Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Unable to use any search engines.

Started by sackett, May 25 2012 10:32 AM

This topic is locked
Go to first unread post

18 replies to this topic

#1
sackett

Posted 25 May 2012 - 10:32 AM

New Member

Members
11 posts

Hello...

I am unable to access most search engines, instead, I'm being redirected. Those engines I do reach, I cannot use the hotlinks, but instead must input them into the address bar. Also, any site that requires a security test, (the random, funky letters) do not work...either the letters do no appear, or when inputted, are disregarded as incorrect.

I would welcome any help you could give me.
====================================================

Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/23/2010 2:59:19 PM
System Uptime: 5/24/2012 11:15:22 AM (0 hours ago)
.
Motherboard: Dell Computer Corp. | | 0U8211
Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2792/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 56 GiB total, 28.048 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP619: 3/20/2012 5:37:52 PM - System Checkpoint
RP620: 3/21/2012 7:36:53 AM - Software Distribution Service 3.0
RP621: 3/21/2012 10:58:36 PM - Software Distribution Service 3.0
RP622: 3/22/2012 7:38:38 AM - Software Distribution Service 3.0
RP623: 3/22/2012 9:50:30 PM - Software Distribution Service 3.0
RP624: 3/24/2012 10:55:57 AM - System Checkpoint
RP625: 3/25/2012 12:33:56 PM - System Checkpoint
RP626: 3/26/2012 7:38:09 PM - System Checkpoint
RP627: 3/27/2012 7:47:52 PM - System Checkpoint
RP628: 3/28/2012 8:05:30 PM - System Checkpoint
RP629: 3/29/2012 8:57:16 PM - System Checkpoint
RP630: 3/30/2012 8:59:35 PM - System Checkpoint
RP631: 3/31/2012 8:59:57 PM - System Checkpoint
RP632: 4/1/2012 9:06:19 PM - System Checkpoint
RP633: 4/3/2012 7:26:00 PM - System Checkpoint
RP634: 4/4/2012 8:18:08 PM - System Checkpoint
RP635: 4/5/2012 8:28:53 PM - System Checkpoint
RP636: 4/6/2012 9:08:31 PM - System Checkpoint
RP637: 4/8/2012 7:55:31 AM - System Checkpoint
RP638: 4/12/2012 7:46:56 AM - Software Distribution Service 3.0
RP639: 4/13/2012 11:32:12 AM - System Checkpoint
RP640: 4/15/2012 8:00:09 AM - System Checkpoint
RP641: 4/16/2012 10:49:35 AM - System Checkpoint
RP642: 4/17/2012 2:46:59 PM - System Checkpoint
RP643: 4/18/2012 4:02:09 PM - System Checkpoint
RP644: 4/19/2012 4:24:38 PM - System Checkpoint
RP645: 4/20/2012 5:17:20 PM - System Checkpoint
RP646: 4/22/2012 3:30:43 AM - System Checkpoint
RP647: 4/23/2012 5:13:21 PM - System Checkpoint
RP648: 4/24/2012 8:58:09 PM - System Checkpoint
RP649: 4/26/2012 4:54:16 PM - System Checkpoint
RP650: 4/27/2012 9:06:54 PM - System Checkpoint
RP651: 4/28/2012 9:50:39 PM - System Checkpoint
RP652: 4/30/2012 6:41:26 AM - System Checkpoint
RP653: 5/1/2012 7:22:36 AM - System Checkpoint
RP654: 5/3/2012 7:51:34 AM - System Checkpoint
RP655: 5/5/2012 8:27:55 AM - System Checkpoint
RP656: 5/6/2012 3:30:51 PM - System Checkpoint
RP657: 5/7/2012 3:59:20 PM - System Checkpoint
RP658: 5/9/2012 7:44:07 AM - System Checkpoint
RP659: 5/10/2012 3:00:29 AM - Software Distribution Service 3.0
RP660: 5/11/2012 7:59:40 PM - System Checkpoint
RP661: 5/12/2012 8:32:37 PM - System Checkpoint
RP662: 5/13/2012 10:45:27 PM - System Checkpoint
RP663: 5/19/2012 3:25:15 PM - System Checkpoint
RP664: 5/20/2012 5:23:58 PM - System Checkpoint
RP665: 5/20/2012 11:55:59 PM - Installed AVG 2012
RP666: 5/21/2012 12:07:02 AM - Removed AVG 2012
RP667: 5/23/2012 3:24:51 PM - System Checkpoint
RP668: 5/24/2012 11:39:19 AM - Installed HiJackThis
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2)
Airlink101 WLAN Monitor
Arclab Thumb Studio 2.1
AVG 2012
Batch PNG to JPG
CCleaner
Chris Moneymakers World Poker Championship (remove only)
Compatibility Pack for the 2007 Office system
Facebook Plug-In
FYZip 1.00
GoToAssist Corporate
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
hp psc 1200 series
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Connections Drivers
Java Auto Updater
Java™ 6 Update 29
Just BASIC v1.0
K-Lite Codec Pack 5.6.1 (Full)
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 6.0 Parser
OGA Notifier 2.0.0048.0
OLYMPUS ib
Orbit Downloader
PhoTags Express
Photo Pos Pro
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sothink FLV Player
SoundMAX
Uninstall Dual Mode Camera
Unique Filer
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
WebFldrs XP
Windows 7 Upgrade Advisor
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinPump
Yontoo Layers 1.10.01
Zune Desktop Theme
.
==== Event Viewer Messages From Past Week ========
.
5/24/2012 11:17:24 AM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 00212F2EBCFC has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/23/2012 7:08:46 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00212F2EBCFC. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
5/23/2012 6:57:29 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
5/23/2012 12:06:07 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
5/23/2012 12:05:45 PM, error: Service Control Manager [7022] - The AVGIDSAgent service hung on starting.
5/20/2012 11:56:01 AM, error: ipnathlp [31008] - The DNS proxy agent was unable to read the local list of name-resolution servers from the registry. The data is the error code.
.
==== End Of File ===========================

DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Administrator at 11:45:15 on 2012-05-24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.417 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Olympus\ib\olycamdetect.exe
C:\Program Files\Airlink101\Airlink101 WLAN Monitor\RtWLan.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers\YontooIEClient.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Olympus ib] "c:\program files\olympus\ib\olycamdetect.exe" /Startup
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [MDS_Menu] "c:\program files\olympus\ib\muitransfer\muistartmenu.exe" "c:\program files\olympus\ib" updatewithcreateonce "software\olympus\ib\1.0"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\airlin~1.lnk - c:\program files\airlink101\airlink101 wlan monitor\RtWLan.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264422264467
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 69.66.0.20 69.66.1.20
TCP: Interfaces\{FA0C88B3-510C-4CE7-A797-3875C0B964DE} : DhcpNameServer = 69.66.0.20 69.66.1.20
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.0.2\ViProtocol.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 94.63.147.16 www.google.com
Hosts: 94.63.147.17 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\vo9qzlyr.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z178&form=ZGAADF&install_date=20111113&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\administrator\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 301248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\common files\avg secure search\vtoolbarupdater\11.0.2\ToolbarUpdater.exe [2012-5-21 932736]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 RTL8192su;Airlink101 AWLL6077v2 Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2010-2-23 587776]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-5 257696]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-15 1025352]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-12 129976]
S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\drivers\OlyCamComm.sys [2011-8-17 21648]
.
=============== Created Last 30 ================
.
2012-05-24 16:39:36 388096 ----a-r- c:\documents and settings\administrator\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-05-24 16:39:30 -------- d-----w- c:\program files\Trend Micro
2012-05-21 05:02:58 -------- d-----w- c:\documents and settings\administrator\local settings\application data\AVG Secure Search
2012-05-21 05:02:19 -------- d-----w- c:\program files\AVG Secure Search
2012-05-12 22:58:40 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-12 22:58:10 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-05-12 22:58:10 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-05-05 13:05:33 4140192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
==================== Find3M ====================
.
2012-05-05 14:05:48 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 14:05:47 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-19 09:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-19 10:17:28 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 11:47:56.43 ===============

HijackThis Log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:49:56 AM, on 5/24/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Olympus\ib\olycamdetect.exe
C:\Program Files\Airlink101\Airlink101 WLAN Monitor\RtWLan.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O1 - Hosts: 94.63.147.16 www.google.com
O1 - Hosts: 94.63.147.17 www.bing.com
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers\YontooIEClient.dll (file missing)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Olympus\ib" UpdateWithCreateOnce "Software\OLYMPUS\ib\1.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Olympus ib] "C:\Program Files\Olympus\ib\olycamdetect.exe" /Startup
O4 - Global Startup: AirLink101 Wireless Monitor.lnk = C:\Program Files\Airlink101\Airlink101 WLAN Monitor\RtWLan.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1264422264467
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: vToolbarUpdater11.0.2 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
--
End of file - 8229 bytes

#2
D-FRED-BROWN

Posted 25 May 2012 - 12:07 PM

Resident Bracketologist

Trusted Advisors
2,189 posts

Gender:Male
Location:MHK
Interests:music, computer security, computer sciences, food

Hello sackett and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you.

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download to your Desktop:

TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

Click on the Start Scan button and wait for the scan and disinfection process to be over.
If an infected file is detected, the default action will be Cure, click on Continue
If a suspicious file is detected, the default action will be Skip, click on Continue
If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

TDSSKiller_log.txt

how the PC is running now?

-------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.

-------------

Please download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

TDSSKiller logfile
C:\ComboFix.txt
Security Check checkup.txt

How is your computer running now?

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image

Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.

Thank you!

#3
sackett

Posted 25 May 2012 - 03:26 PM

New Member

Members
11 posts

Hello D-Fred-Brown...I appreciate your help. Ran TDSSKiller...it came up with no infections. Here is the log...

15:21:12.0515 3768 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
15:21:14.0515 3768 ============================================================
15:21:14.0515 3768 Current date / time: 2012/05/25 15:21:14.0515
15:21:14.0515 3768 SystemInfo:
15:21:14.0515 3768
15:21:14.0515 3768 OS Version: 5.1.2600 ServicePack: 3.0
15:21:14.0515 3768 Product type: Workstation
15:21:14.0515 3768 ComputerName: HOME-U34YZ0HV8I
15:21:14.0515 3768 UserName: Administrator
15:21:14.0515 3768 Windows directory: C:\WINDOWS
15:21:14.0515 3768 System windows directory: C:\WINDOWS
15:21:14.0515 3768 Processor architecture: Intel x86
15:21:14.0515 3768 Number of processors: 1
15:21:14.0515 3768 Page size: 0x1000
15:21:14.0515 3768 Boot type: Normal boot
15:21:14.0515 3768 ============================================================
15:21:17.0875 3768 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:21:17.0875 3768 ============================================================
15:21:17.0875 3768 \Device\Harddisk0\DR0:
15:21:17.0875 3768 MBR partitions:
15:21:17.0875 3768 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC3D80
15:21:17.0875 3768 ============================================================
15:21:18.0015 3768 C: <-> \Device\Harddisk0\DR0\Partition0
15:21:18.0015 3768 ============================================================
15:21:18.0015 3768 Initialize success
15:21:18.0015 3768 ============================================================
15:22:48.0765 2596 ============================================================
15:22:48.0765 2596 Scan started
15:22:48.0765 2596 Mode: Manual;
15:22:48.0765 2596 ============================================================
15:22:51.0734 2596 Abiosdsk - ok
15:22:51.0750 2596 abp480n5 - ok
15:22:51.0937 2596 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:22:52.0000 2596 ACPI - ok
15:22:52.0093 2596 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:22:52.0140 2596 ACPIEC - ok
15:22:52.0359 2596 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:22:52.0375 2596 AdobeFlashPlayerUpdateSvc - ok
15:22:52.0390 2596 adpu160m - ok
15:22:52.0453 2596 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
15:22:52.0453 2596 aeaudio - ok
15:22:52.0609 2596 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:22:52.0687 2596 aec - ok
15:22:52.0921 2596 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
15:22:53.0843 2596 AegisP - ok
15:22:53.0984 2596 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:22:54.0046 2596 AFD - ok
15:22:54.0093 2596 Aha154x - ok
15:22:54.0109 2596 aic78u2 - ok
15:22:54.0109 2596 aic78xx - ok
15:22:54.0234 2596 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
15:22:54.0875 2596 Alerter - ok
15:22:54.0953 2596 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
15:22:54.0984 2596 ALG - ok
15:22:55.0000 2596 AliIde - ok
15:22:55.0031 2596 amsint - ok
15:22:55.0140 2596 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
15:22:55.0218 2596 AppMgmt - ok
15:22:55.0234 2596 asc - ok
15:22:55.0250 2596 asc3350p - ok
15:22:55.0265 2596 asc3550 - ok
15:22:55.0906 2596 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:22:55.0984 2596 aspnet_state - ok
15:22:56.0156 2596 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:22:56.0765 2596 AsyncMac - ok
15:22:56.0828 2596 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:22:56.0828 2596 atapi - ok
15:22:56.0843 2596 Atdisk - ok
15:22:56.0953 2596 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:22:56.0984 2596 Atmarpc - ok
15:22:57.0171 2596 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
15:22:58.0281 2596 AudioSrv - ok
15:22:58.0328 2596 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:22:58.0375 2596 audstub - ok
15:22:59.0921 2596 AVG Security Toolbar Service (3a457c2f798cad79cd30224e723e01fb) C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
15:23:00.0515 2596 AVG Security Toolbar Service - ok
15:23:05.0296 2596 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
15:23:07.0531 2596 AVGIDSAgent - ok
15:23:08.0796 2596 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
15:23:09.0546 2596 AVGIDSDriver - ok
15:23:09.0609 2596 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
15:23:09.0671 2596 AVGIDSFilter - ok
15:23:09.0781 2596 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
15:23:09.0781 2596 AVGIDSHX - ok
15:23:09.0843 2596 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
15:23:09.0890 2596 AVGIDSShim - ok
15:23:10.0265 2596 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
15:23:11.0031 2596 Avgldx86 - ok
15:23:11.0218 2596 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
15:23:11.0250 2596 Avgmfx86 - ok
15:23:11.0359 2596 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
15:23:11.0375 2596 Avgrkx86 - ok
15:23:12.0171 2596 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
15:23:13.0578 2596 Avgtdix - ok
15:23:13.0921 2596 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
15:23:14.0015 2596 avgwd - ok
15:23:14.0078 2596 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:23:14.0843 2596 Beep - ok
15:23:15.0359 2596 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
15:23:16.0640 2596 BITS - ok
15:23:16.0718 2596 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
15:23:16.0750 2596 Browser - ok
15:23:16.0796 2596 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:23:16.0812 2596 cbidf2k - ok
15:23:16.0859 2596 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:23:16.0875 2596 CCDECODE - ok
15:23:16.0890 2596 cd20xrnt - ok
15:23:16.0953 2596 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:23:16.0953 2596 Cdaudio - ok
15:23:17.0093 2596 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:23:17.0093 2596 Cdfs - ok
15:23:17.0171 2596 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:23:17.0187 2596 Cdrom - ok
15:23:17.0203 2596 Changer - ok
15:23:17.0281 2596 cisvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\System32\cisvc.exe
15:23:17.0296 2596 cisvc - ok
15:23:17.0328 2596 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
15:23:17.0343 2596 ClipSrv - ok
15:23:17.0531 2596 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:23:17.0562 2596 clr_optimization_v2.0.50727_32 - ok
15:23:17.0578 2596 CmdIde - ok
15:23:17.0593 2596 COMSysApp - ok
15:23:17.0609 2596 Cpqarray - ok
15:23:17.0671 2596 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
15:23:17.0687 2596 CryptSvc - ok
15:23:17.0703 2596 dac2w2k - ok
15:23:17.0718 2596 dac960nt - ok
15:23:17.0906 2596 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
15:23:18.0078 2596 DcomLaunch - ok
15:23:18.0203 2596 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
15:23:18.0265 2596 Dhcp - ok
15:23:18.0312 2596 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:23:18.0312 2596 Disk - ok
15:23:18.0359 2596 dmadmin - ok
15:23:18.0937 2596 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:23:19.0312 2596 dmboot - ok
15:23:19.0468 2596 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:23:19.0500 2596 dmio - ok
15:23:19.0578 2596 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:23:19.0578 2596 dmload - ok
15:23:19.0640 2596 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
15:23:19.0718 2596 dmserver - ok
15:23:19.0750 2596 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:23:19.0781 2596 DMusic - ok
15:23:19.0859 2596 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
15:23:19.0875 2596 Dnscache - ok
15:23:19.0984 2596 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
15:23:20.0031 2596 Dot3svc - ok
15:23:20.0046 2596 dpti2o - ok
15:23:20.0078 2596 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:23:20.0078 2596 drmkaud - ok
15:23:20.0234 2596 E1000 (d94437e7ee086677b266099f695cdea1) C:\WINDOWS\system32\DRIVERS\e1000325.sys
15:23:20.0296 2596 E1000 - ok
15:23:20.0375 2596 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
15:23:20.0375 2596 EapHost - ok
15:23:20.0437 2596 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
15:23:20.0453 2596 ERSvc - ok
15:23:20.0546 2596 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:23:20.0578 2596 Eventlog - ok
15:23:20.0718 2596 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
15:23:20.0796 2596 EventSystem - ok
15:23:20.0875 2596 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:23:20.0921 2596 Fastfat - ok
15:23:21.0171 2596 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:23:21.0250 2596 FastUserSwitchingCompatibility - ok
15:23:21.0296 2596 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:23:21.0296 2596 Fdc - ok
15:23:21.0390 2596 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:23:21.0406 2596 Fips - ok
15:23:21.0421 2596 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:23:21.0437 2596 Flpydisk - ok
15:23:21.0500 2596 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:23:21.0531 2596 FltMgr - ok
15:23:21.0656 2596 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:23:21.0671 2596 FontCache3.0.0.0 - ok
15:23:21.0718 2596 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:23:21.0734 2596 Fs_Rec - ok
15:23:22.0265 2596 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:23:22.0281 2596 Ftdisk - ok
15:23:22.0421 2596 GoToAssist (8f6ae606eb0cc884ee12c41948424422) C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe
15:23:22.0437 2596 GoToAssist - ok
15:23:22.0484 2596 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:23:22.0500 2596 Gpc - ok
15:23:22.0609 2596 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:23:22.0625 2596 helpsvc - ok
15:23:22.0687 2596 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
15:23:22.0703 2596 HidServ - ok
15:23:22.0734 2596 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:23:22.0734 2596 hidusb - ok
15:23:22.0796 2596 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
15:23:22.0828 2596 hkmsvc - ok
15:23:22.0828 2596 hpn - ok
15:23:22.0843 2596 hpt3xx - ok
15:23:23.0031 2596 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:23:23.0109 2596 HTTP - ok
15:23:23.0156 2596 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
15:23:23.0187 2596 HTTPFilter - ok
15:23:23.0203 2596 i2omgmt - ok
15:23:23.0218 2596 i2omp - ok
15:23:23.0265 2596 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:23:23.0281 2596 i8042prt - ok
15:23:23.0765 2596 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
15:23:24.0234 2596 ialm - ok
15:23:24.0625 2596 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:23:24.0906 2596 idsvc - ok
15:23:25.0203 2596 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:23:25.0218 2596 Imapi - ok
15:23:25.0328 2596 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\System32\imapi.exe
15:23:25.0375 2596 ImapiService - ok
15:23:25.0390 2596 ini910u - ok
15:23:25.0421 2596 IntelIde - ok
15:23:25.0453 2596 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:23:25.0468 2596 intelppm - ok
15:23:25.0531 2596 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:23:25.0546 2596 ip6fw - ok
15:23:25.0593 2596 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:23:25.0609 2596 IpFilterDriver - ok
15:23:25.0640 2596 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:23:25.0640 2596 IpInIp - ok
15:23:25.0734 2596 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:23:25.0781 2596 IpNat - ok
15:23:25.0828 2596 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:23:25.0843 2596 IPSec - ok
15:23:25.0890 2596 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:23:25.0890 2596 IRENUM - ok
15:23:25.0953 2596 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:23:25.0953 2596 isapnp - ok
15:23:26.0296 2596 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
15:23:26.0343 2596 JavaQuickStarterService - ok
15:23:26.0421 2596 JL2005C (b12f5ff3a2221987ac3a81ce1fe76cc6) C:\WINDOWS\system32\Drivers\jl2005c.sys
15:23:26.0453 2596 JL2005C - ok
15:23:26.0484 2596 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:23:26.0500 2596 Kbdclass - ok
15:23:26.0531 2596 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:23:26.0531 2596 kbdhid - ok
15:23:26.0625 2596 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:23:26.0671 2596 kmixer - ok
15:23:26.0765 2596 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:23:26.0781 2596 KSecDD - ok
15:23:26.0859 2596 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
15:23:26.0906 2596 lanmanserver - ok
15:23:27.0125 2596 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
15:23:27.0187 2596 lanmanworkstation - ok
15:23:27.0187 2596 lbrtfdc - ok
15:23:27.0265 2596 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
15:23:27.0281 2596 LmHosts - ok
15:23:27.0328 2596 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
15:23:27.0328 2596 Messenger - ok
15:23:27.0406 2596 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:23:27.0406 2596 mnmdd - ok
15:23:27.0468 2596 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
15:23:27.0484 2596 mnmsrvc - ok
15:23:27.0531 2596 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:23:27.0531 2596 Modem - ok
15:23:27.0578 2596 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:23:27.0593 2596 Mouclass - ok
15:23:27.0625 2596 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:23:27.0625 2596 mouhid - ok
15:23:27.0687 2596 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:23:27.0687 2596 MountMgr - ok
15:23:27.0781 2596 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:23:27.0828 2596 MozillaMaintenance - ok
15:23:27.0843 2596 mraid35x - ok
15:23:27.0937 2596 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:23:28.0031 2596 MRxDAV - ok
15:23:28.0281 2596 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:23:28.0421 2596 MRxSmb - ok
15:23:28.0453 2596 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
15:23:28.0453 2596 MSDTC - ok
15:23:28.0515 2596 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:23:28.0515 2596 Msfs - ok
15:23:28.0515 2596 MSIServer - ok
15:23:28.0562 2596 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:23:28.0562 2596 MSKSSRV - ok
15:23:28.0593 2596 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:23:28.0593 2596 MSPCLOCK - ok
15:23:28.0625 2596 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:23:28.0625 2596 MSPQM - ok
15:23:28.0671 2596 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:23:28.0671 2596 mssmbios - ok
15:23:28.0718 2596 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:23:28.0718 2596 MSTEE - ok
15:23:28.0796 2596 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:23:28.0812 2596 Mup - ok
15:23:28.0875 2596 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:23:28.0906 2596 NABTSFEC - ok
15:23:29.0125 2596 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
15:23:29.0234 2596 napagent - ok
15:23:29.0312 2596 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:23:29.0359 2596 NDIS - ok
15:23:29.0390 2596 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:23:29.0390 2596 NdisIP - ok
15:23:29.0453 2596 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:23:29.0468 2596 NdisTapi - ok
15:23:29.0484 2596 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:23:29.0500 2596 Ndisuio - ok
15:23:29.0546 2596 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:23:29.0578 2596 NdisWan - ok
15:23:29.0625 2596 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:23:29.0640 2596 NDProxy - ok
15:23:29.0687 2596 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:23:29.0687 2596 NetBIOS - ok
15:23:29.0765 2596 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:23:29.0812 2596 NetBT - ok
15:23:29.0890 2596 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:23:29.0937 2596 NetDDE - ok
15:23:29.0937 2596 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:23:29.0953 2596 NetDDEdsdm - ok
15:23:29.0984 2596 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
15:23:30.0000 2596 Netlogon - ok
15:23:30.0187 2596 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
15:23:30.0250 2596 Netman - ok
15:23:30.0437 2596 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:23:30.0484 2596 NetTcpPortSharing - ok
15:23:30.0609 2596 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
15:23:30.0687 2596 Nla - ok
15:23:30.0734 2596 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:23:30.0734 2596 Npfs - ok
15:23:30.0937 2596 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:23:31.0171 2596 Ntfs - ok
15:23:31.0187 2596 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
15:23:31.0203 2596 NtLmSsp - ok
15:23:31.0390 2596 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
15:23:31.0531 2596 NtmsSvc - ok
15:23:31.0593 2596 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:23:31.0593 2596 Null - ok
15:23:31.0656 2596 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:23:31.0656 2596 NwlnkFlt - ok
15:23:31.0687 2596 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:23:31.0703 2596 NwlnkFwd - ok
15:23:31.0750 2596 OlyCamComm (f4cb9c1991314b1352ddbd8a968e4471) C:\WINDOWS\system32\DRIVERS\OlyCamComm.sys
15:23:31.0750 2596 OlyCamComm - ok
15:23:31.0828 2596 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:23:31.0859 2596 Parport - ok
15:23:31.0875 2596 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:23:31.0875 2596 PartMgr - ok
15:23:31.0906 2596 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:23:31.0906 2596 ParVdm - ok
15:23:31.0953 2596 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:23:31.0953 2596 PCI - ok
15:23:32.0031 2596 PCIDump - ok
15:23:32.0109 2596 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:23:32.0109 2596 PCIIde - ok
15:23:32.0187 2596 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:23:32.0218 2596 Pcmcia - ok
15:23:32.0234 2596 PDCOMP - ok
15:23:32.0250 2596 PDFRAME - ok
15:23:32.0265 2596 PDRELI - ok
15:23:32.0281 2596 PDRFRAME - ok
15:23:32.0296 2596 perc2 - ok
15:23:32.0312 2596 perc2hib - ok
15:23:32.0421 2596 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:23:32.0421 2596 PlugPlay - ok
15:23:32.0437 2596 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
15:23:32.0437 2596 PolicyAgent - ok
15:23:32.0484 2596 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:23:32.0500 2596 PptpMiniport - ok
15:23:32.0531 2596 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
15:23:32.0531 2596 Processor - ok
15:23:32.0546 2596 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:23:32.0546 2596 ProtectedStorage - ok
15:23:32.0593 2596 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:23:32.0609 2596 PSched - ok
15:23:32.0640 2596 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:23:32.0640 2596 Ptilink - ok
15:23:32.0718 2596 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:23:32.0718 2596 PxHelp20 - ok
15:23:32.0734 2596 ql1080 - ok
15:23:32.0750 2596 Ql10wnt - ok
15:23:32.0765 2596 ql12160 - ok
15:23:32.0781 2596 ql1240 - ok
15:23:32.0796 2596 ql1280 - ok
15:23:32.0812 2596 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:23:32.0812 2596 RasAcd - ok
15:23:32.0859 2596 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
15:23:32.0890 2596 RasAuto - ok
15:23:32.0937 2596 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:23:33.0000 2596 Rasl2tp - ok
15:23:33.0203 2596 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
15:23:33.0265 2596 RasMan - ok
15:23:33.0296 2596 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:23:33.0312 2596 RasPppoe - ok
15:23:33.0328 2596 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:23:33.0343 2596 Raspti - ok
15:23:33.0421 2596 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:23:33.0468 2596 Rdbss - ok
15:23:33.0484 2596 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:23:33.0484 2596 RDPCDD - ok
15:23:33.0593 2596 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:23:33.0656 2596 rdpdr - ok
15:23:33.0765 2596 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
15:23:33.0812 2596 RDPWD - ok
15:23:33.0906 2596 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
15:23:33.0953 2596 RDSessMgr - ok
15:23:34.0109 2596 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:23:34.0171 2596 redbook - ok
15:23:34.0250 2596 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
15:23:34.0265 2596 RemoteAccess - ok
15:23:34.0343 2596 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
15:23:34.0359 2596 RemoteRegistry - ok
15:23:34.0406 2596 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
15:23:34.0437 2596 RpcLocator - ok
15:23:34.0843 2596 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
15:23:34.0859 2596 RpcSs - ok
15:23:34.0984 2596 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
15:23:35.0031 2596 RSVP - ok
15:23:35.0609 2596 RTL8192su (2ec68b7c25e4c04273b142b828eb4b84) C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
15:23:35.0796 2596 RTL8192su - ok
15:23:35.0875 2596 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:23:35.0875 2596 SamSs - ok
15:23:35.0953 2596 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
15:23:36.0015 2596 SCardSvr - ok
15:23:36.0234 2596 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
15:23:36.0296 2596 Schedule - ok
15:23:36.0328 2596 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:23:36.0328 2596 Secdrv - ok
15:23:36.0390 2596 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
15:23:36.0406 2596 seclogon - ok
15:23:36.0453 2596 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
15:23:36.0453 2596 SENS - ok
15:23:36.0484 2596 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:23:36.0484 2596 serenum - ok
15:23:36.0531 2596 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:23:36.0562 2596 Serial - ok
15:23:36.0593 2596 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:23:36.0593 2596 Sfloppy - ok
15:23:36.0734 2596 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
15:23:36.0843 2596 SharedAccess - ok
15:23:36.0937 2596 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:23:36.0937 2596 ShellHWDetection - ok
15:23:36.0953 2596 Simbad - ok
15:23:37.0046 2596 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:23:37.0046 2596 SLIP - ok
15:23:37.0328 2596 smwdm (31fd0707c7dbe715234f2823b27214fe) C:\WINDOWS\system32\drivers\smwdm.sys
15:23:37.0515 2596 smwdm - ok
15:23:37.0515 2596 Sparrow - ok
15:23:37.0531 2596 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:23:37.0546 2596 splitter - ok
15:23:37.0609 2596 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
15:23:37.0625 2596 Spooler - ok
15:23:37.0671 2596 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:23:37.0671 2596 sr - ok
15:23:37.0750 2596 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\System32\srsvc.dll
15:23:37.0796 2596 srservice - ok
15:23:38.0046 2596 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:23:38.0140 2596 Srv - ok
15:23:38.0187 2596 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
15:23:38.0218 2596 SSDPSRV - ok
15:23:38.0390 2596 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
15:23:38.0500 2596 stisvc - ok
15:23:38.0671 2596 stllssvr (e476c66713c842f58e61a95826ed1d57) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
15:23:38.0687 2596 stllssvr - ok
15:23:38.0734 2596 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:23:38.0734 2596 streamip - ok
15:23:38.0781 2596 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:23:38.0781 2596 swenum - ok
15:23:38.0828 2596 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:23:38.0843 2596 swmidi - ok
15:23:38.0859 2596 SwPrv - ok
15:23:38.0875 2596 symc810 - ok
15:23:38.0890 2596 symc8xx - ok
15:23:38.0906 2596 sym_hi - ok
15:23:38.0921 2596 sym_u3 - ok
15:23:38.0953 2596 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:23:39.0031 2596 sysaudio - ok
15:23:39.0078 2596 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
15:23:39.0109 2596 SysmonLog - ok
15:23:39.0218 2596 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
15:23:39.0312 2596 TapiSrv - ok
15:23:39.0609 2596 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:23:39.0734 2596 Tcpip - ok
15:23:39.0781 2596 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:23:39.0781 2596 TDPIPE - ok
15:23:39.0828 2596 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:23:39.0828 2596 TDTCP - ok
15:23:39.0890 2596 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:23:39.0890 2596 TermDD - ok
15:23:40.0031 2596 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
15:23:40.0125 2596 TermService - ok
15:23:40.0218 2596 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:23:40.0218 2596 Themes - ok
15:23:40.0281 2596 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
15:23:40.0312 2596 TlntSvr - ok
15:23:40.0328 2596 TosIde - ok
15:23:40.0390 2596 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
15:23:40.0421 2596 TrkWks - ok
15:23:40.0468 2596 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:23:40.0500 2596 Udfs - ok
15:23:40.0515 2596 ultra - ok
15:23:40.0734 2596 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:23:40.0859 2596 Update - ok
15:23:40.0953 2596 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
15:23:41.0046 2596 upnphost - ok
15:23:41.0093 2596 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
15:23:41.0109 2596 UPS - ok
15:23:41.0265 2596 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:23:41.0281 2596 usbccgp - ok
15:23:41.0343 2596 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:23:41.0359 2596 usbehci - ok
15:23:41.0421 2596 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:23:41.0453 2596 usbhub - ok
15:23:41.0515 2596 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:23:41.0531 2596 usbprint - ok
15:23:41.0578 2596 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:23:41.0578 2596 usbscan - ok
15:23:41.0625 2596 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:23:41.0640 2596 USBSTOR - ok
15:23:41.0671 2596 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:23:41.0687 2596 usbuhci - ok
15:23:41.0718 2596 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:23:41.0718 2596 VgaSave - ok
15:23:41.0734 2596 ViaIde - ok
15:23:41.0781 2596 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:23:41.0781 2596 VolSnap - ok
15:23:41.0906 2596 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
15:23:42.0031 2596 VSS - ok
15:23:42.0468 2596 vToolbarUpdater11.0.2 (56e1e4442e4613fb2039a6b7421f4e58) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
15:23:42.0765 2596 vToolbarUpdater11.0.2 - ok
15:23:42.0843 2596 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\System32\w32time.dll
15:23:42.0906 2596 W32Time - ok
15:23:43.0046 2596 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:23:43.0062 2596 Wanarp - ok
15:23:43.0078 2596 WDICA - ok
15:23:43.0140 2596 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:23:43.0171 2596 wdmaud - ok
15:23:43.0250 2596 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
15:23:43.0281 2596 WebClient - ok
15:23:43.0390 2596 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
15:23:43.0437 2596 winmgmt - ok
15:23:43.0515 2596 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
15:23:43.0531 2596 WmdmPmSN - ok
15:23:43.0781 2596 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
15:23:43.0968 2596 Wmi - ok
15:23:44.0093 2596 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
15:23:44.0125 2596 WmiApSrv - ok
15:23:44.0515 2596 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
15:23:44.0796 2596 WMPNetworkSvc - ok
15:23:44.0875 2596 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
15:23:44.0906 2596 wscsvc - ok
15:23:44.0921 2596 WSearch - ok
15:23:45.0078 2596 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:23:45.0078 2596 WSTCODEC - ok
15:23:45.0140 2596 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
15:23:45.0140 2596 wuauserv - ok
15:23:45.0203 2596 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:23:45.0234 2596 WudfPf - ok
15:23:45.0265 2596 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:23:45.0296 2596 WudfRd - ok
15:23:45.0359 2596 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
15:23:45.0375 2596 WudfSvc - ok
15:23:45.0593 2596 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
15:23:45.0750 2596 WZCSVC - ok
15:23:45.0843 2596 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
15:23:45.0890 2596 xmlprov - ok
15:23:45.0968 2596 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:23:46.0609 2596 \Device\Harddisk0\DR0 - ok
15:23:46.0609 2596 Boot (0x1200) (cca7ad0f684287d027c6702a94c71bc2) \Device\Harddisk0\DR0\Partition0
15:23:46.0625 2596 \Device\Harddisk0\DR0\Partition0 - ok
15:23:46.0625 2596 ============================================================
15:23:46.0625 2596 Scan finished
15:23:46.0625 2596 ============================================================
15:23:46.0640 3516 Detected object count: 0
15:23:46.0640 3516 Actual detected object count: 0
15:24:15.0015 2712 Deinitialize success

I will now continue with your advice.

#4
sackett

Posted 25 May 2012 - 04:33 PM

New Member

Members
11 posts

Here is the log for ComboFix.

ComboFix 12-05-25.03 - Administrator 05/25/2012 16:06:14.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.393 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}\PostBuild.exe
c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\9620a8a7f141f95b.fb
c:\windows\system32\Cache\9c9a204d896ce9c8.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2012-04-25 to 2012-05-25 )))))))))))))))))))))))))))))))
.
.
2012-05-24 16:39 . 2012-05-24 16:39 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-24 16:39 . 2012-05-24 16:39 -------- d-----w- c:\program files\Trend Micro
2012-05-21 05:02 . 2012-05-21 05:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Secure Search
2012-05-21 05:02 . 2012-05-21 05:02 -------- d-----w- c:\program files\AVG Secure Search
2012-05-12 22:58 . 2012-05-12 22:58 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-12 22:58 . 2012-05-12 22:58 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-12 22:58 . 2012-05-12 22:58 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-05 13:05 . 2012-05-05 14:05 4140192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 14:05 . 2012-04-05 23:43 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 14:05 . 2011-08-29 11:54 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-19 09:50 . 2012-04-19 09:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-11 13:14 . 2001-08-23 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2001-08-23 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2001-08-17 13:48 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 20:56 . 2011-05-17 12:12 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-19 10:17 . 2010-09-07 09:49 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-03-01 11:01 . 2001-08-23 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2001-08-23 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2001-08-23 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2001-08-23 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2012-05-12 22:58 . 2011-05-02 15:56 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-05-21 05:02 2067328 ----a-w- c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-05-21 2067328]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2010-02-05 93376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-03-09 188416]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-05-21 1116544]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AirLink101 Wireless Monitor.lnk - c:\program files\Airlink101\Airlink101 WLAN Monitor\RtWLan.exe [2010-2-23 897024]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-03-16 15:04 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Airlink101\\Airlink101 WLAN Monitor\\RtWLan.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-09-01 1025352]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-12 129976]
R3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\DRIVERS\OlyCamComm.sys [2009-09-10 21648]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2012-04-19 24896]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2012-02-22 235216]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2012-03-19 301248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [2012-05-21 932736]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2011-12-23 139856]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
S3 RTL8192su;Airlink101 AWLL6077v2 Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-07-18 587776]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 89075029
*Deregistered* - 89075029
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 14:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk
uInternet Connection Wizard,ShellNext = iexplore
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\AVG\AVG2012\avgdtiex.dll
TCP: DhcpNameServer = 69.66.0.20 69.66.1.20
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vo9qzlyr.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B51e9973e-33c7-4764-917f-7c0c184fd0d0%7D&mid=76f277dbb88e68fd47e28fe2902f3c6a-bac5eb95ea811f9aa8d7d71707f0de8c6e87ba71&ds=AVG&v=11.0.0.9&lang=en&pr=fr&d=2012-05-21%2000%3A02%3A35&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-25 16:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1123561945-308236825-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,50,54,d6,a0,c3,40,84,4b,8c,e9,36,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,30,94,5e,e1,0e,81,41,9b,38,78,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,4b,b9,25,24,0e,9d,4e,87,4e,8c,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(928)
c:\program files\Citrix\GoToAssist\615\G2AWinLogon.dll
.
Completion time: 2012-05-25 16:26:31
ComboFix-quarantined-files.txt 2012-05-25 21:26
.
Pre-Run: 29,982,654,464 bytes free
Post-Run: 30,568,542,208 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 39A9132812AA71BD48B2A19BEDE66C7D

My homepage is IGoogle, and for the first time in a month it has uploaded. Is my problem fixed? What is my continued risk? Any other advice? I really appreciate your help.

#5
D-FRED-BROWN

Posted 25 May 2012 - 07:29 PM

Resident Bracketologist

Trusted Advisors
2,189 posts

Gender:Male
Location:MHK
Interests:music, computer security, computer sciences, food

Quote

My homepage is IGoogle, and for the first time in a month it has uploaded. Is my problem fixed? What is my continued risk? Any other advice? I really appreciate your help.

That's good news! We've still got some cleaning left to do, however.

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Quote

KILLALL::

Driver::
89075029

File::
C:\Windows\System32\drivers\89075029.sys

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now

Also, can you please get me the Security Check report from earlier? It'd help me out to see what things we need to update, what antivirus you're running, etc.

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image

Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.

Thank you!

#6
sackett

Posted 26 May 2012 - 08:43 AM

New Member

Members
11 posts

ComboFix 12-05-25.03 - Administrator 05/26/2012 8:10.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.492 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\windows\System32\drivers\89075029.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_89075029
.
.
((((((((((((((((((((((((( Files Created from 2012-04-26 to 2012-05-26 )))))))))))))))))))))))))))))))
.
.
2012-05-24 16:39 . 2012-05-24 16:39 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-24 16:39 . 2012-05-24 16:39 -------- d-----w- c:\program files\Trend Micro
2012-05-21 05:02 . 2012-05-21 05:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Secure Search
2012-05-21 05:02 . 2012-05-21 05:02 -------- d-----w- c:\program files\AVG Secure Search
2012-05-12 22:58 . 2012-05-12 22:58 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-12 22:58 . 2012-05-12 22:58 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-12 22:58 . 2012-05-12 22:58 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-05 13:05 . 2012-05-05 14:05 4140192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 14:05 . 2012-04-05 23:43 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 14:05 . 2011-08-29 11:54 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-19 09:50 . 2012-04-19 09:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-11 13:14 . 2001-08-23 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2001-08-23 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2001-08-17 13:48 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 20:56 . 2011-05-17 12:12 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-19 10:17 . 2010-09-07 09:49 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-03-01 11:01 . 2001-08-23 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2001-08-23 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2001-08-23 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2001-08-23 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2012-05-12 22:58 . 2011-05-02 15:56 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-25_21.21.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-26 13:26 . 2012-05-26 13:26 16384 c:\windows\temp\Perflib_Perfdata_80.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-05-21 05:02 2067328 ----a-w- c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-05-21 2067328]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2010-02-05 93376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-03-09 188416]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-05-21 1116544]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AirLink101 Wireless Monitor.lnk - c:\program files\Airlink101\Airlink101 WLAN Monitor\RtWLan.exe [2010-2-23 897024]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-03-16 15:04 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Airlink101\\Airlink101 WLAN Monitor\\RtWLan.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 4:48 AM 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 4:48 AM 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 4:49 AM 301248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [4/30/2012 9:44 AM 5106744]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [5/21/2012 12:02 AM 932736]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
R3 RTL8192su;Airlink101 AWLL6077v2 Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2/23/2010 4:31 PM 587776]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/5/2012 6:43 PM 257696]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [4/15/2011 7:39 PM 1025352]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/12/2012 5:58 PM 129976]
S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\drivers\OlyCamComm.sys [8/17/2011 9:59 PM 21648]
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 14:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk
uInternet Connection Wizard,ShellNext = iexplore
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\AVG\AVG2012\avgdtiex.dll
TCP: DhcpNameServer = 69.66.0.20 69.66.1.20
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vo9qzlyr.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B51e9973e-33c7-4764-917f-7c0c184fd0d0%7D&mid=76f277dbb88e68fd47e28fe2902f3c6a-bac5eb95ea811f9aa8d7d71707f0de8c6e87ba71&ds=AVG&v=11.0.0.9&lang=en&pr=fr&d=2012-05-21%2000%3A02%3A35&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-26 08:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1123561945-308236825-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,50,54,d6,a0,c3,40,84,4b,8c,e9,36,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,30,94,5e,e1,0e,81,41,9b,38,78,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,4b,b9,25,24,0e,9d,4e,87,4e,8c,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(932)
c:\program files\Citrix\GoToAssist\615\G2AWinLogon.dll
.
- - - - - - - > 'explorer.exe'(3868)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2012-05-26 08:39:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-26 13:39
ComboFix2.txt 2012-05-25 21:26
.
Pre-Run: 30,559,014,912 bytes free
Post-Run: 30,517,346,304 bytes free
.
- - End Of File - - C234390D6E783B39BE403A21CC197F51

I'm sorry, D-Fred, but I'm not sure I gave you a Security report before...what do you need? I run AVG as my antivirus, and run Malwarebytes about once a week, keeping everything updated. Let me know how to get you what you need. Thanks!

#7
D-FRED-BROWN

Posted 26 May 2012 - 12:07 PM

Resident Bracketologist

Trusted Advisors
2,189 posts

Gender:Male
Location:MHK
Interests:music, computer security, computer sciences, food

Quote

I'm sorry, D-Fred, but I'm not sure I gave you a Security report before...what do you need? I run AVG as my antivirus, and run Malwarebytes about once a week, keeping everything updated. Let me know how to get you what you need. Thanks!

What I meant by that, is that I'd like you to run Security Check (I'll just re-post the instructions here):

Please download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

---------------

Your logs are looking good, but let's run an online scan to verify that there's no traces left that we may have missed

:

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Please post that log in your next reply, and let me know how things go

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image

Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.

Thank you!

#8
sackett

Posted 26 May 2012 - 06:29 PM

New Member

Members
11 posts

Results of screen317's Security Check version 0.99.38
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes Anti-Malware version 1.61.0.1400
CCleaner
Java™ 6 Update 29
Java version out of date!
Adobe Flash Player 11.2.202.235
Adobe Reader X (10.1.2)
Mozilla Firefox (12.0)
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

Right now, my internet connection is rather slow(I live WAY out in the country) so I will post the ESET log as soon as its finished.

#9
sackett

Posted 26 May 2012 - 06:41 PM

New Member

Members
11 posts

In using ESET, I did not get the option of "Scan unwanted applications", but instead I got "Scan Archives". The log I will post WILL include the Scan Archives option as checked.

#10
sackett

Posted 26 May 2012 - 06:45 PM

New Member

Members
11 posts

Correction to previous post.....I found "Scan Potential Unwanted Applications" in Advanced Settings. The log I will post will NOT include Archive Scan, nor Enable Anti-Stealth Technology, which in default was checked.

#11
D-FRED-BROWN

Posted 26 May 2012 - 08:47 PM

Resident Bracketologist

Trusted Advisors
2,189 posts

Gender:Male
Location:MHK
Interests:music, computer security, computer sciences, food

No worries. Post what you can.

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image

Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.

Thank you!

#12
sackett

Posted 26 May 2012 - 09:19 PM

New Member

Members
11 posts

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=be3a55fa91a5714595e7ddf1bb3cda12
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2012-05-27 02:11:49
# local_time=2012-05-26 09:11:49 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 20109511 20109511 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=76564
# found=5
# cleaned=0
# scan_time=5706
C:\BASIC\cnet_jbwin100_exe.exe a variant of Win32/InstallCore.D application 4B08952EB1BE3AB5508C859D8E9A1575 I
C:\Documents and Settings\Administrator\Application Data\WinPump\extensions-eu.exe a variant of Win32/Adware.GoodMedia.A application 401A6499D1E6CC8D7109DA67528B07F3 I
C:\Documents and Settings\Administrator\Application Data\WinPump\extensions-us.exe a variant of Win32/Adware.GoodMedia.A application 23E3A69731C7B2EC7298A7AF9AFD3008 I
C:\Documents and Settings\Administrator\My Documents\Downloads\fyzip-setup.exe Win32/DownloadAdmin.A.Gen application 803A8DFB90353CDEFF8629312F5760D4 I
C:\Documents and Settings\Administrator\My Documents\dwnldr\SoftonicDownloader33006.exe a variant of Win32/SoftonicDownloader.A application 97B39A3A9DB040B709CF37742B170E28 I

Eset said I still have 6 threats. Damn.

#13
D-FRED-BROWN

Posted 26 May 2012 - 11:29 PM

Resident Bracketologist

Trusted Advisors
2,189 posts

Gender:Male
Location:MHK
Interests:music, computer security, computer sciences, food

Looking good! ESET just flagged a few minor pieces of adware/potentially unwanted software. I think you're clean at this point, but we can run some additional scans if you'd like

,

-------

Before we move on, let's update some of your programs.

Program updates are a crucial step in preventing malware, as outdated applications are often used by the cybercriminals to gain a foothold on your system.

Java is out of date and older versions contain vulnerabilities. Please update to the newest version.

Download the newest version from here http://www.oracle.co...oads/index.html.

It's important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to Start > Control Panel and open Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment).
They will have this icon next to them: Posted Image

Select each in turn and click Remove.

Once old versions are gone, please install the newest version.

-------

Let me know how the program updates go, as failed updates may be a sign of additional malware.

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image

Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.

Thank you!

#14
sackett

Posted 27 May 2012 - 04:00 PM

New Member

Members
11 posts

~~Ok...done and done. Now what??~~

#15
sackett

Posted 27 May 2012 - 04:01 PM

New Member

Members
11 posts

OK...why is there a hash mark thru my last comment??

#16
D-FRED-BROWN

Posted 27 May 2012 - 04:18 PM

Resident Bracketologist

Trusted Advisors
2,189 posts

Gender:Male
Location:MHK
Interests:music, computer security, computer sciences, food

I think you may have clicked the Strikethrough button while posting it (It's an S with a line through it). It happens :lol:

Glad to hear the updates went well!

Unless there are any further issues, I will now provide you with some suggestions for security software.

First, let's remove ComboFix:
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

-------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.
AntiVir
AVG

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.
A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.
If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available

A tutorial on understanding and using firewalls may be found here.

If you use Internet Explorer, it is a good idea to use IE-Spyad for ZonedOut which provides protections against malicious websites. (Requires 2 downloads)

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewa...nti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.
If you are interested, Firefox may be downloaded from here
Opera is available here: http://www.opera.com/download/

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image

Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.

Thank you!

#17
sackett

Posted 27 May 2012 - 06:28 PM

New Member

Members
11 posts

Thank you very much, D-Fred.

#18
D-FRED-BROWN

Posted 27 May 2012 - 11:55 PM

Resident Bracketologist

Trusted Advisors
2,189 posts

Gender:Male
Location:MHK
Interests:music, computer security, computer sciences, food

Glad to hear things are well! If you have any other questions or concerns, don't hesitate to ask.

Otherwise, I will have this thread closed. You can still reach me by private message here on the site if you need anything.

Kind regards,
-DFB

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image

Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.

Thank you!

#19
LDTate

Posted 30 May 2012 - 05:59 AM

Forum Deity

Moderators
20,070 posts

Gender:Male
Location:Missouri, USA

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Larry Tate
Consumer Support Specialist

Back to Resolved HijackThis Logs · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Malwarebytes

Unable to use any search engines.

#1
sackett

Posted 25 May 2012 - 10:32 AM

#2
D-FRED-BROWN

Posted 25 May 2012 - 12:07 PM

#3
sackett

Posted 25 May 2012 - 03:26 PM

#4
sackett

Posted 25 May 2012 - 04:33 PM

#5
D-FRED-BROWN

Posted 25 May 2012 - 07:29 PM

#6
sackett

Posted 26 May 2012 - 08:43 AM

#7
D-FRED-BROWN

Posted 26 May 2012 - 12:07 PM

#8
sackett

Posted 26 May 2012 - 06:29 PM

#9
sackett

Posted 26 May 2012 - 06:41 PM

#10
sackett

Posted 26 May 2012 - 06:45 PM

#11
D-FRED-BROWN

Posted 26 May 2012 - 08:47 PM

#12
sackett

Posted 26 May 2012 - 09:19 PM

#13
D-FRED-BROWN

Posted 26 May 2012 - 11:29 PM

#14
sackett

Posted 27 May 2012 - 04:00 PM

#15
sackett

Posted 27 May 2012 - 04:01 PM

#16
D-FRED-BROWN

Posted 27 May 2012 - 04:18 PM

#17
sackett

Posted 27 May 2012 - 06:28 PM

#18
D-FRED-BROWN

Posted 27 May 2012 - 11:55 PM

#19
LDTate

Posted 30 May 2012 - 05:59 AM

1 user(s) are reading this topic

Products

About

Partners

Follow Us

Malwarebytes

Unable to use any search engines.

#1 sackett Posted 25 May 2012 - 10:32 AM

#2 D-FRED-BROWN Posted 25 May 2012 - 12:07 PM

#3 sackett Posted 25 May 2012 - 03:26 PM

#4 sackett Posted 25 May 2012 - 04:33 PM

#5 D-FRED-BROWN Posted 25 May 2012 - 07:29 PM

#6 sackett Posted 26 May 2012 - 08:43 AM

#7 D-FRED-BROWN Posted 26 May 2012 - 12:07 PM

#8 sackett Posted 26 May 2012 - 06:29 PM

#9 sackett Posted 26 May 2012 - 06:41 PM

#10 sackett Posted 26 May 2012 - 06:45 PM

#11 D-FRED-BROWN Posted 26 May 2012 - 08:47 PM

#12 sackett Posted 26 May 2012 - 09:19 PM

#13 D-FRED-BROWN Posted 26 May 2012 - 11:29 PM

#14 sackett Posted 27 May 2012 - 04:00 PM

#15 sackett Posted 27 May 2012 - 04:01 PM

#16 D-FRED-BROWN Posted 27 May 2012 - 04:18 PM

#17 sackett Posted 27 May 2012 - 06:28 PM

#18 D-FRED-BROWN Posted 27 May 2012 - 11:55 PM

#19 LDTate Posted 30 May 2012 - 05:59 AM

1 user(s) are reading this topic

Products

About

Partners

Follow Us

#1
sackett

Posted 25 May 2012 - 10:32 AM

#2
D-FRED-BROWN

Posted 25 May 2012 - 12:07 PM

#3
sackett

Posted 25 May 2012 - 03:26 PM

#4
sackett

Posted 25 May 2012 - 04:33 PM

#5
D-FRED-BROWN

Posted 25 May 2012 - 07:29 PM

#6
sackett

Posted 26 May 2012 - 08:43 AM

#7
D-FRED-BROWN

Posted 26 May 2012 - 12:07 PM

#8
sackett

Posted 26 May 2012 - 06:29 PM

#9
sackett

Posted 26 May 2012 - 06:41 PM

#10
sackett

Posted 26 May 2012 - 06:45 PM

#11
D-FRED-BROWN

Posted 26 May 2012 - 08:47 PM

#12
sackett

Posted 26 May 2012 - 09:19 PM

#13
D-FRED-BROWN

Posted 26 May 2012 - 11:29 PM

#14
sackett

Posted 27 May 2012 - 04:00 PM

#15
sackett

Posted 27 May 2012 - 04:01 PM

#16
D-FRED-BROWN

Posted 27 May 2012 - 04:18 PM

#17
sackett

Posted 27 May 2012 - 06:28 PM

#18
D-FRED-BROWN

Posted 27 May 2012 - 11:55 PM

#19
LDTate

Posted 30 May 2012 - 05:59 AM