlhlpx.exe
c:\documents and settings\Dave Harding\My Documents\~WRL3029.tmp
c:\documents and settings\Dave Harding\My Documents\~WRL3936.tmp
c:\documents and settings\Dave Harding\WINDOWS
c:\windows\$NtUninstallKB46035$\1334180950\@
c:\windows\$NtUninstallKB46035$\1334180950\bckfg.tmp
c:\windows\$NtUninstallKB46035$\1334180950\cfg.ini
c:\windows\$NtUninstallKB46035$\1334180950\Desktop.ini
c:\windows\$NtUninstallKB46035$\1334180950\keywords
c:\windows\$NtUninstallKB46035$\1334180950\kwrd.dll
c:\windows\$NtUninstallKB46035$\1334180950\L\odetmngk
c:\windows\$NtUninstallKB46035$\1334180950\lsflt7.ver
c:\windows\$NtUninstallKB46035$\1334180950\U\[email protected]
c:\windows\$NtUninstallKB46035$\1334180950\U\[email protected]
c:\windows\$NtUninstallKB46035$\1334180950\U\[email protected]
c:\windows\$NtUninstallKB46035$\1334180950\U\[email protected]
c:\windows\$NtUninstallKB46035$\1334180950\U\[email protected]
c:\windows\$NtUninstallKB46035$\1334180950\U\[email protected]
c:\windows\$NtUninstallKB46035$\4043384499
c:\windows\system32\drivers\npf.sys
c:\windows\system32\info.txt
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
c:\windows\$NtUninstallKB46035$ . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-11-15 to 2011-12-15 )))))))))))))))))))))))))))))))
.
.
2011-12-13 20:28 . 2011-12-13 20:28 -------- d-----w- c:\documents and settings\Dave Harding\Local Settings\Application Data\Mozilla
2011-12-13 19:50 . 2011-12-13 19:50 -------- d-----w- c:\documents and settings\Dave Harding\Application Data\Malwarebytes
2011-12-13 19:50 . 2011-12-13 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-13 19:50 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-13 19:49 . 2011-12-13 19:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-02 17:56 . 2011-12-02 17:56 -------- d-----w- C:\$AVG
2011-12-02 17:24 . 2011-12-02 17:24 -------- d-----w- c:\documents and settings\Dave Harding\Application Data\AVG2012
2011-12-02 17:06 . 2011-12-02 17:06 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-12-02 17:06 . 2011-12-15 16:58 -------- d-----w- c:\windows\system32\drivers\AVG
2011-12-02 17:06 . 2011-12-13 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2011-12-02 17:05 . 2011-12-02 17:05 -------- d-----w- c:\program files\AVG
2011-12-02 16:57 . 2011-12-15 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2004-08-10 18:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 14:23 . 2011-10-07 14:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 14:21 . 2011-10-04 14:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-28 07:06 . 2004-08-10 17:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2004-08-10 17:51 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2004-08-10 17:51 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 16:12 . 2011-09-14 22:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-21 04:04 . 2011-12-13 20:15 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-06 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-12-06 06:05 127035 ----a-w- c:\windows\system32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 21:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 17:32 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 17:36 114688 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 17:35 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
2003-09-04 01:12 221184 ----a-w- c:\program files\Intel\Modem Event Monitor\IntelMEM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 21:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 21:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-06 01:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2005-09-14 23:34 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-15 00:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-01-07 15:24 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R2 SonyIEx;SonyIEx;c:\windows\system32\SonyIEx.exe [10/19/2007 9:10 AM 126976]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/2/2009 2:40 PM 135664]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/2011 6:21 AM 16720]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/2/2009 2:40 PM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-02 22:39]
.
2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-02 22:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: costar.com
Trusted Zone: fnismls.com
Trusted Zone: getmedianow.com
Trusted Zone: live.com
Trusted Zone: showingtime.com
Trusted Zone: sitexdata.com
Trusted Zone: spellchecker.net
Trusted Zone: transactionpoint.com
Trusted Zone: trpoint.com
Trusted Zone: virtualearth.net
DPF: {F375116A-793C-11D2-BFE1-444553540001} - hxxp://realist2.firstamres.com/mapviewer/mapviewer.cab
FF - ProfilePath - c:\documents and settings\Dave Harding\Application Data\Mozilla\Firefox\Profiles\cyobj7o0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-Microsoft Location Finder - c:\program files\Microsoft Location Finder\LocationFinder.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-15 13:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3972)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\AVG\AVG2012\avgnsx.exe
.
**************************************************************************
.
Completion time: 2011-12-15 13:58:14 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-15 21:58
.
Pre-Run: 98,511,970,304 bytes free
Post-Run: 99,041,062,912 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - D1AF66DDDFAE7649E0C89E9E225FCCE3
 

CatByte

Malware Specialist
Joined
Feb 24, 2009
Messages
3,930
Hi,

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish



NEXT

Navigate to the following folder > right click and delete it:

c:\windows\$NtUninstallKB46035$
 

coachese

Thread Starter
Joined
Dec 13, 2011
Messages
4
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8382

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/16/2011 1:45:45 PM
mbam-log-2011-12-16 (13-45-45).txt

Scan type: Quick scan
Objects scanned: 170159
Time elapsed: 5 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

---------------------
---------------------


C:\Documents and Settings\Dave Harding\Application Data\Sun\Java\Deployment\cache\6.0\27\6184729b-59859527 a variant of Java/TrojanDownloader.OpenStream.NAD trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\10\7bec11ca-1fd5d6be Java/Exploit.CVE-2011-3544.F trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\10\7bec11ca-2a8d709d Java/Exploit.CVE-2011-3544.F trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\10\7bec11ca-2d3a9da4 Java/Exploit.CVE-2011-3544.F trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\35\1ae8aca3-576e5d88 Java/Agent.DY trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\35\1ae8aca3-745bdb40 Java/Agent.DY trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\35\1ae8aca3-7c016b07 Java/Agent.DY trojan
 

CatByte

Malware Specialist
Joined
Feb 24, 2009
Messages
3,930
Hi

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Code:
File::
C:\Documents and Settings\Dave Harding\Application Data\Sun\Java\Deployment\cache\6.0\27\6184729b-59859527 
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\10\7bec11ca-1fd5d6be 
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\10\7bec11ca-2a8d709d 
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\10\7bec11ca-2d3a9da4 
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\35\1ae8aca3-576e5d88 
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\35\1ae8aca3-745bdb40 
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\35\1ae8aca3-7c016b07 

ClearJavaCache::
Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT

Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 and Save it to your Desktop.
  • Scroll down to where it says Java SE 6 Update 29
  • Click the Download button under JRE to the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u29-windows-i586.exe to install the newest version.


NEXT


Please advise how the computer is running now and if there are any outstanding issues.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top