1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

I.E. Browser Redirect Fix Needed

Discussion in 'Virus & Other Malware Removal' started by coachese, Dec 14, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. coachese

    coachese Thread Starter

    Joined:
    Dec 13, 2011
    Messages:
    4
    Here you go. Thanks in advance.



    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 4:11:48 PM, on 12/13/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\WINDOWS\system32\SonyIEx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\ping.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Dave Harding\My Documents\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.costar.com
    O15 - Trusted Zone: *.fnismls.com
    O15 - Trusted Zone: *.getmedianow.com
    O15 - Trusted Zone: *.live.com
    O15 - Trusted Zone: *.showingtime.com
    O15 - Trusted Zone: *.sitexdata.com
    O15 - Trusted Zone: *.spellchecker.net
    O15 - Trusted Zone: *.transactionpoint.com
    O15 - Trusted Zone: *.trpoint.com
    O15 - Trusted Zone: *.virtualearth.net
    O16 - DPF: {0854D220-A90A-466D-BC02-6683183802B7} (PrintPreview Class) - http://snvmls.fnismls.com/Paragon/Codebase/FNISPrintControl.cab
    O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install-ie/alttiff.cab
    O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
    O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen9.exe
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://maps.cityofreno.net/mgaxctrl.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://216.237.82.150/activex/AxisCamControl.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://facorelogic.webex.com/client/T26L/webex/ieatgpc.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {F375116A-793C-11D2-BFE1-444553540001} (First American Res MapActiveX Control) - http://realist2.firstamres.com/mapviewer/mapviewer.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: SonyIEx - Unknown owner - C:\WINDOWS\system32\SonyIEx.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O24 - Desktop Component 0: (no name) - http://www.datasourcenev.com/Images/Index.1.jpg
    O24 - Desktop Component 1: (no name) - http://images.huffingtonpost.com/gen/40465/thumbs/r-MISSISSIPPI-huge.jpg

    --
    End of file - 8010 bytes

    ---------------------

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Dave Harding at 16:12:35 on 2011-12-13
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1444 [GMT -8:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\WINDOWS\system32\SonyIEx.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\ping.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Dave Harding\My Documents\Downloads\HijackThis.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.google.com
    uDefault_Page_URL = hxxp://www.dell4me.com/myway
    uSearch Bar = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    dRunOnce: [RunNarrator] Narrator.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    LSP: mswsock.dll
    Trusted Zone: costar.com
    Trusted Zone: fnismls.com
    Trusted Zone: getmedianow.com
    Trusted Zone: live.com
    Trusted Zone: showingtime.com
    Trusted Zone: sitexdata.com
    Trusted Zone: spellchecker.net
    Trusted Zone: transactionpoint.com
    Trusted Zone: trpoint.com
    Trusted Zone: virtualearth.net
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
    DPF: {0854D220-A90A-466D-BC02-6683183802B7} - hxxp://snvmls.fnismls.com/Paragon/Codebase/FNISPrintControl.cab
    DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/install-ie/alttiff.cab
    DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
    DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - hxxp://w4s2.work4sure.com/c/ge/w4sgeen9.exe
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab
    DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://maps.cityofreno.net/mgaxctrl.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://216.237.82.150/activex/AxisCamControl.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://facorelogic.webex.com/client/T26L/webex/ieatgpc.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F375116A-793C-11D2-BFE1-444553540001} - hxxp://realist2.firstamres.com/mapviewer/mapviewer.cab
    TCP: DhcpNameServer = 10.0.0.1
    TCP: Interfaces\{369CA112-C9EC-4936-9683-10662F543E82} : DhcpNameServer = 10.0.0.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\dave harding\application data\mozilla\firefox\profiles\cyobj7o0.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R2 SonyIEx;SonyIEx;c:\windows\system32\SonyIEx.exe [2007-10-19 126976]
    R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2005-10-5 1251720]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-2 135664]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-2 135664]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-12-13 20:28:34 -------- d-----w- c:\documents and settings\dave harding\local settings\application data\Mozilla
    2011-12-13 19:50:13 -------- d-----w- c:\documents and settings\dave harding\application data\Malwarebytes
    2011-12-13 19:50:03 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-12-13 19:50:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-13 19:49:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-02 17:56:41 -------- d--h--w- C:\$AVG
    2011-12-02 17:24:57 -------- d-----w- c:\documents and settings\dave harding\application data\AVG2012
    2011-12-02 17:06:56 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
    2011-12-02 17:06:08 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-12-02 17:06:08 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
    2011-12-02 17:05:27 -------- d-----w- c:\program files\AVG
    2011-12-02 16:57:28 -------- d-----w- c:\documents and settings\all users\application data\MFAData
    .
    ==================== Find3M ====================
    .
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-07 14:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2011-10-04 14:21:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
    2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-26 16:12:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    ============= FINISH: 16:13:52.04 ===============

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-12-14 08:57:20
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_6Y160P0 rev.YAR41BW0
    Running: 6gjexsyg.exe; Driver: C:\DOCUME~1\DAVEHA~1\LOCALS~1\Temp\pxtdapow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB0E8AF3C]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB0E8AFE4]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB0E8B080]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB0E8B11C]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!_abnormal_termination + 450 804E2ABC 8 Bytes [E4, AF, E8, B0, 80, B0, E8, ...]
    ? ivdyahbc.sys The system cannot find the file specified. !
    init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xF77CA760]
    init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB99CEF80]
    .text mrxsmb.sys B14A9000 13 Bytes JMP B14A9C0D \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
    .text mrxsmb.sys B14A900E 13 Bytes [28, 4A, 4C, B1, 8B, 0D, F4, ...] {SUB [EDX+0x4c], CL; MOV CL, 0x8b; OR EAX, 0xb14c7cf4; TEST CL, 0x1}
    .text mrxsmb.sys B14A901C 3 Bytes [85, F4, E5]
    .text mrxsmb.sys B14A9021 44 Bytes [6A, 04, 5B, 39, 1D, 44, 71, ...]
    .text mrxsmb.sys B14A904F 43 Bytes [68, F0, 4B, 4C, B1, 56, E8, ...]
    .text ...
    ? C:\WINDOWS\system32\DRIVERS\mrxsmb.sys suspicious PE modification

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F8000A
    .text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00F9000A
    .text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00F5000C
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2160] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02C2000A
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2160] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 02C3000A
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2160] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 02C1000C
    .text C:\WINDOWS\System32\ping.exe[4592] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B4000A
    .text C:\WINDOWS\System32\ping.exe[4592] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00B5000A
    .text C:\WINDOWS\System32\ping.exe[4592] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009F000A
    .text C:\WINDOWS\System32\ping.exe[4592] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A0000A
    .text C:\WINDOWS\System32\ping.exe[4592] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 009E000C
    .text C:\WINDOWS\System32\ping.exe[4592] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00B8000A
    .text C:\WINDOWS\System32\ping.exe[4592] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 00B9000A
    .text C:\WINDOWS\System32\ping.exe[4592] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 00BA000A
    .text C:\WINDOWS\System32\ping.exe[4592] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00B7000A

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

    ---- Modules - GMER 1.0.15 ----

    Module (noname) (*** hidden *** ) B15E0000-B15FA000 (106496 bytes)

    ---- Files - GMER 1.0.15 ----

    File C:\Documents and Settings\NetworkService\Cookies\8IQVYVKX.txt 1501 bytes
    File C:\Documents and Settings\NetworkService\Cookies\HZ961PE2.txt 98 bytes
    File C:\Documents and Settings\NetworkService\Cookies\VV0GZ04S.txt 1501 bytes
    File C:\Documents and Settings\NetworkService\Cookies\WM138U1F.txt 3450 bytes
    File C:\Documents and Settings\NetworkService\Cookies\2DRRBZV3.txt 529 bytes
    File C:\Documents and Settings\NetworkService\Cookies\K6U0UP6G.txt 0 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0K46R304\down[1] 0 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0K46R304\AdDisplayTrackerServlet[3].htm 0 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B53L43UJ\Track[1].txt 1 bytes
    File C:\WINDOWS\$NtUninstallKB46035$\1334180950 0 bytes
    File C:\WINDOWS\$NtUninstallKB46035$\1334180950\@ 2048 bytes
    File C:\WINDOWS\$NtUninstallKB46035$\1334180950\bckfg.tmp 850 bytes
    File C:\WINDOWS\$NtUninstallKB46035$\1334180950\cfg.ini 198 bytes
    File C:\WINDOWS\$NtUninstallKB46035$\1334180950\Desktop.ini 4608 bytes
    File C:\WINDOWS\$NtUninstallKB46035$\1334180950\keywords 266 bytes
    File C:\WINDOWS\$NtUninstallKB46035$\1334180950\kwrd.dll 223744 bytes
    File C:\WINDOWS\$NtUninstallKB46035$\1334180950\L 0 bytes
    File C:\WINDOWS\$NtUninstallKB46035$\1334180950\L\odetmngk 456320 bytes
    File C:\WINDOWS\$NtUninstallKB46035$\1334180950\lsflt7.ver 5176 bytes
    File C:\WINDOWS\$NtUninstallKB46035$\1334180950\U 0 bytes
    File C:\WINDOWS\$NtUninstallKB46035$\1334180950\U\[email protected] 2048 bytes
    File C:\WINDOWS\$NtUninstallKB46035$\1334180950\U\[email protected] 224768 bytes
    File C:\WINDOWS\$NtUninstallKB46035$\1334180950\U\[email protected] 1024 bytes
    File C:\WINDOWS\$NtUninstallKB46035$\1334180950\U\[email protected] 1024 bytes
    File C:\WINDOWS\$NtUninstallKB46035$\1334180950\U\[email protected] 12800 bytes
    File C:\WINDOWS\$NtUninstallKB46035$\1334180950\U\[email protected] 98304 bytes
    File C:\WINDOWS\$NtUninstallKB46035$\4043384499 0 bytes

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  2. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    Please do the following:

    Please download TDSSKiller.zip
    • Extract it to your desktop
    • Double click TDSSKiller.exe
    • Press Start Scan
      • Only if Malicious objects are found then ensure Cure is selected
      • Then click Continue > Reboot now
    • Copy and paste the log in your next reply
      • A copy of the log will be saved automatically to the root of the drive (typically C:\)


    NEXT



    Download ComboFix from one of the following locations:
    Link 1
    Link 2

    VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

    * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
    • Double click on ComboFix.exe & follow the prompts.
    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    [​IMG]

    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]

    • Click on Yes, to continue scanning for malware.
    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
     
  3. coachese

    coachese Thread Starter

    Joined:
    Dec 13, 2011
    Messages:
    4
    thanks, I'll do these now
     
  4. coachese

    coachese Thread Starter

    Joined:
    Dec 13, 2011
    Messages:
    4
    13:12:08.0500 5280 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
    13:12:09.0843 5280 ============================================================
    13:12:09.0843 5280 Current date / time: 2011/12/15 13:12:09.0843
    13:12:09.0843 5280 SystemInfo:
    13:12:09.0843 5280
    13:12:09.0843 5280 OS Version: 5.1.2600 ServicePack: 3.0
    13:12:09.0843 5280 Product type: Workstation
    13:12:09.0843 5280 ComputerName: DAVE
    13:12:09.0843 5280 UserName: Dave Harding
    13:12:09.0843 5280 Windows directory: C:\WINDOWS
    13:12:09.0843 5280 System windows directory: C:\WINDOWS
    13:12:09.0843 5280 Processor architecture: Intel x86
    13:12:09.0843 5280 Number of processors: 1
    13:12:09.0843 5280 Page size: 0x1000
    13:12:09.0843 5280 Boot type: Normal boot
    13:12:09.0843 5280 ============================================================
    13:12:11.0875 5280 Initialize success
    13:12:14.0015 4740 ============================================================
    13:12:14.0015 4740 Scan started
    13:12:14.0015 4740 Mode: Manual;
    13:12:14.0015 4740 ============================================================
    13:12:15.0921 4740 Abiosdsk - ok
    13:12:15.0984 4740 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    13:12:16.0000 4740 abp480n5 - ok
    13:12:16.0078 4740 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    13:12:16.0078 4740 ACPI - ok
    13:12:16.0125 4740 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    13:12:16.0140 4740 ACPIEC - ok
    13:12:16.0171 4740 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    13:12:16.0171 4740 adpu160m - ok
    13:12:16.0218 4740 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    13:12:16.0234 4740 aec - ok
    13:12:16.0296 4740 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    13:12:16.0343 4740 AFD - ok
    13:12:16.0406 4740 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    13:12:16.0406 4740 agp440 - ok
    13:12:16.0437 4740 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    13:12:16.0437 4740 agpCPQ - ok
    13:12:16.0453 4740 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    13:12:16.0468 4740 Aha154x - ok
    13:12:16.0500 4740 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    13:12:16.0500 4740 aic78u2 - ok
    13:12:16.0531 4740 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    13:12:16.0531 4740 aic78xx - ok
    13:12:16.0578 4740 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    13:12:16.0578 4740 AliIde - ok
    13:12:16.0609 4740 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    13:12:16.0609 4740 alim1541 - ok
    13:12:16.0640 4740 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    13:12:16.0640 4740 amdagp - ok
    13:12:16.0671 4740 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    13:12:16.0671 4740 amsint - ok
    13:12:16.0703 4740 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    13:12:16.0734 4740 asc - ok
    13:12:17.0031 4740 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    13:12:17.0031 4740 asc3350p - ok
    13:12:17.0062 4740 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    13:12:17.0062 4740 asc3550 - ok
    13:12:17.0125 4740 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
    13:12:17.0125 4740 ASCTRM - ok
    13:12:17.0171 4740 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    13:12:17.0171 4740 AsyncMac - ok
    13:12:17.0203 4740 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    13:12:17.0203 4740 atapi - ok
    13:12:17.0234 4740 Atdisk - ok
    13:12:17.0281 4740 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    13:12:17.0281 4740 Atmarpc - ok
    13:12:17.0343 4740 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    13:12:17.0343 4740 audstub - ok
    13:12:17.0437 4740 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
    13:12:17.0437 4740 AVGIDSDriver - ok
    13:12:17.0484 4740 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
    13:12:17.0484 4740 AVGIDSEH - ok
    13:12:17.0562 4740 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
    13:12:17.0562 4740 AVGIDSFilter - ok
    13:12:17.0640 4740 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
    13:12:17.0640 4740 AVGIDSShim - ok
    13:12:17.0703 4740 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
    13:12:17.0703 4740 Avgldx86 - ok
    13:12:17.0750 4740 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
    13:12:17.0765 4740 Avgmfx86 - ok
    13:12:17.0781 4740 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
    13:12:17.0781 4740 Avgrkx86 - ok
    13:12:17.0843 4740 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
    13:12:17.0843 4740 Avgtdix - ok
    13:12:17.0890 4740 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    13:12:17.0890 4740 Beep - ok
    13:12:17.0953 4740 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    13:12:17.0953 4740 cbidf - ok
    13:12:17.0968 4740 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    13:12:17.0968 4740 cbidf2k - ok
    13:12:18.0015 4740 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    13:12:18.0015 4740 cd20xrnt - ok
    13:12:18.0046 4740 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    13:12:18.0046 4740 Cdaudio - ok
    13:12:18.0109 4740 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    13:12:18.0109 4740 Cdfs - ok
    13:12:18.0156 4740 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    13:12:18.0156 4740 Cdrom - ok
    13:12:18.0171 4740 Changer - ok
    13:12:18.0234 4740 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    13:12:18.0234 4740 CmdIde - ok
    13:12:18.0281 4740 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    13:12:18.0281 4740 Cpqarray - ok
    13:12:18.0328 4740 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    13:12:18.0328 4740 dac2w2k - ok
    13:12:18.0359 4740 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    13:12:18.0375 4740 dac960nt - ok
    13:12:18.0406 4740 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    13:12:18.0406 4740 Disk - ok
    13:12:18.0468 4740 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    13:12:18.0500 4740 dmboot - ok
    13:12:18.0625 4740 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    13:12:18.0625 4740 dmio - ok
    13:12:18.0718 4740 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    13:12:18.0718 4740 dmload - ok
    13:12:18.0812 4740 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    13:12:18.0812 4740 DMusic - ok
    13:12:18.0921 4740 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    13:12:18.0921 4740 dpti2o - ok
    13:12:18.0984 4740 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    13:12:18.0984 4740 drmkaud - ok
    13:12:19.0078 4740 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
    13:12:19.0093 4740 drvmcdb - ok
    13:12:19.0140 4740 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
    13:12:19.0140 4740 drvnddm - ok
    13:12:19.0203 4740 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    13:12:19.0203 4740 E100B - ok
    13:12:19.0281 4740 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    13:12:19.0281 4740 Fastfat - ok
    13:12:19.0343 4740 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    13:12:19.0343 4740 Fdc - ok
    13:12:19.0390 4740 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    13:12:19.0390 4740 Fips - ok
    13:12:19.0453 4740 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    13:12:19.0453 4740 Flpydisk - ok
    13:12:19.0500 4740 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    13:12:19.0500 4740 FltMgr - ok
    13:12:19.0609 4740 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    13:12:19.0609 4740 Fs_Rec - ok
    13:12:19.0765 4740 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    13:12:19.0765 4740 Ftdisk - ok
    13:12:19.0906 4740 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    13:12:19.0906 4740 Gpc - ok
    13:12:19.0984 4740 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    13:12:19.0984 4740 HidUsb - ok
    13:12:20.0062 4740 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    13:12:20.0062 4740 hpn - ok
    13:12:20.0203 4740 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    13:12:20.0203 4740 HTTP - ok
    13:12:20.0250 4740 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    13:12:20.0250 4740 i2omgmt - ok
    13:12:20.0328 4740 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    13:12:20.0328 4740 i2omp - ok
    13:12:20.0406 4740 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    13:12:20.0406 4740 i8042prt - ok
    13:12:20.0546 4740 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    13:12:20.0593 4740 ialm - ok
    13:12:20.0703 4740 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    13:12:20.0703 4740 Imapi - ok
    13:12:20.0796 4740 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    13:12:20.0812 4740 ini910u - ok
    13:12:20.0921 4740 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
    13:12:21.0031 4740 IntelC51 - ok
    13:12:21.0156 4740 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
    13:12:21.0171 4740 IntelC52 - ok
    13:12:21.0250 4740 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
    13:12:21.0250 4740 IntelC53 - ok
    13:12:21.0296 4740 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    13:12:21.0296 4740 IntelIde - ok
    13:12:21.0359 4740 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    13:12:21.0359 4740 intelppm - ok
    13:12:21.0437 4740 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    13:12:21.0437 4740 Ip6Fw - ok
    13:12:21.0546 4740 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    13:12:21.0546 4740 IpFilterDriver - ok
    13:12:21.0656 4740 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    13:12:21.0656 4740 IpInIp - ok
    13:12:21.0734 4740 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    13:12:21.0734 4740 IpNat - ok
    13:12:21.0796 4740 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    13:12:21.0796 4740 IPSec - ok
    13:12:21.0875 4740 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    13:12:21.0875 4740 IRENUM - ok
    13:12:21.0953 4740 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    13:12:21.0953 4740 isapnp - ok
    13:12:22.0015 4740 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    13:12:22.0015 4740 Kbdclass - ok
    13:12:22.0078 4740 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    13:12:22.0078 4740 kbdhid - ok
    13:12:22.0140 4740 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    13:12:22.0140 4740 kmixer - ok
    13:12:22.0218 4740 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    13:12:22.0218 4740 KSecDD - ok
    13:12:22.0296 4740 lbrtfdc - ok
    13:12:22.0359 4740 MBAMSwissArmy - ok
    13:12:22.0421 4740 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    13:12:22.0421 4740 mnmdd - ok
    13:12:22.0484 4740 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    13:12:22.0484 4740 Modem - ok
    13:12:22.0578 4740 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
    13:12:22.0578 4740 MODEMCSA - ok
    13:12:22.0703 4740 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
    13:12:22.0703 4740 mohfilt - ok
    13:12:22.0843 4740 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    13:12:22.0843 4740 Mouclass - ok
    13:12:22.0953 4740 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    13:12:22.0953 4740 mouhid - ok
    13:12:23.0093 4740 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    13:12:23.0093 4740 MountMgr - ok
    13:12:23.0187 4740 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    13:12:23.0187 4740 mraid35x - ok
    13:12:23.0250 4740 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    13:12:23.0265 4740 MRxDAV - ok
    13:12:23.0406 4740 MRxSmb (6f807578ff723052afd59a633b0ac607) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    13:12:23.0421 4740 MRxSmb - ok
    13:12:23.0515 4740 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    13:12:23.0515 4740 Msfs - ok
    13:12:23.0625 4740 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    13:12:23.0625 4740 MSKSSRV - ok
    13:12:23.0750 4740 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    13:12:23.0750 4740 MSPCLOCK - ok
    13:12:23.0875 4740 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    13:12:23.0875 4740 MSPQM - ok
    13:12:23.0984 4740 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    13:12:23.0984 4740 mssmbios - ok
    13:12:24.0078 4740 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    13:12:24.0078 4740 Mup - ok
    13:12:24.0218 4740 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    13:12:24.0218 4740 NDIS - ok
    13:12:24.0359 4740 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    13:12:24.0375 4740 NdisTapi - ok
    13:12:24.0453 4740 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    13:12:24.0453 4740 Ndisuio - ok
    13:12:24.0546 4740 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    13:12:24.0546 4740 NdisWan - ok
    13:12:24.0640 4740 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    13:12:24.0656 4740 NDProxy - ok
    13:12:24.0734 4740 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    13:12:24.0734 4740 NetBIOS - ok
    13:12:24.0875 4740 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    13:12:24.0890 4740 NetBT - ok
    13:12:25.0046 4740 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\NPF.sys
    13:12:25.0046 4740 NPF - ok
    13:12:25.0125 4740 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    13:12:25.0125 4740 Npfs - ok
    13:12:25.0234 4740 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    13:12:25.0234 4740 Ntfs - ok
    13:12:25.0328 4740 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    13:12:25.0328 4740 Null - ok
    13:12:25.0468 4740 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    13:12:25.0515 4740 nv - ok
    13:12:25.0640 4740 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    13:12:25.0640 4740 NwlnkFlt - ok
    13:12:25.0734 4740 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    13:12:25.0750 4740 NwlnkFwd - ok
    13:12:25.0890 4740 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    13:12:25.0890 4740 Parport - ok
    13:12:25.0937 4740 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    13:12:25.0937 4740 PartMgr - ok
    13:12:26.0015 4740 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    13:12:26.0015 4740 ParVdm - ok
    13:12:26.0093 4740 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    13:12:26.0093 4740 PCI - ok
    13:12:26.0171 4740 PCIDump - ok
    13:12:26.0265 4740 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    13:12:26.0265 4740 PCIIde - ok
    13:12:26.0390 4740 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    13:12:26.0390 4740 Pcmcia - ok
    13:12:26.0453 4740 PDCOMP - ok
    13:12:26.0515 4740 PDFRAME - ok
    13:12:26.0562 4740 PDRELI - ok
    13:12:26.0687 4740 PDRFRAME - ok
    13:12:26.0937 4740 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    13:12:27.0015 4740 perc2 - ok
    13:12:27.0078 4740 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    13:12:27.0078 4740 perc2hib - ok
    13:12:27.0171 4740 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    13:12:27.0171 4740 PptpMiniport - ok
    13:12:27.0203 4740 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    13:12:27.0203 4740 PSched - ok
    13:12:27.0218 4740 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    13:12:27.0234 4740 Ptilink - ok
    13:12:27.0281 4740 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    13:12:27.0281 4740 PxHelp20 - ok
    13:12:27.0328 4740 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    13:12:27.0328 4740 ql1080 - ok
    13:12:27.0359 4740 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    13:12:27.0375 4740 Ql10wnt - ok
    13:12:27.0390 4740 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    13:12:27.0390 4740 ql12160 - ok
    13:12:27.0421 4740 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    13:12:27.0421 4740 ql1240 - ok
    13:12:27.0453 4740 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    13:12:27.0453 4740 ql1280 - ok
    13:12:27.0500 4740 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    13:12:27.0500 4740 RasAcd - ok
    13:12:27.0531 4740 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    13:12:27.0546 4740 Rasl2tp - ok
    13:12:27.0578 4740 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    13:12:27.0578 4740 RasPppoe - ok
    13:12:27.0593 4740 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    13:12:27.0593 4740 Raspti - ok
    13:12:27.0656 4740 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    13:12:27.0656 4740 Rdbss - ok
    13:12:27.0687 4740 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    13:12:27.0687 4740 RDPCDD - ok
    13:12:27.0750 4740 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    13:12:27.0750 4740 rdpdr - ok
    13:12:27.0812 4740 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    13:12:27.0828 4740 RDPWD - ok
    13:12:27.0875 4740 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    13:12:27.0890 4740 redbook - ok
    13:12:27.0984 4740 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    13:12:27.0984 4740 Secdrv - ok
    13:12:28.0062 4740 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
    13:12:28.0156 4740 senfilt - ok
    13:12:28.0187 4740 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    13:12:28.0187 4740 serenum - ok
    13:12:28.0203 4740 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    13:12:28.0203 4740 Serial - ok
    13:12:28.0234 4740 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    13:12:28.0250 4740 Sfloppy - ok
    13:12:28.0265 4740 Simbad - ok
    13:12:28.0328 4740 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    13:12:28.0343 4740 sisagp - ok
    13:12:28.0390 4740 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
    13:12:28.0406 4740 smwdm - ok
    13:12:28.0453 4740 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    13:12:28.0453 4740 Sparrow - ok
    13:12:28.0515 4740 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    13:12:28.0515 4740 splitter - ok
    13:12:28.0546 4740 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    13:12:28.0546 4740 sr - ok
    13:12:28.0656 4740 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    13:12:28.0671 4740 Srv - ok
    13:12:28.0718 4740 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
    13:12:28.0718 4740 sscdbhk5 - ok
    13:12:28.0750 4740 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
    13:12:28.0750 4740 ssrtln - ok
    13:12:28.0796 4740 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    13:12:28.0796 4740 swenum - ok
    13:12:28.0812 4740 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    13:12:28.0828 4740 swmidi - ok
    13:12:28.0890 4740 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    13:12:28.0890 4740 symc810 - ok
    13:12:28.0921 4740 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    13:12:28.0921 4740 symc8xx - ok
    13:12:28.0968 4740 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
    13:12:28.0968 4740 symlcbrd - ok
    13:12:29.0015 4740 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    13:12:29.0031 4740 sym_hi - ok
    13:12:29.0046 4740 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    13:12:29.0062 4740 sym_u3 - ok
    13:12:29.0078 4740 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    13:12:29.0078 4740 sysaudio - ok
    13:12:29.0171 4740 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    13:12:29.0187 4740 Tcpip - ok
    13:12:29.0250 4740 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    13:12:29.0250 4740 TDPIPE - ok
    13:12:29.0281 4740 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    13:12:29.0281 4740 TDTCP - ok
    13:12:29.0328 4740 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    13:12:29.0328 4740 TermDD - ok
    13:12:29.0406 4740 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
    13:12:29.0406 4740 tfsnboio - ok
    13:12:29.0421 4740 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
    13:12:29.0421 4740 tfsncofs - ok
    13:12:29.0453 4740 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
    13:12:29.0453 4740 tfsndrct - ok
    13:12:29.0468 4740 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
    13:12:29.0484 4740 tfsndres - ok
    13:12:29.0500 4740 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
    13:12:29.0500 4740 tfsnifs - ok
    13:12:29.0531 4740 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
    13:12:29.0531 4740 tfsnopio - ok
    13:12:29.0546 4740 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
    13:12:29.0546 4740 tfsnpool - ok
    13:12:29.0578 4740 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
    13:12:29.0578 4740 tfsnudf - ok
    13:12:29.0609 4740 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
    13:12:29.0609 4740 tfsnudfa - ok
    13:12:29.0656 4740 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    13:12:29.0656 4740 TosIde - ok
    13:12:29.0718 4740 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    13:12:29.0718 4740 Udfs - ok
    13:12:29.0765 4740 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    13:12:29.0765 4740 ultra - ok
    13:12:29.0859 4740 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    13:12:29.0859 4740 Update - ok
    13:12:29.0937 4740 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    13:12:29.0937 4740 usbccgp - ok
    13:12:30.0000 4740 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    13:12:30.0000 4740 usbehci - ok
    13:12:30.0062 4740 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    13:12:30.0062 4740 usbhub - ok
    13:12:30.0125 4740 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    13:12:30.0125 4740 usbscan - ok
    13:12:30.0171 4740 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    13:12:30.0171 4740 USBSTOR - ok
    13:12:30.0187 4740 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    13:12:30.0187 4740 usbuhci - ok
    13:12:30.0218 4740 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    13:12:30.0218 4740 VgaSave - ok
    13:12:30.0265 4740 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    13:12:30.0281 4740 viaagp - ok
    13:12:30.0312 4740 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    13:12:30.0312 4740 ViaIde - ok
    13:12:30.0359 4740 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    13:12:30.0359 4740 VolSnap - ok
    13:12:30.0406 4740 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    13:12:30.0406 4740 Wanarp - ok
    13:12:30.0437 4740 wanatw - ok
    13:12:30.0453 4740 WDICA - ok
    13:12:30.0484 4740 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    13:12:30.0484 4740 wdmaud - ok
    13:12:30.0640 4740 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    13:12:30.0656 4740 WudfPf - ok
    13:12:30.0671 4740 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    13:12:30.0671 4740 WudfRd - ok
    13:12:30.0718 4740 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
    13:12:30.0718 4740 \Device\Harddisk0\DR0 - ok
    13:12:30.0734 4740 Boot (0x1200) (7b0272a2a6631e5c422890956a0880c4) \Device\Harddisk0\DR0\Partition0
    13:12:30.0734 4740 \Device\Harddisk0\DR0\Partition0 - ok
    13:12:30.0734 4740 ============================================================
    13:12:30.0734 4740 Scan finished
    13:12:30.0750 4740 ============================================================
    13:12:30.0765 4268 Detected object count: 0
    13:12:30.0765 4268 Actual detected object count: 0




    ----------------------

    ComboFix 11-12-15.02 - Dave Harding 12/15/2011 13:36:14.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1610 [GMT -8:00]
    Running from: c:\documents and settings\Dave Harding\Desktop\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Dave Harding\Application Data\Start
    c:\documents and settings\Dave Harding\Application Data\Start\temp_20E5ACDA\flash.10.0.32.18.ocx
    c:\documents and settings\Dave Harding\g2mdlhlpx.exe
    c:\documents and settings\Dave Harding\My Documents\~WRL3029.tmp
    c:\documents and settings\Dave Harding\My Documents\~WRL3936.tmp
    c:\documents and settings\Dave Harding\WINDOWS
    c:\windows\$NtUninstallKB46035$\1334180950\@
    c:\windows\$NtUninstallKB46035$\1334180950\bckfg.tmp
    c:\windows\$NtUninstallKB46035$\1334180950\cfg.ini
    c:\windows\$NtUninstallKB46035$\1334180950\Desktop.ini
    c:\windows\$NtUninstallKB46035$\1334180950\keywords
    c:\windows\$NtUninstallKB46035$\1334180950\kwrd.dll
    c:\windows\$NtUninstallKB46035$\1334180950\L\odetmngk
    c:\windows\$NtUninstallKB46035$\1334180950\lsflt7.ver
    c:\windows\$NtUninstallKB46035$\1334180950\U\[email protected]
    c:\windows\$NtUninstallKB46035$\1334180950\U\[email protected]
    c:\windows\$NtUninstallKB46035$\1334180950\U\[email protected]
    c:\windows\$NtUninstallKB46035$\1334180950\U\[email protected]
    c:\windows\$NtUninstallKB46035$\1334180950\U\[email protected]
    c:\windows\$NtUninstallKB46035$\1334180950\U\[email protected]
    c:\windows\$NtUninstallKB46035$\4043384499
    c:\windows\system32\drivers\npf.sys
    c:\windows\system32\info.txt
    c:\windows\system32\Packet.dll
    c:\windows\system32\wpcap.dll
    c:\windows\$NtUninstallKB46035$ . . . . Failed to delete
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_NPF
    -------\Service_NPF
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-15 to 2011-12-15 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-13 20:28 . 2011-12-13 20:28 -------- d-----w- c:\documents and settings\Dave Harding\Local Settings\Application Data\Mozilla
    2011-12-13 19:50 . 2011-12-13 19:50 -------- d-----w- c:\documents and settings\Dave Harding\Application Data\Malwarebytes
    2011-12-13 19:50 . 2011-12-13 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-12-13 19:50 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-13 19:49 . 2011-12-13 19:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-02 17:56 . 2011-12-02 17:56 -------- d-----w- C:\$AVG
    2011-12-02 17:24 . 2011-12-02 17:24 -------- d-----w- c:\documents and settings\Dave Harding\Application Data\AVG2012
    2011-12-02 17:06 . 2011-12-02 17:06 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
    2011-12-02 17:06 . 2011-12-15 16:58 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-12-02 17:06 . 2011-12-13 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
    2011-12-02 17:05 . 2011-12-02 17:05 -------- d-----w- c:\program files\AVG
    2011-12-02 16:57 . 2011-12-15 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-10 14:22 . 2004-08-10 18:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-07 14:23 . 2011-10-07 14:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2011-10-04 14:21 . 2011-10-04 14:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
    2011-09-28 07:06 . 2004-08-10 17:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 18:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 18:41 . 2004-08-10 17:51 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 18:41 . 2004-08-10 17:51 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-26 16:12 . 2011-09-14 22:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-21 04:04 . 2011-12-13 20:15 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-06 421888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
    2004-12-06 06:05 127035 ----a-w- c:\windows\system32\dla\tfswctrl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    2005-02-23 21:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
    2005-09-20 17:32 77824 ----a-w- c:\windows\system32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
    2005-09-20 17:36 114688 ----a-w- c:\windows\system32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
    2005-09-20 17:35 94208 ----a-w- c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
    2003-09-04 01:12 221184 ----a-w- c:\program files\Intel\Modem Event Monitor\IntelMEM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2004-07-27 21:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2004-07-27 21:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-07-06 01:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    2005-09-14 23:34 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    2004-10-15 00:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-01-07 15:24 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\StubInstaller.exe"=
    "c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 230608]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
    R2 SonyIEx;SonyIEx;c:\windows\system32\SonyIEx.exe [10/19/2007 9:10 AM 126976]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/2/2009 2:40 PM 135664]
    S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]
    S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/2011 6:21 AM 16720]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/2/2009 2:40 PM 135664]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-12 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
    .
    2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-02 22:39]
    .
    2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-02 22:39]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: costar.com
    Trusted Zone: fnismls.com
    Trusted Zone: getmedianow.com
    Trusted Zone: live.com
    Trusted Zone: showingtime.com
    Trusted Zone: sitexdata.com
    Trusted Zone: spellchecker.net
    Trusted Zone: transactionpoint.com
    Trusted Zone: trpoint.com
    Trusted Zone: virtualearth.net
    DPF: {F375116A-793C-11D2-BFE1-444553540001} - hxxp://realist2.firstamres.com/mapviewer/mapviewer.cab
    FF - ProfilePath - c:\documents and settings\Dave Harding\Application Data\Mozilla\Firefox\Profiles\cyobj7o0.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
    MSConfigStartUp-Microsoft Location Finder - c:\program files\Microsoft Location Finder\LocationFinder.exe
    MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-15 13:53
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(3972)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\progra~1\AVG\AVG2012\avgrsx.exe
    c:\program files\AVG\AVG2012\avgcsrvx.exe
    c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    c:\program files\AVG\AVG2012\avgnsx.exe
    .
    **************************************************************************
    .
    Completion time: 2011-12-15 13:58:14 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-12-15 21:58
    .
    Pre-Run: 98,511,970,304 bytes free
    Post-Run: 99,041,062,912 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - D1AF66DDDFAE7649E0C89E9E225FCCE3
     
  5. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    Please do the following:

    • Please open your MalwareBytes AntiMalware Program
    • Click the Update Tab and search for updates
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish, so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected. <-- very important
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



    NEXT


    Go here to run an online scanner from ESET.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activeX control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
    • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    • Click Scan
    • Wait for the scan to finish
    • When the scan completes, press the LIST OF THREATS FOUND button
    • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
    • Include the contents of this report in your next reply.
    • Press the BACK button.
    • Press Finish



    NEXT

    Navigate to the following folder > right click and delete it:

    c:\windows\$NtUninstallKB46035$
     
  6. coachese

    coachese Thread Starter

    Joined:
    Dec 13, 2011
    Messages:
    4
    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8382

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    12/16/2011 1:45:45 PM
    mbam-log-2011-12-16 (13-45-45).txt

    Scan type: Quick scan
    Objects scanned: 170159
    Time elapsed: 5 minute(s), 44 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    ---------------------
    ---------------------


    C:\Documents and Settings\Dave Harding\Application Data\Sun\Java\Deployment\cache\6.0\27\6184729b-59859527 a variant of Java/TrojanDownloader.OpenStream.NAD trojan
    C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\10\7bec11ca-1fd5d6be Java/Exploit.CVE-2011-3544.F trojan
    C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\10\7bec11ca-2a8d709d Java/Exploit.CVE-2011-3544.F trojan
    C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\10\7bec11ca-2d3a9da4 Java/Exploit.CVE-2011-3544.F trojan
    C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\35\1ae8aca3-576e5d88 Java/Agent.DY trojan
    C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\35\1ae8aca3-745bdb40 Java/Agent.DY trojan
    C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\35\1ae8aca3-7c016b07 Java/Agent.DY trojan
     
  7. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi

    Please do the following:

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
    • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Copy/paste the text inside the Codebox below into notepad:

    Here's how to do that:
    Click Start > Run type Notepad click OK.
    This will open an empty notepad file:

    Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

    Code:
    File::
    C:\Documents and Settings\Dave Harding\Application Data\Sun\Java\Deployment\cache\6.0\27\6184729b-59859527 
    C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\10\7bec11ca-1fd5d6be 
    C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\10\7bec11ca-2a8d709d 
    C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\10\7bec11ca-2d3a9da4 
    C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\35\1ae8aca3-576e5d88 
    C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\35\1ae8aca3-745bdb40 
    C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\35\1ae8aca3-7c016b07 
    
    ClearJavaCache::
    
    Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

    Save this file to your desktop, Save this as "CFScript"


    Here's how to do that:

    1.Click File;
    2.Click Save As... Change the directory to your desktop;
    3.Change the Save as type to "All Files";
    4.Type in the file name: CFScript
    5.Click Save ...

    [​IMG]
    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix may request an update; please allow it.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you.
    • Copy and paste the contents of the log in your next reply.

    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


    NEXT

    Visit ADOBE and download the latest version of Acrobat Reader (version X)
    Having the latest updates ensures there are no security vulnerabilities in your system.

    NEXT

    [​IMG] Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
    • Download the latest version of Java Runtime Environment (JRE) 6 and Save it to your Desktop.
    • Scroll down to where it says Java SE 6 Update 29
    • Click the Download button under JRE to the right.
    • Read the License Agreement then select Accept License Agreement
    • Click on the link to download Windows x86 Offline and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u29-windows-i586.exe to install the newest version.


    NEXT


    Please advise how the computer is running now and if there are any outstanding issues.
     
  8. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Do you still need help with your machine?
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1031213

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice