Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect issue - persistent. I've [Solved]

Started by CompuFudge , Nov 11 2012 12:53 AM

  • This topic is locked This topic is locked

#1
CompuFudge
Posted 11 November 2012 - 12:53 AM

CompuFudge

    Member

  • Member
  • PipPip
  • 26 posts
I've thought I've had this one licked a few times, but it just keeps reoccurring.

Every other time I click a google search result, I get hijacked to any of a number of different sites.

I've tried running MalwareBytes and ESET, but neither fixed it so I'm at a loss.

I'm fairly computer literate, so I should be able to do anything asked of me quickly and without any issues. I really appreciate the help on this one.
  • 0

Advertisements

#2
gringo_pr
Posted 11 November 2012 - 05:36 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo
  • 0

#3
CompuFudge
Posted 11 November 2012 - 06:16 PM

CompuFudge

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Thank you. I was away at a family function all day, so I'm sorry for the delayed reply.

Logs:

Results of screen317's Security Check version 0.99.54
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.1.1000
Java™ 6 Update 30
Java version out of Date!
Adobe Reader X (10.1.4)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 12% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/27/2011 2:30:20 PM
System Uptime: 11/11/2012 4:48:36 PM (3 hours ago)
.
Motherboard: Hewlett-Packard | | 30A4
Processor: AMD Turion™ 64 Mobile Technology ML-34 | U23 | 1794/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 61 GiB total, 2.082 GiB free.
D: is FIXED (FAT32) - 13 GiB total, 0.909 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP319: 10/30/2012 8:38:06 PM - System Checkpoint
RP320: 10/31/2012 8:51:02 PM - Software Distribution Service 3.0
RP321: 11/1/2012 9:32:12 PM - Software Distribution Service 3.0
RP322: 11/3/2012 2:34:36 PM - Software Distribution Service 3.0
RP323: 11/4/2012 2:24:23 PM - System Checkpoint
RP324: 11/4/2012 3:38:08 PM - Software Distribution Service 3.0
RP325: 11/5/2012 9:01:52 PM - Software Distribution Service 3.0
RP326: 11/7/2012 10:43:18 AM - Software Distribution Service 3.0
RP327: 11/8/2012 10:59:16 AM - System Checkpoint
RP328: 11/10/2012 10:31:54 PM - System Checkpoint
RP329: 11/11/2012 1:00:26 AM - Software Distribution Service 3.0
RP330: 11/11/2012 2:02:43 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
µTorrent
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Athlon 64 Processor Driver
ATI Control Panel
ATI Display Driver
Bonjour
Conexant AC-Link Audio
Coupon Printer for Windows
ESET Online Scanner v3
Google Chrome
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Help and Support
HP LaserJet Professional P1100-P1560-P1600 Series
HP User Guides--System Recovery
HP Wireless Assistant 2.00 C1
HpSdpAppCoreApp
iTunes
Java Auto Updater
Java™ 6 Update 30
LightScribe 1.4.56.1
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
MSXML 6.0 Parser (KB925673)
Office 2003 Trial Assistant
Otto
Quick Launch Buttons 5.20 G1
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Soft Data Fax Modem with SmartCP
SonicAC3Encoder
SonicMPEGEncoder
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TurboTax 2011
TurboTax 2011 wiliper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wmiiper
TurboTax 2011 wrapper
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Presentation Foundation
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
Wireless Home Network Setup
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
11/8/2012 7:22:03 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
11/5/2012 10:14:03 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
11/5/2012 10:14:01 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AliIde IntelIde ViaIde
11/4/2012 7:45:12 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
11/4/2012 3:35:39 PM, error: Print [6161] - The document Print - Meijer - Coupons List owned by Kamyszek failed to print on printer HP LaserJet Professional P1102w. Data type: RAW. Size of the spool file in bytes: 8721298. Number of bytes printed: 0. Total number of pages in the document: 4. Number of pages printed: 0. Client machine: \\PC207082390625. Win32 error code returned by the print processor: 2 (0x2).
11/10/2012 11:36:16 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1543.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
11/10/2012 10:26:18 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1543.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
11/10/2012 10:16:43 PM, error: System Error [1003] - Error code 10000050, parameter1 e25f501c, parameter2 00000000, parameter3 bf82ebe1, parameter4 00000001.
.
==== End Of File ===========================

DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Kamyszek at 19:13:43 on 2012-11-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.346 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\HPSIsvc.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Kamyszek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kamyszek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kamyszek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kamyszek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kamyszek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kamyszek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kamyszek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kamyszek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\kamyszek\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smartprint\smartprintsetup.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{ADBBB5F9-99ED-4765-847C-C3200AA91E69} : DHCPNameServer = 75.75.76.76 75.75.75.75
Notify: AtiExtEvent - Ati2evxx.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 193552]
R1 MpKsldd233309;MpKsldd233309;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b5af6d63-bf2c-4cc4-a5c1-64e1b058967e}\MpKsldd233309.sys [2012-11-11 29904]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2011-12-8 99896]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-8-22 231424]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-11-11 07:06:29 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b5af6d63-bf2c-4cc4-a5c1-64e1b058967e}\offreg.dll
2012-11-11 07:06:29 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b5af6d63-bf2c-4cc4-a5c1-64e1b058967e}\MpKsldd233309.sys
2012-11-11 07:02:54 6918632 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b5af6d63-bf2c-4cc4-a5c1-64e1b058967e}\mpengine.dll
2012-11-11 06:00:34 6918632 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-11-09 00:27:41 -------- d-----w- c:\program files\ESET
2012-11-09 00:09:58 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-30 22:13:49 -------- d-----w- c:\program files\iPod
2012-10-30 22:13:27 -------- d-----w- c:\program files\iTunes
2012-10-30 22:13:27 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
.
==================== Find3M ====================
.
2012-10-08 20:53:13 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-08 20:53:10 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-30 00:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 02:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 17:01:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 17:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-21 13:29:19 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:06 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 19:14:43.14 ===============


No issues running any of these tools. No other issue to report. Thanks again!
  • 0

#4
gringo_pr
Posted 11 November 2012 - 06:36 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello


These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#5
CompuFudge
Posted 11 November 2012 - 07:26 PM

CompuFudge

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
# AdwCleaner v2.007 - Logfile created 11/11/2012 at 20:19:26
# Updated 06/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Kamyszek - PC207082390625
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Kamyszek\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.64

File : C:\Documents and Settings\Kamyszek\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [863 octets] - [11/11/2012 20:19:08]
AdwCleaner[S2].txt - [795 octets] - [11/11/2012 20:19:26]

########## EOF - C:\AdwCleaner[S2].txt - [854 octets] ##########

RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Kamyszek [Admin rights]
Mode : Remove -- Date : 11/11/2012 20:25:23

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HTS541080G9AT00 +++++
--- User ---
[MBR] ef10944a8d565d6d6a84b6f8081915ad
[BSP] a20f738efddaa65d0a7775166605f9e6 : Toshiba tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 62244 Mo
1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 127491840 | Size: 13037 Mo
2 - [XXXXXX] UNKNOWN (0xd7) [VISIBLE] Offset (sectors): 154191870 | Size: 1027 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_11112012_02d2025.txt >>
RKreport[1]_S_11112012_02d2025.txt ; RKreport[2]_D_11112012_02d2025.txt


I think that is everything so far. Thanks again, not to sound like a broken record.
  • 0

#6
gringo_pr
Posted 11 November 2012 - 07:32 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#7
CompuFudge
Posted 11 November 2012 - 08:19 PM

CompuFudge

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
ComboFix 12-11-10.03 - Kamyszek 11/11/2012 21:06:57.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.643 [GMT -5:00]
Running from: c:\documents and settings\Kamyszek\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-10-12 to 2012-11-12 )))))))))))))))))))))))))))))))
.
.
2012-11-12 01:37 . 2012-11-12 01:37 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B5AF6D63-BF2C-4CC4-A5C1-64E1B058967E}\MpKsl282b5960.sys
2012-11-12 01:24 . 2012-11-12 01:24 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B5AF6D63-BF2C-4CC4-A5C1-64E1B058967E}\MpKsl27d529a1.sys
2012-11-11 07:02 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B5AF6D63-BF2C-4CC4-A5C1-64E1B058967E}\mpengine.dll
2012-11-11 06:00 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-09 00:27 . 2012-11-09 00:27 -------- d-----w- c:\program files\ESET
2012-11-09 00:09 . 2012-11-11 06:39 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-30 22:13 . 2012-10-30 22:13 -------- d-----w- c:\program files\iPod
2012-10-30 22:13 . 2012-10-30 22:15 -------- d-----w- c:\program files\iTunes
2012-10-30 22:13 . 2012-10-30 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-08 20:53 . 2012-09-19 17:58 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-08 20:53 . 2011-12-03 11:52 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-30 00:54 . 2012-01-11 01:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 02:03 . 2011-04-18 18:18 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-28 15:14 . 2004-08-10 15:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2004-08-10 15:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2004-08-10 15:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-10 15:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-10 15:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 17:01 . 2012-01-19 23:00 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 17:01 . 2012-01-19 23:00 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-21 13:29 . 2004-08-10 15:00 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2004-08-10 15:00 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 344064]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
2005-08-01 21:26 233534 ----a-w- c:\program files\HPQ\Default Settings\Cpqset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2005-12-13 21:45 507904 ----a-w- c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]
2005-10-11 17:23 1187840 ----a-w- c:\windows\SMINST\Recguard.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\LJP1100_P1560_P1600_Full_Solution\\ProductInst.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9100:TCP"= 9100:TCP:Advanced TCP/IP Printer Port
"427:TCP"= 427:TCP:Advanced TCP/IP SLP Port
"161:TCP"= 161:TCP:Advanced TCP/IP SNMP Port
"427:UDP"= 427:UDP:SLP
.
R1 MpKsl282b5960;MpKsl282b5960;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B5AF6D63-BF2C-4CC4-A5C1-64E1B058967E}\MpKsl282b5960.sys [11/11/2012 8:37 PM 29904]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [12/8/2011 3:54 PM 99896]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 4:06 AM 231424]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL27D529A1
*NewlyCreated* - MPKSL282B5960
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-19 20:53]
.
2012-11-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-14 16:48]
.
2012-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-14 16:48]
.
2012-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3184365701-2864391098-1078614-1005Core.job
- c:\documents and settings\Kamyszek\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-27 18:18]
.
2012-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3184365701-2864391098-1078614-1005UA.job
- c:\documents and settings\Kamyszek\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-27 18:18]
.
2012-11-12 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 21:25]
.
2012-11-12 c:\windows\Tasks\User_Feed_Synchronization-{0C52C0B9-31A7-469E-A605-8CCA41ED2C17}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-48754272.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-11 21:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(844)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-11-11 21:13:45
ComboFix-quarantined-files.txt 2012-11-12 02:13
.
Pre-Run: 3,029,880,832 bytes free
Post-Run: 3,923,935,232 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 42D9C9F611179D583E36BB94EC332040

Everything ran fine. Combofix made me add Recovery Console, but otherwise went as expected. Google results are still being hijacked.
  • 0

#8
gringo_pr
Posted 11 November 2012 - 08:32 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
  • 0

#9
CompuFudge
Posted 11 November 2012 - 09:22 PM

CompuFudge

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
21:46:56.0984 1576 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:46:57.0328 1576 ============================================================
21:46:57.0328 1576 Current date / time: 2012/11/11 21:46:57.0328
21:46:57.0328 1576 SystemInfo:
21:46:57.0328 1576
21:46:57.0328 1576 OS Version: 5.1.2600 ServicePack: 3.0
21:46:57.0328 1576 Product type: Workstation
21:46:57.0328 1576 ComputerName: PC207082390625
21:46:57.0328 1576 UserName: Kamyszek
21:46:57.0328 1576 Windows directory: C:\WINDOWS
21:46:57.0328 1576 System windows directory: C:\WINDOWS
21:46:57.0328 1576 Processor architecture: Intel x86
21:46:57.0328 1576 Number of processors: 1
21:46:57.0328 1576 Page size: 0x1000
21:46:57.0328 1576 Boot type: Normal boot
21:46:57.0328 1576 ============================================================
21:46:58.0859 1576 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:46:58.0859 1576 ============================================================
21:46:58.0859 1576 \Device\Harddisk0\DR0:
21:46:58.0875 1576 MBR partitions:
21:46:58.0875 1576 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7992000
21:46:58.0875 1576 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x7995F00, BlocksNum 0x19768FE
21:46:58.0875 1576 ============================================================
21:46:58.0890 1576 C: <-> \Device\Harddisk0\DR0\Partition1
21:46:58.0906 1576 D: <-> \Device\Harddisk0\DR0\Partition2
21:46:58.0906 1576 ============================================================
21:46:58.0906 1576 Initialize success
21:46:58.0906 1576 ============================================================
21:47:07.0031 3600 ============================================================
21:47:07.0031 3600 Scan started
21:47:07.0031 3600 Mode: Manual;
21:47:07.0031 3600 ============================================================
21:47:07.0562 3600 ================ Scan system memory ========================
21:47:07.0562 3600 System memory - ok
21:47:07.0578 3600 ================ Scan services =============================
21:47:07.0750 3600 Abiosdsk - ok
21:47:07.0781 3600 abp480n5 - ok
21:47:07.0828 3600 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:47:07.0828 3600 ACPI - ok
21:47:07.0890 3600 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:47:07.0890 3600 ACPIEC - ok
21:47:07.0953 3600 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:47:07.0968 3600 AdobeFlashPlayerUpdateSvc - ok
21:47:07.0984 3600 adpu160m - ok
21:47:08.0031 3600 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:47:08.0046 3600 aec - ok
21:47:08.0093 3600 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:47:08.0093 3600 AFD - ok
21:47:08.0125 3600 Aha154x - ok
21:47:08.0140 3600 aic78u2 - ok
21:47:08.0156 3600 aic78xx - ok
21:47:08.0218 3600 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:47:08.0218 3600 Alerter - ok
21:47:08.0265 3600 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
21:47:08.0265 3600 ALG - ok
21:47:08.0281 3600 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
21:47:08.0281 3600 AliIde - ok
21:47:08.0312 3600 [ 59301936898AE62245A6F09C0ABA9475 ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
21:47:08.0328 3600 AmdK8 - ok
21:47:08.0343 3600 amsint - ok
21:47:08.0500 3600 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:47:08.0500 3600 Apple Mobile Device - ok
21:47:08.0562 3600 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
21:47:08.0578 3600 AppMgmt - ok
21:47:08.0625 3600 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:47:08.0625 3600 Arp1394 - ok
21:47:08.0640 3600 asc - ok
21:47:08.0656 3600 asc3350p - ok
21:47:08.0687 3600 asc3550 - ok
21:47:08.0828 3600 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:47:08.0828 3600 aspnet_state - ok
21:47:08.0875 3600 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:47:08.0875 3600 AsyncMac - ok
21:47:08.0906 3600 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:47:08.0906 3600 atapi - ok
21:47:08.0921 3600 Atdisk - ok
21:47:08.0984 3600 [ B395912B170A709DC1B6E113E378C554 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
21:47:09.0000 3600 Ati HotKey Poller - ok
21:47:09.0109 3600 [ 287B11A781F2B7A28F283FD4B7434DAF ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:47:09.0156 3600 ati2mtag - ok
21:47:09.0187 3600 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:47:09.0187 3600 Atmarpc - ok
21:47:09.0234 3600 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:47:09.0234 3600 AudioSrv - ok
21:47:09.0265 3600 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:47:09.0265 3600 audstub - ok
21:47:09.0312 3600 [ 30D20FC98BCFD52E1DA778CF19B223D4 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
21:47:09.0312 3600 BCM43XX - ok
21:47:09.0343 3600 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:47:09.0343 3600 Beep - ok
21:47:09.0406 3600 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
21:47:09.0406 3600 BITS - ok
21:47:09.0484 3600 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:47:09.0500 3600 Bonjour Service - ok
21:47:09.0546 3600 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
21:47:09.0546 3600 Browser - ok
21:47:09.0593 3600 [ E76DC88F00D50F46072FEB2371769978 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
21:47:09.0593 3600 BTWUSB - ok
21:47:09.0625 3600 [ C2EF37F09CFEE9665E6CD7C0B0AFB84F ] CAMCAUD C:\WINDOWS\system32\drivers\camc6aud.sys
21:47:09.0625 3600 CAMCAUD - ok
21:47:09.0656 3600 [ 512DF898DE5C0654647ACD5C82F0BD99 ] CAMCHALA C:\WINDOWS\system32\drivers\camc6hal.sys
21:47:09.0656 3600 CAMCHALA - ok
21:47:09.0750 3600 catchme - ok
21:47:09.0781 3600 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:47:09.0781 3600 cbidf2k - ok
21:47:09.0781 3600 cd20xrnt - ok
21:47:09.0812 3600 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:47:09.0828 3600 Cdaudio - ok
21:47:09.0859 3600 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:47:09.0859 3600 Cdfs - ok
21:47:09.0875 3600 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:47:09.0875 3600 Cdrom - ok
21:47:09.0890 3600 Changer - ok
21:47:09.0937 3600 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:47:09.0937 3600 CiSvc - ok
21:47:09.0968 3600 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:47:09.0968 3600 ClipSrv - ok
21:47:10.0015 3600 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:47:10.0015 3600 clr_optimization_v2.0.50727_32 - ok
21:47:10.0109 3600 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:47:10.0109 3600 clr_optimization_v4.0.30319_32 - ok
21:47:10.0156 3600 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:47:10.0156 3600 CmBatt - ok
21:47:10.0171 3600 CmdIde - ok
21:47:10.0203 3600 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:47:10.0203 3600 Compbatt - ok
21:47:10.0218 3600 COMSysApp - ok
21:47:10.0250 3600 Cpqarray - ok
21:47:10.0296 3600 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:47:10.0296 3600 CryptSvc - ok
21:47:10.0312 3600 dac2w2k - ok
21:47:10.0328 3600 dac960nt - ok
21:47:10.0390 3600 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:47:10.0390 3600 DcomLaunch - ok
21:47:10.0468 3600 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:47:10.0468 3600 Dhcp - ok
21:47:10.0484 3600 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:47:10.0484 3600 Disk - ok
21:47:10.0500 3600 dmadmin - ok
21:47:10.0562 3600 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:47:10.0562 3600 dmboot - ok
21:47:10.0609 3600 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:47:10.0609 3600 dmio - ok
21:47:10.0625 3600 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:47:10.0625 3600 dmload - ok
21:47:10.0656 3600 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:47:10.0656 3600 dmserver - ok
21:47:10.0687 3600 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:47:10.0687 3600 DMusic - ok
21:47:10.0734 3600 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:47:10.0734 3600 Dnscache - ok
21:47:10.0781 3600 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:47:10.0781 3600 Dot3svc - ok
21:47:10.0796 3600 dpti2o - ok
21:47:10.0828 3600 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:47:10.0828 3600 drmkaud - ok
21:47:10.0859 3600 [ C6ACA0190EE7B614673EE0C91863B1EB ] eabfiltr C:\WINDOWS\system32\drivers\EABFiltr.sys
21:47:10.0859 3600 eabfiltr - ok
21:47:10.0890 3600 [ DA1011DB09AD641DE40CD5CCA70C0C43 ] eabusb C:\WINDOWS\system32\drivers\eabusb.sys
21:47:10.0890 3600 eabusb - ok
21:47:10.0921 3600 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:47:10.0921 3600 EapHost - ok
21:47:11.0015 3600 [ 8301243BDE5B6CD316D79C0191D50D9A ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
21:47:11.0015 3600 ehRecvr - ok
21:47:11.0078 3600 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
21:47:11.0078 3600 ehSched - ok
21:47:11.0109 3600 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:47:11.0125 3600 ERSvc - ok
21:47:11.0171 3600 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
21:47:11.0171 3600 Eventlog - ok
21:47:11.0218 3600 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
21:47:11.0218 3600 EventSystem - ok
21:47:11.0281 3600 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:47:11.0281 3600 Fastfat - ok
21:47:11.0328 3600 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:47:11.0328 3600 FastUserSwitchingCompatibility - ok
21:47:11.0343 3600 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
21:47:11.0359 3600 Fdc - ok
21:47:11.0359 3600 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:47:11.0375 3600 Fips - ok
21:47:11.0375 3600 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
21:47:11.0375 3600 Flpydisk - ok
21:47:11.0390 3600 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:47:11.0390 3600 FltMgr - ok
21:47:11.0546 3600 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:47:11.0546 3600 FontCache3.0.0.0 - ok
21:47:11.0593 3600 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:47:11.0593 3600 Fs_Rec - ok
21:47:11.0609 3600 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:47:11.0609 3600 Ftdisk - ok
21:47:11.0656 3600 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:47:11.0656 3600 GEARAspiWDM - ok
21:47:11.0671 3600 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:47:11.0671 3600 Gpc - ok
21:47:11.0750 3600 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:47:11.0750 3600 gupdate - ok
21:47:11.0765 3600 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:47:11.0765 3600 gupdatem - ok
21:47:11.0859 3600 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:47:11.0859 3600 helpsvc - ok
21:47:11.0875 3600 HidServ - ok
21:47:11.0921 3600 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:47:11.0921 3600 hkmsvc - ok
21:47:11.0937 3600 hpn - ok
21:47:11.0984 3600 [ 16CF6F0847C36FF3A85930ECBC4D3C43 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
21:47:11.0984 3600 hpqwmiex - ok
21:47:12.0031 3600 [ 503B9171B0D22922D81D627D404C763F ] HPSIService C:\WINDOWS\system32\HPSIsvc.exe
21:47:12.0046 3600 HPSIService - ok
21:47:12.0109 3600 [ 14794F142BEFC962AB142584607A6631 ] HSFHWATI C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
21:47:12.0109 3600 HSFHWATI - ok
21:47:12.0171 3600 [ F99BB4E2B462198B2B0A82D0949F0C41 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
21:47:12.0187 3600 HSF_DP - ok
21:47:12.0234 3600 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:47:12.0234 3600 HTTP - ok
21:47:12.0265 3600 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:47:12.0265 3600 HTTPFilter - ok
21:47:12.0281 3600 i2omgmt - ok
21:47:12.0296 3600 i2omp - ok
21:47:12.0343 3600 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:47:12.0359 3600 i8042prt - ok
21:47:12.0421 3600 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:47:12.0421 3600 IDriverT - ok
21:47:12.0515 3600 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:47:12.0531 3600 idsvc - ok
21:47:12.0562 3600 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:47:12.0562 3600 Imapi - ok
21:47:12.0609 3600 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
21:47:12.0609 3600 ImapiService - ok
21:47:12.0640 3600 ini910u - ok
21:47:12.0656 3600 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
21:47:12.0656 3600 IntelIde - ok
21:47:12.0734 3600 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
21:47:12.0734 3600 IntuitUpdateServiceV4 - ok
21:47:12.0765 3600 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
21:47:12.0765 3600 Ip6Fw - ok
21:47:12.0812 3600 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:47:12.0812 3600 IpFilterDriver - ok
21:47:12.0843 3600 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:47:12.0843 3600 IpInIp - ok
21:47:12.0890 3600 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:47:12.0890 3600 IpNat - ok
21:47:12.0968 3600 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:47:12.0968 3600 iPod Service - ok
21:47:13.0000 3600 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:47:13.0000 3600 IPSec - ok
21:47:13.0046 3600 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:47:13.0046 3600 IRENUM - ok
21:47:13.0093 3600 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:47:13.0093 3600 isapnp - ok
21:47:13.0171 3600 [ 9AA67569D5257462E230767510B0C815 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
21:47:13.0171 3600 JavaQuickStarterService - ok
21:47:13.0203 3600 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:47:13.0203 3600 Kbdclass - ok
21:47:13.0234 3600 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:47:13.0234 3600 kmixer - ok
21:47:13.0281 3600 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:47:13.0281 3600 KSecDD - ok
21:47:13.0343 3600 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:47:13.0343 3600 lanmanserver - ok
21:47:13.0390 3600 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:47:13.0390 3600 lanmanworkstation - ok
21:47:13.0406 3600 lbrtfdc - ok
21:47:13.0484 3600 [ 258CACA1DAADE43978E2ECC9BDC94E1C ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
21:47:13.0484 3600 LightScribeService - ok
21:47:13.0515 3600 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:47:13.0515 3600 LmHosts - ok
21:47:13.0562 3600 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
21:47:13.0562 3600 McrdSvc - ok
21:47:13.0593 3600 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:47:13.0593 3600 mdmxsdk - ok
21:47:13.0609 3600 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:47:13.0625 3600 Messenger - ok
21:47:13.0671 3600 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
21:47:13.0671 3600 MHN - ok
21:47:13.0718 3600 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
21:47:13.0718 3600 MHNDRV - ok
21:47:13.0734 3600 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:47:13.0734 3600 mnmdd - ok
21:47:13.0781 3600 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:47:13.0781 3600 mnmsrvc - ok
21:47:13.0812 3600 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:47:13.0812 3600 Modem - ok
21:47:13.0828 3600 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:47:13.0828 3600 Mouclass - ok
21:47:13.0875 3600 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:47:13.0875 3600 MountMgr - ok
21:47:13.0921 3600 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
21:47:13.0921 3600 MpFilter - ok
21:47:14.0046 3600 [ A69630D039C38018689190234F866D77 ] MpKsl282b5960 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B5AF6D63-BF2C-4CC4-A5C1-64E1B058967E}\MpKsl282b5960.sys
21:47:14.0046 3600 MpKsl282b5960 - ok
21:47:14.0062 3600 mraid35x - ok
21:47:14.0109 3600 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:47:14.0109 3600 MRxDAV - ok
21:47:14.0187 3600 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:47:14.0203 3600 MRxSmb - ok
21:47:14.0218 3600 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:47:14.0218 3600 Msfs - ok
21:47:14.0234 3600 MSIServer - ok
21:47:14.0265 3600 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:47:14.0265 3600 MSKSSRV - ok
21:47:14.0312 3600 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:47:14.0312 3600 MsMpSvc - ok
21:47:14.0343 3600 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:47:14.0343 3600 MSPCLOCK - ok
21:47:14.0375 3600 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:47:14.0375 3600 MSPQM - ok
21:47:14.0406 3600 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:47:14.0406 3600 mssmbios - ok
21:47:14.0437 3600 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:47:14.0437 3600 Mup - ok
21:47:14.0546 3600 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
21:47:14.0546 3600 napagent - ok
21:47:14.0578 3600 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:47:14.0578 3600 NDIS - ok
21:47:14.0640 3600 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:47:14.0640 3600 NdisTapi - ok
21:47:14.0671 3600 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:47:14.0671 3600 Ndisuio - ok
21:47:14.0703 3600 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:47:14.0703 3600 NdisWan - ok
21:47:14.0750 3600 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:47:14.0750 3600 NDProxy - ok
21:47:14.0781 3600 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:47:14.0781 3600 NetBIOS - ok
21:47:14.0812 3600 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:47:14.0812 3600 NetBT - ok
21:47:14.0859 3600 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
21:47:14.0859 3600 NetDDE - ok
21:47:14.0875 3600 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:47:14.0890 3600 NetDDEdsdm - ok
21:47:14.0906 3600 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:47:14.0921 3600 Netlogon - ok
21:47:14.0937 3600 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
21:47:14.0953 3600 Netman - ok
21:47:15.0000 3600 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:47:15.0000 3600 NetTcpPortSharing - ok
21:47:15.0015 3600 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:47:15.0015 3600 NIC1394 - ok
21:47:15.0046 3600 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
21:47:15.0046 3600 Nla - ok
21:47:15.0046 3600 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:47:15.0062 3600 Npfs - ok
21:47:15.0140 3600 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:47:15.0156 3600 Ntfs - ok
21:47:15.0171 3600 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:47:15.0171 3600 NtLmSsp - ok
21:47:15.0234 3600 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:47:15.0234 3600 NtmsSvc - ok
21:47:15.0265 3600 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:47:15.0265 3600 Null - ok
21:47:15.0281 3600 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:47:15.0281 3600 NwlnkFlt - ok
21:47:15.0296 3600 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:47:15.0296 3600 NwlnkFwd - ok
21:47:15.0328 3600 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:47:15.0328 3600 ohci1394 - ok
21:47:15.0390 3600 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:47:15.0406 3600 ose - ok
21:47:15.0468 3600 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
21:47:15.0468 3600 Parport - ok
21:47:15.0500 3600 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:47:15.0500 3600 PartMgr - ok
21:47:15.0531 3600 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:47:15.0531 3600 ParVdm - ok
21:47:15.0562 3600 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:47:15.0562 3600 PCI - ok
21:47:15.0578 3600 PCIDump - ok
21:47:15.0609 3600 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:47:15.0609 3600 PCIIde - ok
21:47:15.0656 3600 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:47:15.0656 3600 Pcmcia - ok
21:47:15.0671 3600 PDCOMP - ok
21:47:15.0671 3600 PDFRAME - ok
21:47:15.0687 3600 PDRELI - ok
21:47:15.0703 3600 PDRFRAME - ok
21:47:15.0718 3600 perc2 - ok
21:47:15.0734 3600 perc2hib - ok
21:47:15.0781 3600 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
21:47:15.0796 3600 PlugPlay - ok
21:47:15.0812 3600 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:47:15.0812 3600 PolicyAgent - ok
21:47:15.0828 3600 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:47:15.0828 3600 PptpMiniport - ok
21:47:15.0859 3600 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
21:47:15.0859 3600 Processor - ok
21:47:15.0859 3600 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:47:15.0859 3600 ProtectedStorage - ok
21:47:15.0875 3600 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:47:15.0875 3600 PSched - ok
21:47:15.0906 3600 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:47:15.0906 3600 Ptilink - ok
21:47:15.0937 3600 [ 86724469CD077901706854974CD13C3E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:47:15.0937 3600 PxHelp20 - ok
21:47:15.0953 3600 ql1080 - ok
21:47:15.0968 3600 Ql10wnt - ok
21:47:15.0984 3600 ql12160 - ok
21:47:16.0000 3600 ql1240 - ok
21:47:16.0015 3600 ql1280 - ok
21:47:16.0046 3600 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:47:16.0046 3600 RasAcd - ok
21:47:16.0093 3600 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:47:16.0093 3600 RasAuto - ok
21:47:16.0125 3600 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:47:16.0125 3600 Rasl2tp - ok
21:47:16.0187 3600 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:47:16.0187 3600 RasMan - ok
21:47:16.0218 3600 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:47:16.0218 3600 RasPppoe - ok
21:47:16.0234 3600 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:47:16.0234 3600 Raspti - ok
21:47:16.0265 3600 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:47:16.0265 3600 Rdbss - ok
21:47:16.0281 3600 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:47:16.0281 3600 RDPCDD - ok
21:47:16.0328 3600 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:47:16.0328 3600 rdpdr - ok
21:47:16.0375 3600 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:47:16.0375 3600 RDPWD - ok
21:47:16.0421 3600 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:47:16.0421 3600 RDSessMgr - ok
21:47:16.0453 3600 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:47:16.0453 3600 redbook - ok
21:47:16.0500 3600 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:47:16.0500 3600 RemoteAccess - ok
21:47:16.0546 3600 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
21:47:16.0562 3600 RemoteRegistry - ok
21:47:16.0578 3600 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
21:47:16.0593 3600 RpcLocator - ok
21:47:16.0625 3600 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
21:47:16.0640 3600 RpcSs - ok
21:47:16.0687 3600 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:47:16.0687 3600 RSVP - ok
21:47:16.0734 3600 [ 7889E3981E0A5D347E037ABD467D53A5 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
21:47:16.0734 3600 RTL8023xp - ok
21:47:16.0750 3600 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
21:47:16.0750 3600 rtl8139 - ok
21:47:16.0781 3600 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
21:47:16.0781 3600 SamSs - ok
21:47:16.0812 3600 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:47:16.0812 3600 SCardSvr - ok
21:47:16.0843 3600 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:47:16.0843 3600 Schedule - ok
21:47:16.0890 3600 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
21:47:16.0890 3600 sdbus - ok
21:47:16.0937 3600 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:47:16.0937 3600 Secdrv - ok
21:47:16.0968 3600 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
21:47:16.0968 3600 seclogon - ok
21:47:17.0015 3600 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
21:47:17.0015 3600 SENS - ok
21:47:17.0046 3600 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
21:47:17.0046 3600 Serial - ok
21:47:17.0109 3600 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:47:17.0109 3600 Sfloppy - ok
21:47:17.0171 3600 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:47:17.0171 3600 SharedAccess - ok
21:47:17.0203 3600 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:47:17.0203 3600 ShellHWDetection - ok
21:47:17.0218 3600 Simbad - ok
21:47:17.0250 3600 Sparrow - ok
21:47:17.0265 3600 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:47:17.0265 3600 splitter - ok
21:47:17.0312 3600 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:47:17.0312 3600 Spooler - ok
21:47:17.0328 3600 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:47:17.0343 3600 sr - ok
21:47:17.0359 3600 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
21:47:17.0375 3600 srservice - ok
21:47:17.0421 3600 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:47:17.0421 3600 Srv - ok
21:47:17.0453 3600 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:47:17.0468 3600 SSDPSRV - ok
21:47:17.0500 3600 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:47:17.0500 3600 stisvc - ok
21:47:17.0531 3600 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:47:17.0531 3600 swenum - ok
21:47:17.0546 3600 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:47:17.0546 3600 swmidi - ok
21:47:17.0562 3600 SwPrv - ok
21:47:17.0593 3600 symc810 - ok
21:47:17.0609 3600 symc8xx - ok
21:47:17.0656 3600 SYMIDSCO - ok
21:47:17.0671 3600 sym_hi - ok
21:47:17.0687 3600 sym_u3 - ok
21:47:17.0750 3600 [ F484C77F748729129D5CC9C965D9F701 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:47:17.0750 3600 SynTP - ok
21:47:17.0781 3600 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:47:17.0781 3600 sysaudio - ok
21:47:17.0828 3600 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:47:17.0828 3600 SysmonLog - ok
21:47:17.0875 3600 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:47:17.0875 3600 TapiSrv - ok
21:47:17.0937 3600 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:47:17.0937 3600 Tcpip - ok
21:47:17.0984 3600 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:47:17.0984 3600 TDPIPE - ok
21:47:18.0015 3600 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:47:18.0015 3600 TDTCP - ok
21:47:18.0046 3600 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:47:18.0046 3600 TermDD - ok
21:47:18.0078 3600 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
21:47:18.0093 3600 TermService - ok
21:47:18.0125 3600 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
21:47:18.0125 3600 Themes - ok
21:47:18.0156 3600 [ 9179E07503630D6FB2E4162FF0196191 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
21:47:18.0156 3600 tifm21 - ok
21:47:18.0203 3600 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
21:47:18.0203 3600 TlntSvr - ok
21:47:18.0218 3600 TosIde - ok
21:47:18.0250 3600 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:47:18.0250 3600 TrkWks - ok
21:47:18.0281 3600 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:47:18.0281 3600 Udfs - ok
21:47:18.0296 3600 ultra - ok
21:47:18.0343 3600 [ 9651E5D850B6F6BD7C77C70AA06F02BF ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
21:47:18.0343 3600 UMWdf - ok
21:47:18.0406 3600 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:47:18.0406 3600 Update - ok
21:47:18.0484 3600 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:47:18.0484 3600 upnphost - ok
21:47:18.0531 3600 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
21:47:18.0531 3600 UPS - ok
21:47:18.0671 3600 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
21:47:18.0671 3600 USBAAPL - ok
21:47:18.0687 3600 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:47:18.0687 3600 usbehci - ok
21:47:18.0734 3600 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:47:18.0734 3600 usbhub - ok
21:47:18.0781 3600 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:47:18.0781 3600 usbohci - ok
21:47:18.0812 3600 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:47:18.0812 3600 usbscan - ok
21:47:18.0843 3600 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:47:18.0843 3600 USBSTOR - ok
21:47:18.0875 3600 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:47:18.0875 3600 VgaSave - ok
21:47:18.0890 3600 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
21:47:18.0890 3600 ViaIde - ok
21:47:18.0906 3600 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:47:18.0906 3600 VolSnap - ok
21:47:18.0937 3600 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
21:47:18.0953 3600 VSS - ok
21:47:18.0968 3600 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
21:47:18.0984 3600 W32Time - ok
21:47:19.0015 3600 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:47:19.0015 3600 Wanarp - ok
21:47:19.0031 3600 WDICA - ok
21:47:19.0046 3600 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:47:19.0046 3600 wdmaud - ok
21:47:19.0078 3600 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:47:19.0078 3600 WebClient - ok
21:47:19.0140 3600 [ 214BC3AD84907AD6AD655AC5465F449A ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:47:19.0140 3600 winachsf - ok
21:47:19.0234 3600 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:47:19.0234 3600 winmgmt - ok
21:47:19.0296 3600 [ B9715B9C18BC6C8F4B66733D208CC9F7 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:47:19.0296 3600 WmdmPmSN - ok
21:47:19.0375 3600 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
21:47:19.0375 3600 Wmi - ok
21:47:19.0421 3600 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:47:19.0421 3600 WmiAcpi - ok
21:47:19.0484 3600 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:47:19.0484 3600 WmiApSrv - ok
21:47:19.0640 3600 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:47:19.0640 3600 WPFFontCache_v0400 - ok
21:47:19.0718 3600 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:47:19.0718 3600 WS2IFSL - ok
21:47:19.0765 3600 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:47:19.0765 3600 wscsvc - ok
21:47:19.0781 3600 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:47:19.0781 3600 wuauserv - ok
21:47:19.0859 3600 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:47:19.0859 3600 WZCSVC - ok
21:47:19.0906 3600 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:47:19.0906 3600 xmlprov - ok
21:47:19.0937 3600 ================ Scan global ===============================
21:47:19.0984 3600 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
21:47:20.0031 3600 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
21:47:20.0062 3600 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
21:47:20.0078 3600 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
21:47:20.0078 3600 [Global] - ok
21:47:20.0093 3600 ================ Scan MBR ==================================
21:47:20.0125 3600 [ 5AE5A393505CFFD37FE98C4A7922908D ] \Device\Harddisk0\DR0
21:47:20.0328 3600 \Device\Harddisk0\DR0 - ok
21:47:20.0328 3600 ================ Scan VBR ==================================
21:47:20.0328 3600 [ 09F7E2C8270BFBF0F68111C1FE3EB663 ] \Device\Harddisk0\DR0\Partition1
21:47:20.0328 3600 \Device\Harddisk0\DR0\Partition1 - ok
21:47:20.0343 3600 [ 6128DDE13E08E8D91041792683ACCCAC ] \Device\Harddisk0\DR0\Partition2
21:47:20.0343 3600 \Device\Harddisk0\DR0\Partition2 - ok
21:47:20.0359 3600 ============================================================
21:47:20.0359 3600 Scan finished
21:47:20.0359 3600 ============================================================
21:47:20.0375 3492 Detected object count: 0
21:47:20.0375 3492 Actual detected object count: 0

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-11 21:48:30
-----------------------------
21:48:30.265 OS Version: Windows 5.1.2600 Service Pack 3
21:48:30.265 Number of processors: 1 586 0x2402
21:48:30.265 ComputerName: PC207082390625 UserName: Kamyszek
21:48:31.000 Initialize success
21:57:09.531 AVAST engine defs: 12111101
21:58:46.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:58:46.703 Disk 0 Vendor: HTS541080G9AT00 MB4OA60A Size: 76319MB BusType: 3
21:58:46.718 Disk 0 MBR read successfully
21:58:46.718 Disk 0 MBR scan
21:58:46.937 Disk 0 unknown MBR code
21:58:46.937 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 62244 MB offset 63
21:58:46.984 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 13037 MB offset 127491840
21:58:47.078 Disk 0 Partition 3 00 D7 NTFS 1027 MB offset 154191870
21:58:47.218 Disk 0 scanning sectors +156296385
21:58:47.375 Disk 0 scanning C:\WINDOWS\system32\drivers
21:59:13.328 Service scanning
22:00:07.421 Modules scanning
22:00:39.265 Disk 0 trace - called modules:
22:00:39.734 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
22:00:39.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f46ab8]
22:00:39.765 3 CLASSPNP.SYS[f75d2fd7] -> nt!IofCallDriver -> \Device\0000006c[0x86f589e8]
22:00:39.765 5 ACPI.sys[f7469620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f73940]
22:00:44.609 AVAST engine scan C:\WINDOWS
22:01:18.531 AVAST engine scan C:\WINDOWS\system32
22:05:40.156 AVAST engine scan C:\WINDOWS\system32\drivers
22:06:02.343 AVAST engine scan C:\Documents and Settings\Kamyszek
22:13:25.546 AVAST engine scan C:\Documents and Settings\All Users
22:14:07.015 Scan finished successfully
22:19:49.796 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Kamyszek\Desktop\MBR.dat"
22:19:49.843 The log file has been saved successfully to "C:\Documents and Settings\Kamyszek\Desktop\aswMBR.txt"
  • 0

#10
gringo_pr
Posted 11 November 2012 - 09:42 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo
  • 0

Advertisements

#11
CompuFudge
Posted 11 November 2012 - 11:09 PM

CompuFudge

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
ComboFix 12-11-10.03 - Kamyszek 11/11/2012 22:49:58.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.609 [GMT -5:00]
Running from: c:\documents and settings\Kamyszek\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Kamyszek\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-12 to 2012-11-12 )))))))))))))))))))))))))))))))
.
.
2012-11-12 01:37 . 2012-11-12 01:37 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B5AF6D63-BF2C-4CC4-A5C1-64E1B058967E}\MpKsl282b5960.sys
2012-11-12 01:24 . 2012-11-12 01:24 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B5AF6D63-BF2C-4CC4-A5C1-64E1B058967E}\MpKsl27d529a1.sys
2012-11-11 07:02 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B5AF6D63-BF2C-4CC4-A5C1-64E1B058967E}\mpengine.dll
2012-11-11 06:00 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-09 00:27 . 2012-11-09 00:27 -------- d-----w- c:\program files\ESET
2012-11-09 00:09 . 2012-11-11 06:39 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-30 22:13 . 2012-10-30 22:13 -------- d-----w- c:\program files\iPod
2012-10-30 22:13 . 2012-10-30 22:15 -------- d-----w- c:\program files\iTunes
2012-10-30 22:13 . 2012-10-30 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-08 20:53 . 2012-09-19 17:58 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-08 20:53 . 2011-12-03 11:52 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-30 00:54 . 2012-01-11 01:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 02:03 . 2011-04-18 18:18 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-28 15:14 . 2004-08-10 15:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2004-08-10 15:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2004-08-10 15:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-10 15:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-10 15:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 17:01 . 2012-01-19 23:00 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 17:01 . 2012-01-19 23:00 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-21 13:29 . 2004-08-10 15:00 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2004-08-10 15:00 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 344064]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
2005-08-01 21:26 233534 ----a-w- c:\program files\HPQ\Default Settings\Cpqset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2005-12-13 21:45 507904 ----a-w- c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]
2005-10-11 17:23 1187840 ----a-w- c:\windows\SMINST\Recguard.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\LJP1100_P1560_P1600_Full_Solution\\ProductInst.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9100:TCP"= 9100:TCP:Advanced TCP/IP Printer Port
"427:TCP"= 427:TCP:Advanced TCP/IP SLP Port
"161:TCP"= 161:TCP:Advanced TCP/IP SNMP Port
"427:UDP"= 427:UDP:SLP
.
R1 MpKsl282b5960;MpKsl282b5960;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B5AF6D63-BF2C-4CC4-A5C1-64E1B058967E}\MpKsl282b5960.sys [11/11/2012 8:37 PM 29904]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [12/8/2011 3:54 PM 99896]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 4:06 AM 231424]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 94076456
*NewlyCreated* - ASWMBR
*NewlyCreated* - MPKSL27D529A1
*NewlyCreated* - MPKSL282B5960
*NewlyCreated* - TRUESIGHT
*Deregistered* - 94076456
*Deregistered* - aswMBR
*Deregistered* - TrueSight
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-19 20:53]
.
2012-11-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-14 16:48]
.
2012-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-14 16:48]
.
2012-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3184365701-2864391098-1078614-1005Core.job
- c:\documents and settings\Kamyszek\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-27 18:18]
.
2012-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3184365701-2864391098-1078614-1005UA.job
- c:\documents and settings\Kamyszek\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-27 18:18]
.
2012-11-12 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 21:25]
.
2012-11-12 c:\windows\Tasks\User_Feed_Synchronization-{0C52C0B9-31A7-469E-A605-8CCA41ED2C17}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-11 22:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(844)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3196)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-11-11 22:56:04
ComboFix-quarantined-files.txt 2012-11-12 03:56
ComboFix2.txt 2012-11-12 02:13
.
Pre-Run: 5,691,650,048 bytes free
Post-Run: 5,829,365,760 bytes free
.
- - End Of File - - E565D07CFDC2C1BF9C0C2B51007593CB

The only issue I've had is that ComboFix is insisting that Microsoft Security Essentials is running when it is in fact not. Not only did I disable the active scanning like it said to in your link, but I also stopped the process for it. I'm 100% sure it isn't running.
  • 0

#12
gringo_pr
Posted 12 November 2012 - 05:08 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Coupon Printer for Windows
Java™ 6 Update 30
 [/list]

  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#13
CompuFudge
Posted 12 November 2012 - 06:58 AM

CompuFudge

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.12.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Kamyszek :: PC207082390625 [administrator]

11/12/2012 7:51:31 AM
mbam-log-2012-11-12 (07-51-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212747
Time elapsed: 5 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:55:00 AM, on 11/12/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\HPSIsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Kamyszek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kamyszek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kamyszek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kamyszek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kamyszek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kamyszek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kamyszek\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...ilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP SI Service (HPSIService) - HP - C:\WINDOWS\system32\HPSIsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 7511 bytes

Computer seems fine other than the fact that it's still redirecting my google search results.
  • 0

#14
gringo_pr
Posted 12 November 2012 - 07:37 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
      O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
  • 0

#15
CompuFudge
Posted 12 November 2012 - 06:03 PM

CompuFudge

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
ESET stalls out on Initialization. error message: "can not get update: is proxy installed?"

To my knowledge there is no proxy at all. I have never set one up, nor have I seen any evidence of one in any of the network settings.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP