Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Laptop, but it's not quite right.......tried everything I can thin


  • This topic is locked This topic is locked

#1
plastictaffy

plastictaffy

    Member

  • Member
  • PipPip
  • 52 posts
Afternoon all.
So, I've started repairing repairing the odd laptop for people now and again. I had a look at this particular machine recently for a friend, but she gave it back to me on Monday, saying it wasn't right. The machine runs okay, and is actually almost as quick as mine, but there's something not quite right. Windows is up-to-date, it wasn't when I first had it. It's running AVG 2012, (AVG 2013 was causing some problems, I don't know why) The Machine boots fine, runs Windows (XP, by the way) fine, and does everything it should do. AVG removed some nasties when I first installed it about 3 weeks ago, but now says it's clean. Every so often, it just stops. Only when I'm on the internet. It doesn't have Wireless, I have it hard wired into my router with an Ethernet wire, so I know it's not that playing up.
Here is the spec of the machine - not great I know, but it does what it's used for by the owner!!
Toshiba Equium
Pentium 4 CPU 3.06 GHz
1.84 GHz, 448Mb RAM
Updated to service pack 3.

Here is the OTL log..........

OTL logfile created on: 08/11/2012 16:42:04 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\omalley\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

447.48 Mb Total Physical Memory | 134.36 Mb Available Physical Memory | 30.03% Memory free
1.03 Gb Paging File | 0.59 Gb Available in Paging File | 56.79% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 26.44 Gb Free Space | 70.98% Space Free | Partition Type: NTFS

Computer Name: YOUR-F2961252D0 | User Name: omalley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/08 16:41:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\omalley\My Documents\Downloads\OTL.exe
PRC - [2012/11/06 18:24:37 | 000,997,320 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/11/05 12:25:14 | 000,711,112 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2012/09/06 01:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/07/31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/07/26 03:23:08 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/06/13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/03/23 15:32:20 | 001,740,696 | ---- | M] () -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/16 16:08:56 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe
PRC - [2004/08/11 17:27:58 | 000,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2004/07/13 21:51:04 | 000,892,928 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2004/07/01 21:00:54 | 000,794,624 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\ConfigFree\CFSServ.exe
PRC - [2004/06/16 16:44:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004/04/27 13:26:06 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
PRC - [2004/04/27 09:02:40 | 000,118,784 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2004/04/22 16:23:44 | 000,098,304 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/02/12 11:02:38 | 001,019,904 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\PadTouch\PadExe.exe
PRC - [2003/09/05 03:24:46 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/11/05 12:25:14 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012/10/13 15:27:15 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/06 01:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/03/23 15:32:20 | 001,740,696 | ---- | M] () [Auto | Running] -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2004/06/16 16:44:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/11/05 12:25:16 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/08/24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/07/26 03:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/03/23 15:17:48 | 000,010,240 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdvrmng.sys -- (mdvrmng)
DRV - [2011/03/23 15:15:48 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2011/03/23 15:15:48 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011/03/23 15:15:48 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2011/03/23 15:15:48 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/03/23 15:15:48 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004/07/26 14:28:02 | 000,004,352 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2004/05/28 11:45:02 | 000,390,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/04/14 14:52:22 | 000,005,632 | R--- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\atiide.sys -- (atiide)
DRV - [2004/03/09 20:28:38 | 000,680,448 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/02/27 00:50:38 | 000,611,820 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2004/02/24 11:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2004/02/20 15:00:44 | 001,265,388 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/12/05 19:53:00 | 000,068,352 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003/10/27 13:59:00 | 000,013,842 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\atisgkaf.SYS -- (caboagp)
DRV - [2003/01/29 14:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/11/05 16:00:46 | 000,039,424 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}: "URL" = http://search.alot.c...n=2.5.15000.521
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-11-06 18:24:49&v=13.2.0.4&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2391419
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://uk.msn.com/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\13.2.0.4 [2012/11/06 18:24:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/08 16:31:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/09/16 21:25:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\omalley\Application Data\Mozilla\Extensions
[2012/11/07 18:41:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\omalley\Application Data\Mozilla\Firefox\Profiles\hma0abct.default\extensions
[2012/11/08 16:31:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/06 01:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/11/06 18:24:40 | 000,003,571 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/09/06 01:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/06 01:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========


O1 HOSTS File: ([2004/08/04 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\PadTouch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe ()
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1347823388500 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CE2989D-89CA-4EC8-88FF-06EA2070D71F}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\TOSHIBA_GEN.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\TOSHIBA_GEN.BMP
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/11/09 13:32:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{9a6b9c8d-00ab-11e2-86ff-00a0d1bab5b0}\Shell - "" = AutoRun
O33 - MountPoints2\{9a6b9c8d-00ab-11e2-86ff-00a0d1bab5b0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a6b9c8d-00ab-11e2-86ff-00a0d1bab5b0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9a6b9c91-00ab-11e2-86ff-00a0d1bab5b0}\Shell - "" = AutoRun
O33 - MountPoints2\{9a6b9c91-00ab-11e2-86ff-00a0d1bab5b0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a6b9c91-00ab-11e2-86ff-00a0d1bab5b0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/06 18:34:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\omalley\Application Data\AVG2012
[2012/11/06 18:25:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2012/11/06 18:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/11/06 18:24:46 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/11/06 18:22:57 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/11/06 18:22:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/11/06 18:22:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2012/11/06 17:48:42 | 000,000,000 | ---D | C] -- C:\AVGTemp
[2012/11/05 13:20:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2012/11/05 12:26:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cache
[2012/10/29 15:17:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\omalley\Application Data\TuneUp Software
[2012/10/29 13:17:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\omalley\Local Settings\Application Data\MFAData
[2012/10/29 13:17:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\omalley\Local Settings\Application Data\Avg2013
[2012/10/13 14:26:37 | 010,220,472 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/08 16:31:18 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\omalley\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/11/08 16:31:18 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/11/08 16:26:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/08 16:02:02 | 099,688,090 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/11/06 21:26:17 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/11/06 19:28:55 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2012/11/06 18:25:26 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/11/06 17:23:13 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/11/05 13:20:42 | 000,000,345 | -H-- | M] () -- C:\IPH.PH
[2012/11/05 13:20:02 | 000,000,335 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2012/11/05 12:25:16 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2012/11/05 12:23:17 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/29 12:58:04 | 000,442,808 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/10/29 12:58:04 | 000,072,386 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/10/13 15:27:10 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/10/13 15:27:10 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/10/13 15:26:28 | 010,220,472 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/08 16:02:02 | 099,688,090 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/11/06 18:25:26 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/11/05 13:20:09 | 000,000,345 | -H-- | C] () -- C:\IPH.PH
[2012/11/05 13:20:02 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2012/09/17 09:46:44 | 000,067,156 | ---- | C] () -- C:\WINDOWS\Huawei ModemsUninstall.exe
[2012/09/17 09:46:30 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\mdvrmng.sys
[2012/09/16 19:15:29 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2012/09/16 19:15:22 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2012/09/16 19:15:17 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2012/08/26 15:23:15 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\omalley\Local Settings\Application Data\dt.dat
[2012/02/28 17:36:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

========== ZeroAccess Check ==========

[2004/11/09 13:45:03 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 00:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >


And here is the Extras.txt part of it......


OTL Extras logfile created on: 08/11/2012 16:42:04 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\omalley\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

447.48 Mb Total Physical Memory | 134.36 Mb Available Physical Memory | 30.03% Memory free
1.03 Gb Paging File | 0.59 Gb Available in Paging File | 56.79% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 26.44 Gb Free Space | 70.98% Space Free | Partition Type: NTFS

Computer Name: YOUR-F2961252D0 | User Name: omalley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI card Driver
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{188BA1CC-F3A1-49B0-A34D-8C861C64E1AE}" = TOSHIBA Manuals
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{3470FBE6-B743-420F-B5CE-0D27FA749C16}" = Touch and Launch
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38580E5E-AF78-4536-AD1E-6A62661372C5}" = AVG 2012
"{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}" = TOSHIBA Console
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{68D368EE-F5AC-4402-BD45-B454B5453FE1}" = SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.2
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for Toshiba
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7646-A00000000001}" = Adobe Reader 6.0.1
"{AE2310DC-B261-4D84-BE03-BD318EB41B78}" = PCI1620 Ultramedia Controller
"{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012
"{B9966F27-9678-4620-9579-925E3084647E}" = Microsoft Works
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC IrCC V5.1.3600.3 SP1
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2012
"CCleaner" = CCleaner
"Huawei Modems" = Huawei modem
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{68D368EE-F5AC-4402-BD45-B454B5453FE1}" = SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.2
"InstallShield_{AE2310DC-B261-4D84-BE03-BD318EB41B78}" = PCI 1620 Cardbus Controller and Software
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Power Saver" = TOSHIBA Power Saver
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Hotkey Utility for Display Devices" = TOSHIBA Hotkey Utility for Display Devices
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TOSHIBA Utilities" = TOSHIBA Utilities
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 3
"Works2004Setup" = Microsoft Works 2004 Setup Launcher

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 15/09/2012 09:41:43 | Computer Name = YOUR-F2961252D0 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17112, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 16/09/2012 14:54:27 | Computer Name = YOUR-F2961252D0 | Source = Application Error | ID = 1000
Description = Faulting application mozilla-firefox-todownload.exe, version 0.0.0.0,
faulting module mozilla-firefox-todownload.exe, version 0.0.0.0, fault address
0x000da4c8.

Error - 16/09/2012 18:50:45 | Computer Name = YOUR-F2961252D0 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 16/09/2012 18:50:45 | Computer Name = YOUR-F2961252D0 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 05/11/2012 08:33:15 | Computer Name = YOUR-F2961252D0 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 15.0.1.4631, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 05/11/2012 08:34:40 | Computer Name = YOUR-F2961252D0 | Source = Application Hang | ID = 1001
Description = Fault bucket -1150946237.

Error - 06/11/2012 12:59:08 | Computer Name = YOUR-F2961252D0 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 15.0.1.4631, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 08/11/2012 11:48:16 | Computer Name = YOUR-F2961252D0 | Source = ESENT | ID = 490
Description = svchost (1264) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 08/11/2012 11:56:48 | Computer Name = YOUR-F2961252D0 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 15.0.1.4631, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 08/11/2012 12:01:38 | Computer Name = YOUR-F2961252D0 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 15.0.1.4631, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 06/11/2012 13:52:48 | Computer Name = YOUR-F2961252D0 | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 06/11/2012 13:52:48 | Computer Name = YOUR-F2961252D0 | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 06/11/2012 14:49:20 | Computer Name = YOUR-F2961252D0 | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 06/11/2012 14:49:20 | Computer Name = YOUR-F2961252D0 | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 06/11/2012 14:49:20 | Computer Name = YOUR-F2961252D0 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 06/11/2012 14:49:20 | Computer Name = YOUR-F2961252D0 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 06/11/2012 14:49:20 | Computer Name = YOUR-F2961252D0 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Avgldx86 Avgmfx86 Avgtdix Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 06/11/2012 14:55:31 | Computer Name = YOUR-F2961252D0 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 06/11/2012 14:55:37 | Computer Name = YOUR-F2961252D0 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 06/11/2012 16:17:09 | Computer Name = YOUR-F2961252D0 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >


I've scanned with Kaspersky TDSS killer, that found no issues.
I checked the Java version currenty installed, and there wasn't one. So I sorted that as well.
I'm not convinced that there is something wrong, but something just doesn't seem quite right. Firefox has been reinstalled from my dongle which was a clean download moved between the computers on my memory stick. AVG was installed using the same method. All virus scans that have been performed have been done in Safe Mode. Any thoughts from anybody??

Thanks, Rich.

Edited by plastictaffy, 08 November 2012 - 11:31 AM.

  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
plastictaffy

plastictaffy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Thanks for your quick response. Of the three tools I tried to run, only one would run. The results of this are shown below. This test was SecurityCheck. I've run this before, so I knew it would finish. Adobe reader is now NOT out of date, as I updated it.

Results of screen317's Security Check version 0.99.54
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG 2012
AVG Security Toolbar
AVG 2012
AVG2012 successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java 7 Update 9
Java 2 Runtime Environment, SE v1.4.2_05
Adobe Flash Player 11.4.402.287
Adobe Reader 6 Adobe Reader out of Date!
Mozilla Firefox 15.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
omalley LOCALS~1 Temp RarSFX0\SecurityCheck\Objlist.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 10%
````````````````````End of Log``````````````````````


Both Rogue Killer and adwcleaner just caused the machine to hang. Odd, that. I thought the machine was pretty stable!!!
Thanks, Rich.

Edited by plastictaffy, 09 November 2012 - 10:06 AM.

  • 0

#4
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
plastictaffy

plastictaffy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Currently running Combofix, after installing the XP Recovery Console. If the software crashes, how do I tell?? I don't think it will, but how do I tell if it does?? I ran it some months ago on another machine and the it hung after about 20 minutes. I knew it had hung that time coz the machine went to a BSOD. Whilst I think about it, can you recommend a resource hungry website?? I often use Youtube, but do you know of another better one??
  • 0

#6
plastictaffy

plastictaffy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Hi Gringo
Test finished. I had to run it twice as I couldn't find the scan results from the first time, then as the second one finished, I found the first lot of results!!!! D'oh. The internet is a little better, but still pauses now and again, almost like it's thinking about redirecting. But then it does load the page, slowly.

Anyway, here are the results..........
ComboFix 12-11-09.02 - omalley 09/11/2012 18:45:47.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.447.52 [GMT 0:00]
Running from: E:\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\omalley\Application Data\PriceGong
c:\documents and settings\omalley\Application Data\PriceGong\Data\1.xml
c:\documents and settings\omalley\Application Data\PriceGong\Data\a.xml
c:\documents and settings\omalley\Application Data\PriceGong\Data\b.xml
c:\documents and settings\omalley\Application Data\PriceGong\Data\c.xml
c:\documents and settings\omalley\Application Data\PriceGong\Data\d.xml
c:\documents and settings\omalley\Application Data\PriceGong\Data\e.xml
c:\documents and settings\omalley\Application Data\PriceGong\Data\f.xml
c:\documents and settings\omalley\Application Data\PriceGong\Data\g.xml
c:\documents and settings\omalley\Application Data\PriceGong\Data\h.xml
c:\documents and settings\omalley\Application Data\PriceGong\Data\i.xml
c:\documents and settings\omalley\Application Data\PriceGong\Data\J.xml
c:\documents and settings\omalley\Application Data\PriceGong\Data\k.xml
c:\documents and settings\omalley\Application Data\PriceGong\Data\l.xml
c:\documents and settings\omalley\Application Data\PriceGong\Data\m.xml
c:\documents and settings\omalley\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\omalley\Application Data\PriceGong\Data\n.xml
c:\documents and settings\omalley\Application Data\PriceGong\Data\o.xml
c:\documents and settings\omalley\Application Data\PriceGong\Data\p.xml
c:\documents and settings\omalley\Application Data\PriceGong\Data\q.xml
c:\documents and settings\omalley\Application Data\PriceGong\Data\r.xml
c:\documents and settings\omalley\Application Data\PriceGong\Data\s.xml
c:\documents and settings\omalley\Application Data\PriceGong\Data\t.xml
c:\documents and settings\omalley\Application Data\PriceGong\Data\u.xml
c:\documents and settings\omalley\Application Data\PriceGong\Data\v.xml
c:\documents and settings\omalley\Application Data\PriceGong\Data\w.xml
c:\documents and settings\omalley\Application Data\PriceGong\Data\x.xml
c:\documents and settings\omalley\Application Data\PriceGong\Data\y.xml
c:\documents and settings\omalley\Application Data\PriceGong\Data\z.xml
c:\documents and settings\omalley\WINDOWS
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3301245f0d15817b.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\ea514e9cccc29ac4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-09 to 2012-11-09 )))))))))))))))))))))))))))))))
.
.
2012-11-09 14:32 . 2012-11-09 15:34 14336 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-11-09 14:20 . 2012-11-09 15:33 212 ----a-w- c:\windows\DeleteOnReboot.bat
2012-11-08 20:49 . 2012-11-08 20:49 -------- d-----w- c:\documents and settings\omalley\Local Settings\Application Data\Sun
2012-11-08 17:35 . 2012-11-08 17:34 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-08 17:35 . 2012-11-08 17:34 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-08 17:35 . 2012-11-08 17:34 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-08 17:35 . 2012-11-08 17:34 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-08 16:31 . 2012-09-06 01:27 266720 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-11-06 18:34 . 2012-11-06 18:34 -------- d-----w- c:\documents and settings\omalley\Application Data\AVG2012
2012-11-06 18:22 . 2012-11-06 18:22 -------- d-----w- C:\$AVG
2012-11-06 18:22 . 2012-11-09 14:14 -------- d-----w- c:\windows\system32\drivers\AVG
2012-11-06 18:22 . 2012-11-06 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-11-06 17:48 . 2012-11-06 17:48 -------- d-----w- C:\AVGTemp
2012-11-05 13:20 . 2012-11-05 13:20 -------- d-----w- c:\program files\Common Files\AOL
2012-10-29 15:17 . 2012-10-29 15:17 -------- d-----w- c:\documents and settings\omalley\Application Data\TuneUp Software
2012-10-29 13:17 . 2012-11-06 18:06 -------- d-----w- c:\documents and settings\omalley\Local Settings\Application Data\Avg2013
2012-10-29 13:17 . 2012-10-29 13:17 -------- d-----w- c:\documents and settings\omalley\Local Settings\Application Data\MFAData
2012-10-13 14:26 . 2012-10-13 15:26 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-05 12:25 . 2012-08-26 15:01 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-10-13 15:27 . 2012-04-22 14:18 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-13 15:27 . 2011-08-22 17:16 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-17 09:46 . 2012-09-17 09:46 67156 ----a-w- c:\windows\Huawei ModemsUninstall.exe
2012-09-16 19:16 . 2012-09-16 19:16 2772 ----a-w- c:\windows\system32\tmp.reg
2012-09-15 12:39 . 2012-09-15 12:39 4096000 ----a-w- c:\program files\GUT4.tmp
2012-08-27 19:12 . 2004-11-09 12:08 832512 ----a-w- c:\windows\system32\wininet.dll
2012-08-27 19:12 . 2004-11-09 12:07 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-08-27 19:12 . 2004-11-09 12:07 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-08-27 19:12 . 2004-11-09 12:06 17408 ------w- c:\windows\system32\corpol.dll
2012-08-24 15:43 . 2012-08-24 15:43 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-24 13:53 . 2004-11-09 12:08 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2004-11-09 12:07 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2004-08-03 22:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-09-06 01:27 . 2012-11-08 16:31 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-09 335872]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-04-22 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-04-22 507904]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 88363]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2004-08-16 430080]
"TPSMain"="TPSMain.exe" [2004-08-11 266240]
"NDSTray.exe"="NDSTray.exe" [BU]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-04-27 118784]
"PadTouch"="c:\program files\TOSHIBA\PadTouch\PadExe.exe" [2004-02-12 1019904]
"TFncKy"="TFncKy.exe" [BU]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [10/11/2004 07:21 5632]
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 04:50 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [31/01/2012 04:46 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [26/07/2012 03:21 237408]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [24/08/2012 15:43 301920]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [26/08/2012 15:01 26984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [13/08/2012 03:24 5167736]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14/02/2012 04:53 193288]
R2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [17/09/2012 09:48 1740696]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [05/11/2012 12:25 711112]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 13:32 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23/12/2011 13:32 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 13:32 17232]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [17/09/2012 09:47 73216]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [17/09/2012 09:47 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [17/09/2012 09:47 11136]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [17/09/2012 09:47 235392]
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 15:27]
.
2009-11-10 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-11-09 00:12]
.
2009-11-10 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-11-09 00:12]
.
2009-11-10 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-11-09 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\omalley\Application Data\Mozilla\Firefox\Profiles\hma0abct.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://uk.msn.com/
FF - ExtSQL: 2012-11-06 18:25; [email protected]; c:\documents and settings\All Users\Application Data\AVG Secure Search\FireFoxExt\13.2.0.5
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
HKLM-Run-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe
AddRemove-AVG Secure Search - c:\program files\AVG Secure Search\UNINSTALL.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-09 18:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-11-09 19:04:39
ComboFix-quarantined-files.txt 2012-11-09 19:04
.
Pre-Run: 28,859,084,800 bytes free
Post-Run: 29,136,736,256 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - ABA450640006540DA4FE2CA1D6D4FB67

Edited by plastictaffy, 09 November 2012 - 02:06 PM.

  • 0

#7
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings plastictaffy

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
  • 0

#8
plastictaffy

plastictaffy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Evening Gringo.......... Here are the results of the two scans I last ran.

TDSSKiller first
21:00:04.0453 3764 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:00:04.0984 3764 ============================================================
21:00:04.0984 3764 Current date / time: 2012/11/09 21:00:04.0984
21:00:04.0984 3764 SystemInfo:
21:00:04.0984 3764
21:00:04.0984 3764 OS Version: 5.1.2600 ServicePack: 3.0
21:00:04.0984 3764 Product type: Workstation
21:00:04.0984 3764 ComputerName: YOUR-F2961252D0
21:00:04.0984 3764 UserName: omalley
21:00:04.0984 3764 Windows directory: C:\WINDOWS
21:00:04.0984 3764 System windows directory: C:\WINDOWS
21:00:04.0984 3764 Processor architecture: Intel x86
21:00:04.0984 3764 Number of processors: 2
21:00:04.0984 3764 Page size: 0x1000
21:00:04.0984 3764 Boot type: Normal boot
21:00:04.0984 3764 ============================================================
21:00:07.0531 3764 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1430, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
21:00:07.0531 3764 Drive \Device\Harddisk1\DR2 - Size: 0xF800000 (0.24 Gb), SectorSize: 0x200, Cylinders: 0x1F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:00:07.0531 3764 ============================================================
21:00:07.0531 3764 \Device\Harddisk0\DR0:
21:00:07.0531 3764 MBR partitions:
21:00:07.0531 3764 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A817B1
21:00:07.0531 3764 \Device\Harddisk1\DR2:
21:00:07.0546 3764 MBR partitions:
21:00:07.0546 3764 \Device\Harddisk1\DR2\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x7BFE0
21:00:07.0546 3764 ============================================================
21:00:07.0562 3764 C: <-> \Device\Harddisk0\DR0\Partition1
21:00:07.0562 3764 ============================================================
21:00:07.0562 3764 Initialize success
21:00:07.0562 3764 ============================================================
21:00:11.0968 3720 ============================================================
21:00:11.0968 3720 Scan started
21:00:11.0968 3720 Mode: Manual;
21:00:11.0968 3720 ============================================================
21:00:13.0843 3720 ================ Scan system memory ========================
21:00:13.0859 3720 System memory - ok
21:00:13.0859 3720 ================ Scan services =============================
21:00:14.0015 3720 Abiosdsk - ok
21:00:14.0031 3720 abp480n5 - ok
21:00:14.0093 3720 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:00:14.0125 3720 ACPI - ok
21:00:14.0171 3720 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:00:14.0171 3720 ACPIEC - ok
21:00:14.0296 3720 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:00:14.0328 3720 AdobeFlashPlayerUpdateSvc - ok
21:00:14.0343 3720 adpu160m - ok
21:00:14.0421 3720 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:00:14.0421 3720 aec - ok
21:00:14.0484 3720 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:00:14.0484 3720 AFD - ok
21:00:14.0625 3720 [ 052343CD49C8DA20C48958CFE73C7D44 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
21:00:14.0734 3720 AgereSoftModem - ok
21:00:14.0765 3720 Aha154x - ok
21:00:14.0781 3720 aic78u2 - ok
21:00:14.0796 3720 aic78xx - ok
21:00:14.0906 3720 [ BA88534A3CEB6161E7432438B9EA4F54 ] ALCXSENS C:\WINDOWS\system32\drivers\ALCXSENS.SYS
21:00:14.0937 3720 ALCXSENS - ok
21:00:15.0000 3720 [ 69CBB79CCCCB7AB08F5E00109E9703BD ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
21:00:15.0031 3720 ALCXWDM - ok
21:00:15.0093 3720 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:00:15.0093 3720 Alerter - ok
21:00:15.0140 3720 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
21:00:15.0140 3720 ALG - ok
21:00:15.0156 3720 AliIde - ok
21:00:15.0187 3720 amsint - ok
21:00:15.0203 3720 AppMgmt - ok
21:00:15.0281 3720 [ 466708AE500E11CFA56483EE7FB9AD11 ] AR5211 C:\WINDOWS\system32\DRIVERS\ar5211.sys
21:00:15.0312 3720 AR5211 - ok
21:00:15.0359 3720 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:00:15.0359 3720 Arp1394 - ok
21:00:15.0375 3720 asc - ok
21:00:15.0390 3720 asc3350p - ok
21:00:15.0421 3720 asc3550 - ok
21:00:15.0609 3720 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:00:15.0640 3720 aspnet_state - ok
21:00:15.0687 3720 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:00:15.0687 3720 AsyncMac - ok
21:00:15.0734 3720 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:00:15.0734 3720 atapi - ok
21:00:15.0750 3720 Atdisk - ok
21:00:15.0828 3720 [ A447A9E0D23740B2C5903C9353223D62 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
21:00:15.0859 3720 Ati HotKey Poller - ok
21:00:15.0937 3720 [ 59485150D0388E07772EAD4999A5AFC2 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:00:15.0984 3720 ati2mtag - ok
21:00:16.0046 3720 [ 899C9F94ED5EC5EFF71AA6E17A084419 ] atiide C:\WINDOWS\system32\DRIVERS\atiide.sys
21:00:16.0046 3720 atiide - ok
21:00:16.0093 3720 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:00:16.0109 3720 Atmarpc - ok
21:00:16.0171 3720 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:00:16.0171 3720 AudioSrv - ok
21:00:16.0234 3720 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:00:16.0234 3720 audstub - ok
21:00:16.0750 3720 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files\AVG\AVG2012\avgidsagent.exe
21:00:17.0046 3720 AVGIDSAgent - ok
21:00:17.0125 3720 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
21:00:17.0140 3720 AVGIDSDriver - ok
21:00:17.0171 3720 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
21:00:17.0171 3720 AVGIDSFilter - ok
21:00:17.0203 3720 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
21:00:17.0203 3720 AVGIDSHX - ok
21:00:17.0234 3720 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
21:00:17.0250 3720 AVGIDSShim - ok
21:00:17.0328 3720 [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
21:00:17.0375 3720 Avgldx86 - ok
21:00:17.0453 3720 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
21:00:17.0453 3720 Avgmfx86 - ok
21:00:17.0500 3720 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
21:00:17.0500 3720 Avgrkx86 - ok
21:00:17.0609 3720 [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
21:00:17.0671 3720 Avgtdix - ok
21:00:17.0734 3720 [ 57D83B82117C2DDB9D7E9AEA691CEDFC ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
21:00:17.0796 3720 avgtp - ok
21:00:17.0875 3720 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
21:00:17.0906 3720 avgwd - ok
21:00:18.0125 3720 [ 68BF3520FE759C91FD9182F36E585374 ] BecHelperService C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
21:00:18.0234 3720 BecHelperService - ok
21:00:18.0484 3720 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:00:18.0484 3720 Beep - ok
21:00:18.0578 3720 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
21:00:18.0671 3720 BITS - ok
21:00:18.0703 3720 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
21:00:18.0703 3720 Browser - ok
21:00:18.0765 3720 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
21:00:18.0765 3720 BthEnum - ok
21:00:18.0828 3720 [ 906FCF0D1DC5B573015BBD21EF54BD88 ] caboagp C:\WINDOWS\system32\DRIVERS\atisgkaf.sys
21:00:18.0828 3720 caboagp - ok
21:00:18.0984 3720 catchme - ok
21:00:19.0015 3720 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:00:19.0015 3720 cbidf2k - ok
21:00:19.0031 3720 cd20xrnt - ok
21:00:19.0093 3720 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:00:19.0109 3720 Cdaudio - ok
21:00:19.0156 3720 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:00:19.0171 3720 Cdfs - ok
21:00:19.0187 3720 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:00:19.0187 3720 Cdrom - ok
21:00:19.0296 3720 [ 527235C8109BF5D4DBDA7D1948648C46 ] CFSvcs C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
21:00:19.0296 3720 CFSvcs - ok
21:00:19.0312 3720 Changer - ok
21:00:19.0390 3720 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:00:19.0390 3720 CiSvc - ok
21:00:19.0453 3720 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:00:19.0453 3720 ClipSrv - ok
21:00:19.0500 3720 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:00:19.0531 3720 clr_optimization_v2.0.50727_32 - ok
21:00:19.0546 3720 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:00:19.0546 3720 CmBatt - ok
21:00:19.0562 3720 CmdIde - ok
21:00:19.0609 3720 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:00:19.0609 3720 Compbatt - ok
21:00:19.0625 3720 COMSysApp - ok
21:00:19.0671 3720 Cpqarray - ok
21:00:19.0718 3720 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:00:19.0734 3720 CryptSvc - ok
21:00:19.0750 3720 dac2w2k - ok
21:00:19.0765 3720 dac960nt - ok
21:00:19.0843 3720 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:00:19.0875 3720 DcomLaunch - ok
21:00:19.0953 3720 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:00:19.0968 3720 Dhcp - ok
21:00:20.0031 3720 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:00:20.0031 3720 Disk - ok
21:00:20.0046 3720 dmadmin - ok
21:00:20.0140 3720 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:00:20.0171 3720 dmboot - ok
21:00:20.0218 3720 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:00:20.0234 3720 dmio - ok
21:00:20.0281 3720 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:00:20.0281 3720 dmload - ok
21:00:20.0328 3720 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:00:20.0328 3720 dmserver - ok
21:00:20.0375 3720 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:00:20.0375 3720 DMusic - ok
21:00:20.0453 3720 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:00:20.0453 3720 Dnscache - ok
21:00:20.0515 3720 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:00:20.0531 3720 Dot3svc - ok
21:00:20.0546 3720 dpti2o - ok
21:00:20.0578 3720 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:00:20.0578 3720 drmkaud - ok
21:00:20.0656 3720 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:00:20.0656 3720 EapHost - ok
21:00:20.0718 3720 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:00:20.0718 3720 ERSvc - ok
21:00:20.0781 3720 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
21:00:20.0796 3720 Eventlog - ok
21:00:20.0875 3720 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
21:00:20.0906 3720 EventSystem - ok
21:00:20.0984 3720 [ FB54F67974D13D73BE3E2F1DF042D295 ] ewusbnet C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
21:00:21.0031 3720 ewusbnet - ok
21:00:21.0093 3720 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
21:00:21.0093 3720 ew_hwusbdev - ok
21:00:21.0156 3720 [ 61A973F60E94A551BA7B15F3460444FB ] ew_usbenumfilter C:\WINDOWS\system32\DRIVERS\ew_usbenumfilter.sys
21:00:21.0156 3720 ew_usbenumfilter - ok
21:00:21.0218 3720 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:00:21.0218 3720 Fastfat - ok
21:00:21.0500 3720 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:00:21.0515 3720 FastUserSwitchingCompatibility - ok
21:00:21.0531 3720 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
21:00:21.0531 3720 Fdc - ok
21:00:21.0562 3720 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:00:21.0562 3720 Fips - ok
21:00:21.0609 3720 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
21:00:21.0609 3720 Flpydisk - ok
21:00:21.0656 3720 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:00:21.0656 3720 FltMgr - ok
21:00:21.0750 3720 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:00:21.0765 3720 FontCache3.0.0.0 - ok
21:00:21.0812 3720 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:00:21.0812 3720 Fs_Rec - ok
21:00:21.0875 3720 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:00:21.0890 3720 Ftdisk - ok
21:00:21.0953 3720 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:00:21.0953 3720 Gpc - ok
21:00:22.0062 3720 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:00:22.0062 3720 helpsvc - ok
21:00:22.0078 3720 HidServ - ok
21:00:22.0140 3720 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:00:22.0140 3720 hkmsvc - ok
21:00:22.0156 3720 hpn - ok
21:00:22.0250 3720 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:00:22.0265 3720 HTTP - ok
21:00:22.0328 3720 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:00:22.0343 3720 HTTPFilter - ok
21:00:22.0406 3720 [ F44461E66F1B7DD267957FE9BAA63ED0 ] huawei_enumerator C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
21:00:22.0453 3720 huawei_enumerator - ok
21:00:22.0515 3720 [ F547F862B8907F1BCBD9B72A72A6449E ] hwdatacard C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
21:00:22.0515 3720 hwdatacard - ok
21:00:22.0546 3720 i2omgmt - ok
21:00:22.0562 3720 i2omp - ok
21:00:22.0656 3720 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:00:22.0671 3720 i8042prt - ok
21:00:22.0781 3720 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:00:22.0843 3720 idsvc - ok
21:00:22.0875 3720 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:00:22.0890 3720 Imapi - ok
21:00:22.0968 3720 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
21:00:22.0984 3720 ImapiService - ok
21:00:23.0015 3720 ini910u - ok
21:00:23.0046 3720 IntelIde - ok
21:00:23.0093 3720 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:00:23.0093 3720 intelppm - ok
21:00:23.0125 3720 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
21:00:23.0125 3720 Ip6Fw - ok
21:00:23.0187 3720 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:00:23.0203 3720 IpFilterDriver - ok
21:00:23.0234 3720 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:00:23.0250 3720 IpInIp - ok
21:00:23.0296 3720 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:00:23.0296 3720 IpNat - ok
21:00:23.0375 3720 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:00:23.0375 3720 IPSec - ok
21:00:23.0406 3720 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
21:00:23.0406 3720 irda - ok
21:00:23.0437 3720 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:00:23.0437 3720 IRENUM - ok
21:00:23.0500 3720 [ 49CC4533CE897CB2E93C1E84A818FDE5 ] Irmon C:\WINDOWS\System32\irmon.dll
21:00:23.0515 3720 Irmon - ok
21:00:23.0546 3720 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:00:23.0546 3720 isapnp - ok
21:00:23.0640 3720 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
21:00:23.0656 3720 JavaQuickStarterService - ok
21:00:23.0718 3720 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:00:23.0718 3720 Kbdclass - ok
21:00:23.0750 3720 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:00:23.0765 3720 kmixer - ok
21:00:23.0843 3720 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:00:23.0843 3720 KSecDD - ok
21:00:23.0906 3720 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:00:24.0296 3720 lanmanserver - ok
21:00:24.0359 3720 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:00:24.0421 3720 lanmanworkstation - ok
21:00:24.0437 3720 lbrtfdc - ok
21:00:24.0531 3720 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:00:24.0531 3720 LmHosts - ok
21:00:24.0593 3720 [ 4E10E84320A8EC1C12BD0D00973B22AB ] mdvrmng C:\WINDOWS\system32\drivers\mdvrmng.sys
21:00:24.0593 3720 mdvrmng - ok
21:00:24.0640 3720 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:00:24.0640 3720 Messenger - ok
21:00:24.0687 3720 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:00:24.0687 3720 mnmdd - ok
21:00:24.0750 3720 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:00:24.0765 3720 mnmsrvc - ok
21:00:24.0828 3720 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:00:24.0828 3720 Modem - ok
21:00:24.0859 3720 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:00:24.0859 3720 Mouclass - ok
21:00:24.0875 3720 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:00:24.0890 3720 MountMgr - ok
21:00:24.0953 3720 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:00:24.0968 3720 MozillaMaintenance - ok
21:00:24.0984 3720 mraid35x - ok
21:00:25.0015 3720 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:00:25.0031 3720 MRxDAV - ok
21:00:25.0109 3720 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:00:25.0187 3720 MRxSmb - ok
21:00:25.0250 3720 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:00:25.0250 3720 MSDTC - ok
21:00:25.0281 3720 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:00:25.0281 3720 Msfs - ok
21:00:25.0296 3720 MSIServer - ok
21:00:25.0390 3720 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:00:25.0390 3720 MSKSSRV - ok
21:00:25.0421 3720 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:00:25.0421 3720 MSPCLOCK - ok
21:00:25.0437 3720 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:00:25.0437 3720 MSPQM - ok
21:00:25.0500 3720 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:00:25.0500 3720 mssmbios - ok
21:00:25.0562 3720 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:00:25.0625 3720 Mup - ok
21:00:25.0703 3720 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
21:00:25.0718 3720 napagent - ok
21:00:25.0796 3720 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:00:25.0812 3720 NDIS - ok
21:00:25.0890 3720 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:00:25.0890 3720 NdisTapi - ok
21:00:25.0921 3720 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:00:25.0921 3720 Ndisuio - ok
21:00:25.0968 3720 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:00:25.0968 3720 NdisWan - ok
21:00:26.0015 3720 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:00:26.0046 3720 NDProxy - ok
21:00:26.0078 3720 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:00:26.0078 3720 NetBIOS - ok
21:00:26.0156 3720 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:00:26.0171 3720 NetBT - ok
21:00:26.0234 3720 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
21:00:26.0234 3720 NetDDE - ok
21:00:26.0265 3720 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:00:26.0265 3720 NetDDEdsdm - ok
21:00:26.0328 3720 [ 1265EB253ED4EBE4ACB3BD5F548FF796 ] Netdevio C:\WINDOWS\system32\DRIVERS\netdevio.sys
21:00:26.0328 3720 Netdevio - ok
21:00:26.0390 3720 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:00:26.0390 3720 Netlogon - ok
21:00:26.0437 3720 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
21:00:26.0468 3720 Netman - ok
21:00:26.0531 3720 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:00:26.0531 3720 NetTcpPortSharing - ok
21:00:26.0562 3720 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:00:26.0562 3720 NIC1394 - ok
21:00:26.0640 3720 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
21:00:26.0671 3720 Nla - ok
21:00:26.0703 3720 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:00:26.0703 3720 Npfs - ok
21:00:26.0796 3720 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:00:26.0843 3720 Ntfs - ok
21:00:26.0859 3720 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:00:26.0859 3720 NtLmSsp - ok
21:00:26.0937 3720 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:00:26.0968 3720 NtmsSvc - ok
21:00:27.0015 3720 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:00:27.0015 3720 Null - ok
21:00:27.0046 3720 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:00:27.0046 3720 NwlnkFlt - ok
21:00:27.0078 3720 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:00:27.0093 3720 NwlnkFwd - ok
21:00:27.0156 3720 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:00:27.0156 3720 ohci1394 - ok
21:00:27.0281 3720 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:00:27.0281 3720 ose - ok
21:00:27.0312 3720 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
21:00:27.0312 3720 Parport - ok
21:00:27.0328 3720 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:00:27.0328 3720 PartMgr - ok
21:00:27.0390 3720 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:00:27.0406 3720 ParVdm - ok
21:00:27.0453 3720 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:00:27.0453 3720 PCI - ok
21:00:27.0468 3720 PCIDump - ok
21:00:27.0500 3720 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:00:27.0515 3720 PCIIde - ok
21:00:27.0531 3720 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:00:27.0531 3720 Pcmcia - ok
21:00:27.0546 3720 PDCOMP - ok
21:00:27.0578 3720 PDFRAME - ok
21:00:27.0593 3720 PDRELI - ok
21:00:27.0609 3720 PDRFRAME - ok
21:00:27.0640 3720 perc2 - ok
21:00:27.0656 3720 perc2hib - ok
21:00:27.0734 3720 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
21:00:27.0734 3720 PlugPlay - ok
21:00:27.0750 3720 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:00:27.0750 3720 PolicyAgent - ok
21:00:27.0781 3720 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:00:27.0781 3720 PptpMiniport - ok
21:00:27.0796 3720 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:00:27.0796 3720 ProtectedStorage - ok
21:00:27.0812 3720 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:00:27.0828 3720 PSched - ok
21:00:27.0859 3720 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:00:27.0859 3720 Ptilink - ok
21:00:27.0875 3720 ql1080 - ok
21:00:27.0890 3720 Ql10wnt - ok
21:00:27.0906 3720 ql12160 - ok
21:00:27.0937 3720 ql1240 - ok
21:00:27.0953 3720 ql1280 - ok
21:00:28.0015 3720 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:00:28.0015 3720 RasAcd - ok
21:00:28.0062 3720 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:00:28.0062 3720 RasAuto - ok
21:00:28.0125 3720 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
21:00:28.0125 3720 Rasirda - ok
21:00:28.0140 3720 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:00:28.0156 3720 Rasl2tp - ok
21:00:28.0234 3720 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:00:28.0265 3720 RasMan - ok
21:00:28.0265 3720 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:00:28.0281 3720 RasPppoe - ok
21:00:28.0343 3720 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:00:28.0343 3720 Raspti - ok
21:00:28.0406 3720 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:00:28.0406 3720 Rdbss - ok
21:00:28.0468 3720 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:00:28.0468 3720 RDPCDD - ok
21:00:28.0546 3720 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:00:28.0546 3720 RDPWD - ok
21:00:28.0609 3720 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:00:28.0609 3720 RDSessMgr - ok
21:00:28.0687 3720 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:00:28.0687 3720 redbook - ok
21:00:28.0718 3720 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:00:28.0718 3720 RemoteAccess - ok
21:00:28.0781 3720 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
21:00:28.0781 3720 RFCOMM - ok
21:00:28.0828 3720 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
21:00:28.0828 3720 RpcLocator - ok
21:00:28.0875 3720 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
21:00:28.0890 3720 RpcSs - ok
21:00:28.0921 3720 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:00:28.0937 3720 RSVP - ok
21:00:28.0984 3720 [ D88F6C53B637ABE4C23DE29DB40A9F05 ] RTL8023 C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys
21:00:28.0984 3720 RTL8023 - ok
21:00:29.0046 3720 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
21:00:29.0046 3720 rtl8139 - ok
21:00:29.0078 3720 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
21:00:29.0093 3720 SamSs - ok
21:00:29.0171 3720 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:00:29.0171 3720 SCardSvr - ok
21:00:29.0234 3720 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:00:29.0265 3720 Schedule - ok
21:00:29.0328 3720 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:00:29.0328 3720 Secdrv - ok
21:00:29.0375 3720 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
21:00:29.0390 3720 seclogon - ok
21:00:29.0421 3720 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
21:00:29.0421 3720 SENS - ok
21:00:29.0453 3720 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
21:00:29.0453 3720 Serial - ok
21:00:29.0500 3720 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:00:29.0515 3720 Sfloppy - ok
21:00:29.0593 3720 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:00:29.0625 3720 SharedAccess - ok
21:00:29.0656 3720 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:00:29.0656 3720 ShellHWDetection - ok
21:00:29.0671 3720 Simbad - ok
21:00:29.0750 3720 [ F5FEC5B4B985FBF81927844E75DD5BD1 ] SMCIRDA C:\WINDOWS\system32\DRIVERS\smcirda.sys
21:00:29.0750 3720 SMCIRDA - ok
21:00:29.0781 3720 Sparrow - ok
21:00:29.0859 3720 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:00:29.0859 3720 splitter - ok
21:00:29.0921 3720 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:00:29.0937 3720 Spooler - ok
21:00:29.0984 3720 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:00:30.0015 3720 sr - ok
21:00:30.0078 3720 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
21:00:30.0093 3720 srservice - ok
21:00:30.0171 3720 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:00:30.0203 3720 Srv - ok
21:00:30.0281 3720 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:00:30.0281 3720 SSDPSRV - ok
21:00:30.0375 3720 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:00:30.0390 3720 stisvc - ok
21:00:30.0468 3720 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:00:30.0468 3720 swenum - ok
21:00:30.0500 3720 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:00:30.0500 3720 swmidi - ok
21:00:30.0515 3720 SwPrv - ok
21:00:30.0562 3720 symc810 - ok
21:00:30.0578 3720 symc8xx - ok
21:00:30.0593 3720 sym_hi - ok
21:00:30.0625 3720 sym_u3 - ok
21:00:30.0703 3720 [ 36460E94BBB8C1A1A1C22E45A28FB955 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:00:30.0718 3720 SynTP - ok
21:00:30.0750 3720 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:00:30.0750 3720 sysaudio - ok
21:00:30.0812 3720 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:00:30.0812 3720 SysmonLog - ok
21:00:30.0875 3720 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:00:30.0906 3720 TapiSrv - ok
21:00:31.0015 3720 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:00:31.0046 3720 Tcpip - ok
21:00:31.0093 3720 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:00:31.0125 3720 TDPIPE - ok
21:00:31.0156 3720 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:00:31.0171 3720 TDTCP - ok
21:00:31.0218 3720 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:00:31.0234 3720 TermDD - ok
21:00:31.0359 3720 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
21:00:31.0406 3720 TermService - ok
21:00:31.0437 3720 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
21:00:31.0453 3720 Themes - ok
21:00:31.0500 3720 TosIde - ok
21:00:31.0546 3720 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:00:31.0546 3720 TrkWks - ok
21:00:31.0609 3720 [ 2AA8F32C3DA1E7BC11669E3E72BFF1A5 ] TrueSight C:\WINDOWS\system32\drivers\TrueSight.sys
21:00:31.0625 3720 TrueSight - ok
21:00:31.0687 3720 [ 7420B0C35BE9D7E9651CEB1456948C87 ] TVALD C:\WINDOWS\system32\DRIVERS\NBSMI.sys
21:00:31.0718 3720 TVALD - ok
21:00:31.0750 3720 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:00:31.0781 3720 Udfs - ok
21:00:31.0796 3720 ultra - ok
21:00:31.0875 3720 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:00:31.0890 3720 Update - ok
21:00:31.0953 3720 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:00:31.0968 3720 upnphost - ok
21:00:32.0015 3720 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
21:00:32.0031 3720 UPS - ok
21:00:32.0078 3720 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:00:32.0078 3720 usbccgp - ok
21:00:32.0125 3720 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:00:32.0125 3720 usbehci - ok
21:00:32.0187 3720 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:00:32.0187 3720 usbhub - ok
21:00:32.0203 3720 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:00:32.0203 3720 usbohci - ok
21:00:32.0281 3720 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:00:32.0281 3720 usbscan - ok
21:00:32.0343 3720 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:00:32.0343 3720 USBSTOR - ok
21:00:32.0375 3720 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:00:32.0375 3720 VgaSave - ok
21:00:32.0390 3720 ViaIde - ok
21:00:32.0468 3720 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:00:32.0468 3720 VolSnap - ok
21:00:32.0562 3720 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
21:00:32.0593 3720 VSS - ok
21:00:32.0734 3720 [ 7D110D645030C05A06C3CD08D1E47D0A ] vToolbarUpdater13.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
21:00:32.0828 3720 vToolbarUpdater13.2.0 - ok
21:00:32.0875 3720 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
21:00:33.0218 3720 W32Time - ok
21:00:33.0265 3720 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:00:33.0265 3720 Wanarp - ok
21:00:33.0359 3720 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
21:00:33.0406 3720 Wdf01000 - ok
21:00:33.0421 3720 WDICA - ok
21:00:33.0468 3720 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:00:33.0468 3720 wdmaud - ok
21:00:33.0546 3720 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:00:33.0546 3720 WebClient - ok
21:00:33.0671 3720 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:00:33.0687 3720 winmgmt - ok
21:00:33.0781 3720 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
21:00:33.0781 3720 WmdmPmSN - ok
21:00:33.0843 3720 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:00:33.0843 3720 WmiApSrv - ok
21:00:33.0906 3720 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:00:33.0921 3720 WS2IFSL - ok
21:00:33.0984 3720 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:00:34.0000 3720 wscsvc - ok
21:00:34.0031 3720 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:00:34.0062 3720 wuauserv - ok
21:00:34.0125 3720 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:00:34.0171 3720 WZCSVC - ok
21:00:34.0234 3720 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:00:34.0250 3720 xmlprov - ok
21:00:34.0281 3720 ================ Scan global ===============================
21:00:34.0343 3720 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
21:00:34.0406 3720 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
21:00:34.0468 3720 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
21:00:34.0484 3720 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
21:00:34.0500 3720 [Global] - ok
21:00:34.0500 3720 ================ Scan MBR ==================================
21:00:34.0531 3720 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk0\DR0
21:00:34.0750 3720 \Device\Harddisk0\DR0 - ok
21:00:34.0765 3720 [ 23B571400A29918F5392F6E85EEB756E ] \Device\Harddisk1\DR2
21:00:38.0968 3720 \Device\Harddisk1\DR2 - ok
21:00:38.0984 3720 ================ Scan VBR ==================================
21:00:38.0984 3720 [ 39C8EA7A6F8CCFF89316D065EF1204A9 ] \Device\Harddisk0\DR0\Partition1
21:00:38.0984 3720 \Device\Harddisk0\DR0\Partition1 - ok
21:00:39.0000 3720 [ BE4D5C03E654445395DFD065D8701FD7 ] \Device\Harddisk1\DR2\Partition1
21:00:39.0015 3720 \Device\Harddisk1\DR2\Partition1 - ok
21:00:39.0015 3720 ============================================================
21:00:39.0015 3720 Scan finished
21:00:39.0015 3720 ============================================================
21:00:39.0046 1912 Detected object count: 0
21:00:39.0046 1912 Actual detected object count: 0
21:02:10.0859 3008 Deinitialize success

aswMBR follows.............

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-09 21:02:53
-----------------------------
21:02:53.703 OS Version: Windows 5.1.2600 Service Pack 3
21:02:53.703 Number of processors: 2 586 0x401
21:02:53.703 ComputerName: YOUR-F2961252D0 UserName: omalley
21:02:54.687 Initialize success
21:06:10.218 AVAST engine defs: 12110900
21:06:18.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:06:18.375 Disk 0 Vendor: FUJITSU_MHT2040AT 0022 Size: 38154MB BusType: 3
21:06:18.468 Disk 0 MBR read successfully
21:06:18.484 Disk 0 MBR scan
21:06:19.953 Disk 0 unknown MBR code
21:06:19.984 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38146 MB offset 63
21:06:20.750 Disk 0 scanning sectors +78125040
21:06:21.531 Disk 0 scanning C:\WINDOWS\system32\drivers
21:06:50.578 Service scanning
21:07:27.296 Modules scanning
21:08:10.875 Disk 0 trace - called modules:
21:08:10.937 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys atiide.sys PCIIDEX.SYS
21:08:10.937 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84f70ab8]
21:08:10.953 3 CLASSPNP.SYS[f7748fd7] -> nt!IofCallDriver -> \Device\0000007f[0x84f39e98]
21:08:10.968 5 ACPI.sys[f769f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x84f51610]
21:08:11.750 AVAST engine scan C:\WINDOWS
21:08:50.375 AVAST engine scan C:\WINDOWS\system32
21:15:06.890 AVAST engine scan C:\WINDOWS\system32\drivers
21:15:47.390 AVAST engine scan C:\Documents and Settings\omalley
21:16:54.250 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
21:16:54.343 The log file has been saved successfully to "E:\aswMBRreport.txt"
  • 0

#9
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

  • 0

#10
plastictaffy

plastictaffy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Hi Gringo
Combofix has run with the script you gave me. Here are the results.

ComboFix 12-11-09.02 - omalley 09/11/2012 22:52:25.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.447.188 [GMT 0:00]
Running from: c:\documents and settings\omalley\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\omalley\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-09 to 2012-11-09 )))))))))))))))))))))))))))))))
.
.
2012-11-09 14:32 . 2012-11-09 15:34 14336 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-11-09 14:20 . 2012-11-09 15:33 212 ----a-w- c:\windows\DeleteOnReboot.bat
2012-11-08 20:49 . 2012-11-08 20:49 -------- d-----w- c:\documents and settings\omalley\Local Settings\Application Data\Sun
2012-11-08 17:35 . 2012-11-08 17:34 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-08 17:35 . 2012-11-08 17:34 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-08 17:35 . 2012-11-08 17:34 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-08 17:35 . 2012-11-08 17:34 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-08 16:31 . 2012-09-06 01:27 266720 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-11-06 18:34 . 2012-11-06 18:34 -------- d-----w- c:\documents and settings\omalley\Application Data\AVG2012
2012-11-06 18:22 . 2012-11-06 18:22 -------- d-----w- C:\$AVG
2012-11-06 18:22 . 2012-11-09 14:14 -------- d-----w- c:\windows\system32\drivers\AVG
2012-11-06 18:22 . 2012-11-06 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-11-06 17:48 . 2012-11-06 17:48 -------- d-----w- C:\AVGTemp
2012-11-05 13:20 . 2012-11-05 13:20 -------- d-----w- c:\program files\Common Files\AOL
2012-10-29 15:17 . 2012-10-29 15:17 -------- d-----w- c:\documents and settings\omalley\Application Data\TuneUp Software
2012-10-29 13:17 . 2012-11-06 18:06 -------- d-----w- c:\documents and settings\omalley\Local Settings\Application Data\Avg2013
2012-10-29 13:17 . 2012-10-29 13:17 -------- d-----w- c:\documents and settings\omalley\Local Settings\Application Data\MFAData
2012-10-13 14:26 . 2012-10-13 15:26 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-05 12:25 . 2012-08-26 15:01 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-10-13 15:27 . 2012-04-22 14:18 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-13 15:27 . 2011-08-22 17:16 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-17 09:46 . 2012-09-17 09:46 67156 ----a-w- c:\windows\Huawei ModemsUninstall.exe
2012-09-16 19:16 . 2012-09-16 19:16 2772 ----a-w- c:\windows\system32\tmp.reg
2012-09-15 12:39 . 2012-09-15 12:39 4096000 ----a-w- c:\program files\GUT4.tmp
2012-08-27 19:12 . 2004-11-09 12:08 832512 ----a-w- c:\windows\system32\wininet.dll
2012-08-27 19:12 . 2004-11-09 12:07 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-08-27 19:12 . 2004-11-09 12:07 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-08-27 19:12 . 2004-11-09 12:06 17408 ------w- c:\windows\system32\corpol.dll
2012-08-24 15:43 . 2012-08-24 15:43 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-24 13:53 . 2004-11-09 12:08 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2004-11-09 12:07 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2004-08-03 22:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-09-06 01:27 . 2012-11-08 16:31 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-09 335872]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-04-22 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-04-22 507904]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 88363]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2004-08-16 430080]
"TPSMain"="TPSMain.exe" [2004-08-11 266240]
"NDSTray.exe"="NDSTray.exe" [BU]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-04-27 118784]
"PadTouch"="c:\program files\TOSHIBA\PadTouch\PadExe.exe" [2004-02-12 1019904]
"TFncKy"="TFncKy.exe" [BU]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [10/11/2004 07:21 5632]
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 04:50 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [31/01/2012 04:46 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [26/07/2012 03:21 237408]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [24/08/2012 15:43 301920]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [26/08/2012 15:01 26984]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14/02/2012 04:53 193288]
R2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [17/09/2012 09:48 1740696]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [05/11/2012 12:25 711112]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 13:32 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23/12/2011 13:32 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 13:32 17232]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [17/09/2012 09:47 73216]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [13/08/2012 03:24 5167736]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [17/09/2012 09:47 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [17/09/2012 09:47 11136]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [17/09/2012 09:47 235392]
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 15:27]
.
2009-11-10 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-11-09 00:12]
.
2009-11-10 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-11-09 00:12]
.
2009-11-10 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-11-09 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\omalley\Application Data\Mozilla\Firefox\Profiles\hma0abct.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://uk.msn.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-09 23:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(820)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2488)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
Completion time: 2012-11-09 23:04:57
ComboFix-quarantined-files.txt 2012-11-09 23:04
ComboFix2.txt 2012-11-09 19:04
.
Pre-Run: 29,310,750,720 bytes free
Post-Run: 29,439,832,064 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - A3933D694F7676B1AC86C87773069601


Thanks
Rich
  • 0

Advertisements


#11
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#12
plastictaffy

plastictaffy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Sorry fella, didn't realise it created 2 logfiles!! :whistling:
Here is that log..........

ComboFix 12-11-09.02 - omalley 09/11/2012 22:52:25.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.447.188 [GMT 0:00]
Running from: c:\documents and settings\omalley\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\omalley\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-09 to 2012-11-09 )))))))))))))))))))))))))))))))
.
.
2012-11-09 14:32 . 2012-11-09 15:34 14336 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-11-09 14:20 . 2012-11-09 15:33 212 ----a-w- c:\windows\DeleteOnReboot.bat
2012-11-08 20:49 . 2012-11-08 20:49 -------- d-----w- c:\documents and settings\omalley\Local Settings\Application Data\Sun
2012-11-08 17:35 . 2012-11-08 17:34 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-08 17:35 . 2012-11-08 17:34 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-08 17:35 . 2012-11-08 17:34 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-08 17:35 . 2012-11-08 17:34 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-08 16:31 . 2012-09-06 01:27 266720 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-11-06 18:34 . 2012-11-06 18:34 -------- d-----w- c:\documents and settings\omalley\Application Data\AVG2012
2012-11-06 18:22 . 2012-11-06 18:22 -------- d-----w- C:\$AVG
2012-11-06 18:22 . 2012-11-09 14:14 -------- d-----w- c:\windows\system32\drivers\AVG
2012-11-06 18:22 . 2012-11-06 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-11-06 17:48 . 2012-11-06 17:48 -------- d-----w- C:\AVGTemp
2012-11-05 13:20 . 2012-11-05 13:20 -------- d-----w- c:\program files\Common Files\AOL
2012-10-29 15:17 . 2012-10-29 15:17 -------- d-----w- c:\documents and settings\omalley\Application Data\TuneUp Software
2012-10-29 13:17 . 2012-11-06 18:06 -------- d-----w- c:\documents and settings\omalley\Local Settings\Application Data\Avg2013
2012-10-29 13:17 . 2012-10-29 13:17 -------- d-----w- c:\documents and settings\omalley\Local Settings\Application Data\MFAData
2012-10-13 14:26 . 2012-10-13 15:26 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-05 12:25 . 2012-08-26 15:01 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-10-13 15:27 . 2012-04-22 14:18 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-13 15:27 . 2011-08-22 17:16 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-17 09:46 . 2012-09-17 09:46 67156 ----a-w- c:\windows\Huawei ModemsUninstall.exe
2012-09-16 19:16 . 2012-09-16 19:16 2772 ----a-w- c:\windows\system32\tmp.reg
2012-09-15 12:39 . 2012-09-15 12:39 4096000 ----a-w- c:\program files\GUT4.tmp
2012-08-27 19:12 . 2004-11-09 12:08 832512 ----a-w- c:\windows\system32\wininet.dll
2012-08-27 19:12 . 2004-11-09 12:07 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-08-27 19:12 . 2004-11-09 12:07 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-08-27 19:12 . 2004-11-09 12:06 17408 ------w- c:\windows\system32\corpol.dll
2012-08-24 15:43 . 2012-08-24 15:43 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-24 13:53 . 2004-11-09 12:08 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2004-11-09 12:07 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2004-08-03 22:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-09-06 01:27 . 2012-11-08 16:31 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-09 335872]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-04-22 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-04-22 507904]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 88363]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2004-08-16 430080]
"TPSMain"="TPSMain.exe" [2004-08-11 266240]
"NDSTray.exe"="NDSTray.exe" [BU]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-04-27 118784]
"PadTouch"="c:\program files\TOSHIBA\PadTouch\PadExe.exe" [2004-02-12 1019904]
"TFncKy"="TFncKy.exe" [BU]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [10/11/2004 07:21 5632]
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 04:50 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [31/01/2012 04:46 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [26/07/2012 03:21 237408]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [24/08/2012 15:43 301920]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [26/08/2012 15:01 26984]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14/02/2012 04:53 193288]
R2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [17/09/2012 09:48 1740696]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [05/11/2012 12:25 711112]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 13:32 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23/12/2011 13:32 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 13:32 17232]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [17/09/2012 09:47 73216]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [13/08/2012 03:24 5167736]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [17/09/2012 09:47 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [17/09/2012 09:47 11136]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [17/09/2012 09:47 235392]
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 15:27]
.
2009-11-10 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-11-09 00:12]
.
2009-11-10 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-11-09 00:12]
.
2009-11-10 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-11-09 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\omalley\Application Data\Mozilla\Firefox\Profiles\hma0abct.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://uk.msn.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-09 23:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(820)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2488)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
Completion time: 2012-11-09 23:04:57
ComboFix-quarantined-files.txt 2012-11-09 23:04
ComboFix2.txt 2012-11-09 19:04
.
Pre-Run: 29,310,750,720 bytes free
Post-Run: 29,439,832,064 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - A3933D694F7676B1AC86C87773069601
  • 0

#13
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello


That is not the report I was looking for - if you follow the instructions you will get a different


gringo
  • 0

#14
plastictaffy

plastictaffy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
I had so much crap on my mem stick that I copied and pasted the wrong one. Try this one.........
3Connect
Adobe Acrobat 5.0
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 7.0
Atheros Wireless LAN MiniPCI card Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG 2012
CCleaner
CD/DVD Drive Acoustic Silencer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Huawei modem
InterVideo WinDVD for Toshiba
Java 2 Runtime Environment, SE v1.4.2_05
Java 7 Update 9
Java Auto Updater
Macromedia Flash Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Word 2002
Microsoft Works
Microsoft Works 2004 Setup Launcher
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 6 Service Pack 2 (KB973686)
PCI 1620 Cardbus Controller and Software
PCI1620 Ultramedia Controller
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB2675157)
Security Update for Windows Internet Explorer 7 (KB2699988)
Security Update for Windows Internet Explorer 7 (KB2722913)
Security Update for Windows Internet Explorer 7 (KB2744842)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SMSC IrCC V5.1.3600.3 SP1
SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.2
Synaptics Pointing Device Driver
TOSHIBA ConfigFree
TOSHIBA Console
TOSHIBA Controls
TOSHIBA Hotkey Utility for Display Devices
TOSHIBA Manuals
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA Software Modem
TOSHIBA Utilities
TOSHIBA Zooming Utility
Touch and Launch
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows XP Service Pack 3
  • 0

#15
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 7.0
Java 2 Runtime Environment, SE v1.4.2_05
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com.../readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP