Page 1 of 2 12 LastLast
Results 1 to 10 of 11
  1. #1
    Member
    Join Date
    Feb 2010
    Posts
    126
    Points
    1

    Exclamation Unable to open / install ANY anti-virus app / prog (Super + Mal + HJT log/s includ.)

    SuperAntiSpyware


    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 05/15/2012 at 10:41 PM

    Application Version : 5.0.1148

    Core Rules Database Version : 8595
    Trace Rules Database Version: 6407

    Scan type : Complete Scan
    Total Scan Time : 02:01:53

    Operating System Information
    Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
    Administrator

    Memory items scanned : 429
    Memory threats detected : 0
    Registry items scanned : 35163
    Registry threats detected : 5
    File items scanned : 60388
    File threats detected : 65

    PUP.MyWebSearch/FunWebProducts
    HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
    HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
    HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
    HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
    HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version

    Adware.Tracking Cookie
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLACONTROL\PROFILES\MOZILLACONTROL\SY662SH0.SLT\COOKIES.TXT ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLACONTROL\PROFILES\MOZILLACONTROL\SY662SH0.SLT\COOKIES.TXT ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLACONTROL\PROFILES\MOZILLACONTROL\SY662SH0.SLT\COOKIES.TXT ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLACONTROL\PROFILES\MOZILLACONTROL\SY662SH0.SLT\COOKIES.TXT ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLACONTROL\PROFILES\MOZILLACONTROL\SY662SH0.SLT\COOKIES.TXT ]
    .statcounter.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLACONTROL\PROFILES\MOZILLACONTROL\SY662SH0.SLT\COOKIES.TXT ]
    .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.trackamps.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    Online Slots Finder - Your guide to online slots [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    adserver.kylemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .kontera.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .at.atwola.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    7.rotator.wigetmedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    7.rotator.wigetmedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ru4.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ru4.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtech.de [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

    Malwarebytes


    Malwarebytes Anti-Malware 1.61.0.1400
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: v2012.05.09.02

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Owner :: YOUR-FK3WZJTN19 [administrator]

    15/05/2012 8:00:48 PM
    mbam-log-2012-05-15 (20-00-48).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 106666
    Time elapsed: 3 hour(s), 47 minute(s), 18 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    HJT


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:53:20 PM, on 15/05/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.111\GoogleCrashHandler.exe
    C:\PROGRA~1\Microsoft ActiveSync\rapimgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVG\AVG10\avgfws.exe
    C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O1 - Hosts: ˙ţ# Copyright (c) 1993-2009 Microsoft Corp.
    O2 - BHO: &Crawler Toolbar Helper - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    O2 - BHO: ???????@Mail.Ru - {8984B388-A5BB-4DF7-B274-77B879E179DB} - (no file)
    O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SpywareTerminator2012Setup] C:\Documents and Settings\All Users\Application Data\SpywareTerminator2012Upgrade\ST2012UpgradeSetup.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [Rbuouf] C:\Documents and Settings\Owner\Application Data\Rbuouf.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - (no file)
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
    O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe (file missing)
    O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

    --
    End of file - 7864 bytes

    I have removed all the infected finding/s. Awaiting further instruction if needed. Thanks to the experts in advance

  2. #2
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hello extrakt and welcome to Help2Go

    We apologize for the delay in responding to your request for help. Here at Help2Go we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

    Please take note:

    1. If you have since resolved the original problem you were having, we would appreciate you letting us know.
    2. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
      • If you are unsure about any of these characteristics just post what you can and we will guide you.
    3. Please tell us if you have your original Windows CD/DVD available.
    4. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
    5. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
    6. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
    7. If you have already posted a DDS log, please do so again, as your situation may have changed.
    8. Use the 'Add Reply and add the new log to this thread.


    * We need to see some information about what is happening in your machine. Please perform the following scans and our expert will be with you as soon as possible. Thank you for being so patient in your time of need:

    DDS
    Download DDS and save it to your desktop from here or here or here.
    Disable any script blocker, and then double click dds.scr to run the tool.

    * When done, DDS will open two (2) logs:

    1. DDS.txt
    2. Attach.txt

    Save both reports to your desktop post the contents of the DDS.txt log. Save the other report incase I need to look at it later.

    GMER

    Please download GMER from one of the following locations and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zipped Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

    • Disconnect from the Internet and close all running programs.
    • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
    • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
    • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


    • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
    • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
    • Now click the Scan button. If you see a rootkit warning window, click OK.
    • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
    • Click the Copy button and paste the results into your next reply.
    • Exit GMER and re-enable all active protection when done.

    -- If you encounter any problems, try running GMER in Safe Mode
    Last edited by DonnaB; 05-16-2012 at 09:22 PM.
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  3. #3
    Member
    Join Date
    Feb 2010
    Posts
    126
    Points
    1

    Default

    Hey there Donna,

    Here are the logs / results you requested below.

    DDS

    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Owner at 12:33:29 on 2012-05-18
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.416 [GMT 12:00]
    .
    AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: AVG Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\AVG\AVG10\avgfws.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.111\GoogleCrashHandler.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\rundll32.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://www.google.com
    uDefault_Search_URL = hxxp://www.google.com
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_NZ&c=Q304&bd=pavilion&pf=desktop
    mWindow Title =
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = localhost
    mURLSearchHooks: H - No File
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: {8984B388-A5BB-4DF7-B274-77B879E179DB} - No File
    BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
    BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File
    TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
    TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
    TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
    mRun: [AGRSMMSG] AGRSMMSG.exe
    mRun: [SpywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe"
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: Search the Web - c:\program files\sweetim\toolbars\internet explorer\resources\menuext.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\microsoft activesync\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\microsoft activesync\INetRepl.dll
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 10.1.1.1
    TCP: Interfaces\{AF735C98-84D2-4792-B90A-0E7179D8BBDD} : DhcpNameServer = 10.1.1.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: igfxcui - igfxsrvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 298448]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
    R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2011-7-7 142592]
    R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [2010-9-11 85760]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
    R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2010-9-10 3210176]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-9-3 6104144]
    R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
    R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2004-4-2 152576]
    S2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-9-10 265400]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-29 136176]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\toolbarbroker.exe --> c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [?]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-29 136176]
    .
    =============== Created Last 30 ================
    .
    2012-05-16 04:54:38 -------- d-----w- C:\8d0e81301c2bcfc3f949b2943302
    2012-05-16 04:29:13 388096 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2012-05-16 04:21:13 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2012-05-16 04:21:12 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-05-16 04:15:14 -------- d-----w- c:\documents and settings\owner\application data\Spyware Terminator
    2012-05-16 04:15:14 -------- d-----w- c:\documents and settings\all users\application data\Spyware Terminator
    2012-05-16 04:15:10 -------- d-----w- c:\program files\Spyware Terminator
    2012-05-16 04:15:07 -------- d-----w- c:\program files\WinClamAVShield
    2012-05-16 00:47:00 -------- d-----w- c:\documents and settings\owner\application data\ElevatedDiagnostics
    2012-05-15 08:36:53 -------- d-----w- c:\documents and settings\owner\application data\SUPERAntiSpyware.com
    2012-05-15 08:36:18 -------- d-----w- c:\program files\Trend Micro
    2012-05-15 08:35:02 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-05-15 08:35:02 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
    2012-05-13 02:49:52 -------- d-----w- c:\program files\Crawler
    2012-05-11 03:09:46 -------- d-----w- c:\program files\common files\Java(2)
    2012-05-11 03:07:18 -------- d-----w- c:\program files\Oracle
    2012-05-11 03:06:53 -------- d-----w- c:\documents and settings\owner\local settings\application data\Sun
    2012-05-07 08:35:09 -------- d-----w- c:\program files\Blip Blop
    2012-05-07 08:14:30 -------- d-----w- c:\program files\Westbang
    2012-04-30 12:28:21 -------- d-----w- c:\windows\Desktop
    2012-04-30 02:43:55 -------- d-----w- c:\documents and settings\owner\application data\OpenOffice.org
    2012-04-30 01:31:15 -------- d-----w- c:\program files\OpenOffice.org 3
    2012-04-30 01:28:09 -------- d-----w- c:\program files\OpenOffice.org 3.3 (en-US) Installation Files
    2012-04-27 00:05:34 110080 ------w- c:\documents and settings\owner\application data\Rbuouf.exe
    2012-04-22 03:02:44 -------- d-----w- c:\documents and settings\all users\application data\Premium
    2012-04-22 03:01:46 -------- d-----w- c:\documents and settings\all users\application data\ADDICT-THING
    2012-04-22 03:00:26 -------- d-----w- c:\documents and settings\all users\application data\InstallMate
    2012-04-18 05:15:26 772248 ----a-w- c:\windows\system32\msvcr100.dll
    2012-04-18 05:15:26 -------- d-----w- c:\program files\common files\DVDVideoSoft
    2012-04-18 05:15:25 419480 ----a-w- c:\windows\system32\msvcp100.dll
    2012-04-18 05:15:24 136344 ----a-w- c:\windows\system32\atl100.dll
    2012-04-18 05:15:23 80024 ----a-w- c:\windows\system32\mfcm100u.dll
    2012-04-18 05:15:22 4421272 ----a-w- c:\windows\system32\mfc100u.dll
    2012-04-18 05:14:38 -------- d-----w- c:\documents and settings\owner\application data\DVDVideoSoft
    .
    ==================== Find3M ====================
    .
    2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
    2012-04-11 13:10:58 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-04-11 12:35:52 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-04-04 03:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
    2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
    2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
    .
    ============= FINISH: 12:35:58.31 ===============

    GMER

    GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
    Rootkit scan 2012-05-18 15:31:35
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5 ST340015A rev.3.15
    Running: myc4nkwi.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kfpdyfod.sys


    ---- System - GMER 1.0.15 ----

    SSDT spoz.sys ZwCreateKey [0xF74D60E0]
    SSDT spoz.sys ZwEnumerateKey [0xF74F4DA4]
    SSDT spoz.sys ZwEnumerateValueKey [0xF74F5132]
    SSDT spoz.sys ZwOpenKey [0xF74D60C0]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xAFD296C0]
    SSDT spoz.sys ZwQueryKey [0xF74F520A]
    SSDT spoz.sys ZwQueryValueKey [0xF74F508A]
    SSDT spoz.sys ZwSetValueKey [0xF74F529C]
    SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAF843640]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xAFD29810]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xAFD298B0]

    INT 0x62 ? 8A5B8BF8
    INT 0x82 ? 8A5B8BF8
    INT 0x83 ? 8A251BF8
    INT 0xA4 ? 8A251BF8
    INT 0xB4 ? 8A251BF8

    ---- Kernel code sections - GMER 1.0.15 ----

    ? spoz.sys The system cannot find the file specified. !
    .text USBPORT.SYS!DllUnload B94018AC 5 Bytes JMP 8A2511D8

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A54C5E0
    IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7507D4C] spoz.sys
    IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7507DA0] spoz.sys
    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D7042] spoz.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D713E] spoz.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D70C0] spoz.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D7800] spoz.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D76D6] spoz.sys
    IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A2512D8
    IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74E6E9C] spoz.sys

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 8A5B71F8

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

    Device \FileSystem\Fastfat \FatCdrom 8A26A500

    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\usbuhci \Device\USBPDO-0 8A3C01F8
    Device \Driver\usbuhci \Device\USBPDO-1 8A3C01F8
    Device \Driver\usbuhci \Device\USBPDO-2 8A3C01F8
    Device \Driver\usbehci \Device\USBPDO-3 8A2421F8

    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\Ftdisk \Device\HarddiskVolume1 8A54A1F8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{AF735C98-84D2-4792-B90A-0E7179D8BBDD} 8A05E1F8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 8A54A1F8
    Device \Driver\atapi \Device\Ide\IdePort0 [F7849B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort1 [F7849B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 [F7849B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\NetBT \Device\NetBt_Wins_Export 8A05E1F8
    Device \Driver\NetBT \Device\NetbiosSmb 8A05E1F8

    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\USBSTOR \Device\0000006a 89FD51F8
    Device \Driver\USBSTOR \Device\0000006c 89FD51F8
    Device \Driver\usbuhci \Device\USBFDO-0 8A3C01F8
    Device \Driver\USBSTOR \Device\0000006d 89FD51F8
    Device \Driver\usbuhci \Device\USBFDO-1 8A3C01F8
    Device \Driver\USBSTOR \Device\0000006e 89FD51F8
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A026500
    Device \Driver\usbuhci \Device\USBFDO-2 8A3C01F8
    Device \Driver\USBSTOR \Device\0000006f 89FD51F8
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A026500
    Device \Driver\usbehci \Device\USBFDO-3 8A2421F8
    Device \Driver\Ftdisk \Device\FtControl 8A54A1F8
    Device \FileSystem\Fastfat \Fat 8A26A500

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1

    ---- EOF - GMER 1.0.15 ----

  4. #4
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,

    Can you please run the following tools and post there results.

    1.
    Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
    • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • If TDSSKiller does not run, try renaming it.
    • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
    • Click the Start Scan button.
    • Do not use the computer during the scan
    • If the scan completes with nothing found, click Close to exit.
    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
      Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
    • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C.
    • Copy and paste the contents of that file in your next reply.



    2.
    Install Recovery Console and Run ComboFix

    This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

    Download Combofix from any of the links below, and save it to your desktop.

    Link 1
    Link 2
    • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
    • Close any open windows, including this one.
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • If you did not have it installed, you will see the prompt below. Choose YES.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
    should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    • Click on Yes, to continue scanning for malware.
    • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
    Leave your computer alone while ComboFix is running.
    ComboFix will restart your computer if malware is found; allow it to do so.


    Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


    Things to include in your next reply::
    TdssKiller log
    Combofix.txt
    How is your machine running now?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  5. #5
    Member
    Join Date
    Feb 2010
    Posts
    126
    Points
    1

    Default

    COMBOFIX


    ComboFix 12-05-20.01 - Owner 20/05/2012 20:59:08.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.646 [GMT 12:00]
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\38C
    c:\documents and settings\All Users\Application Data\38C\{851C74B1-9B9B-4815-877C-D2F209EA81C2}.swf
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Default User\WINDOWS
    c:\documents and settings\Guest\WINDOWS
    c:\documents and settings\Owner\Application Data\Rbuouf.exe
    c:\documents and settings\Owner\WINDOWS
    c:\windows\desktop
    c:\windows\system32\config\systemprofile\WINDOWS
    c:\windows\system32\ps2.bat
    c:\windows\system32\SET319.tmp
    c:\windows\system32\SET31A.tmp
    c:\windows\system32\SET31E.tmp
    c:\windows\system32\SET31F.tmp
    c:\windows\system32\SET320.tmp
    c:\windows\system32\SET324.tmp
    c:\windows\system32\SET326.tmp
    c:\windows\system32\SET55.tmp
    c:\windows\system32\SET59.tmp
    c:\windows\system32\SET61.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-04-20 to 2012-05-20 )))))))))))))))))))))))))))))))
    .
    .
    2012-05-20 08:47 . 2012-05-20 08:47 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-05-16 04:54 . 2012-05-16 04:59 -------- d-----w- C:\8d0e81301c2bcfc3f949b2943302
    2012-05-16 04:29 . 2012-05-16 04:29 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-05-16 04:21 . 2012-05-16 04:21 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-05-16 04:15 . 2012-05-16 04:26 -------- d-----w- c:\documents and settings\Owner\Application Data\Spyware Terminator
    2012-05-16 04:15 . 2012-05-16 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
    2012-05-16 04:15 . 2012-05-16 04:27 -------- d-----w- c:\program files\Spyware Terminator
    2012-05-16 04:15 . 2012-05-16 04:15 -------- d-----w- c:\program files\WinClamAVShield
    2012-05-16 00:47 . 2012-05-16 00:47 -------- d-----w- c:\documents and settings\Owner\Application Data\ElevatedDiagnostics
    2012-05-15 08:36 . 2012-05-15 08:36 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
    2012-05-15 08:36 . 2012-05-15 08:36 -------- d-----w- c:\program files\Trend Micro
    2012-05-15 08:35 . 2012-05-16 04:33 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-05-15 08:35 . 2012-05-15 08:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2012-05-13 02:49 . 2012-05-16 04:16 -------- d-----w- c:\program files\Crawler
    2012-05-11 03:09 . 2012-05-16 04:18 -------- d-----w- c:\program files\Common Files\Java(2)
    2012-05-11 03:07 . 2012-05-11 03:07 -------- d-----w- c:\program files\Oracle
    2012-05-11 03:06 . 2012-05-11 03:06 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Sun
    2012-05-07 08:35 . 2012-05-16 04:19 -------- d-----w- c:\program files\Blip Blop
    2012-05-07 08:14 . 2012-05-16 04:19 -------- d-----w- c:\program files\Westbang
    2012-04-30 02:43 . 2012-04-30 02:43 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org
    2012-04-30 01:31 . 2012-05-16 04:19 -------- d-----w- c:\program files\OpenOffice.org 3
    2012-04-22 03:02 . 2012-04-22 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Premium
    2012-04-22 03:01 . 2012-04-22 05:44 -------- d-----w- c:\documents and settings\All Users\Application Data\ADDICT-THING
    2012-04-22 03:00 . 2012-04-22 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-11 13:12 . 2004-04-02 05:38 1862272 ----a-w- c:\windows\system32\win32k.sys
    2012-04-11 13:10 . 2004-04-02 05:38 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-04-11 12:35 . 2002-08-29 08:04 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-04-04 03:56 . 2010-10-11 02:22 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-06 03:43 . 2012-04-18 05:15 772248 ----a-w- c:\windows\system32\msvcr100.dll
    2012-03-06 03:43 . 2012-04-18 05:15 419480 ----a-w- c:\windows\system32\msvcp100.dll
    2012-03-06 03:43 . 2012-04-18 05:15 136344 ----a-w- c:\windows\system32\atl100.dll
    2012-03-06 03:43 . 2012-04-18 05:15 80024 ----a-w- c:\windows\system32\mfcm100u.dll
    2012-03-06 03:43 . 2012-04-18 05:15 4421272 ----a-w- c:\windows\system32\mfc100u.dll
    2012-03-01 11:01 . 2004-05-19 04:52 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-03-01 11:01 . 2004-05-19 04:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-03-01 11:01 . 2004-01-21 13:16 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-02-29 14:10 . 2004-05-19 04:12 177664 ----a-w- c:\windows\system32\wintrust.dll
    2012-02-29 14:10 . 2004-04-02 05:37 148480 ----a-w- c:\windows\system32\imagehlp.dll
    2012-02-29 12:17 . 2009-06-22 02:08 385024 ----a-w- c:\windows\system32\html.iec
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-01 3905920]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-28 88363]
    "SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2011-07-06 2216960]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3500 Series]
    2004-03-04 03:00 98304 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATI9BP.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
    2009-06-26 04:52 68592 -c--a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-12-07 12:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgam.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\tixati\\tixati.exe"=
    "c:\\WINDOWS\\system32\\msiexec.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 3:27 PM 25680]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7/09/2010 2:48 AM 26064]
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/09/2010 3:52 PM 721904]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/09/2010 2:48 AM 249424]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/09/2010 2:49 AM 298448]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/07/2011 4:27 AM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [13/07/2011 9:55 AM 67664]
    R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [7/07/2011 11:18 AM 142592]
    R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [11/09/2010 3:51 PM 85760]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 11:38 AM 116608]
    R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12/07/2010 3:33 AM 30432]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 8:42 PM 123472]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 8:42 PM 30288]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 8:42 PM 26192]
    R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2/04/2004 2:12 AM 152576]
    S2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe [10/09/2010 12:45 AM 3210176]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [3/09/2010 9:35 AM 6104144]
    S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [10/09/2010 12:45 AM 265400]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/11/2010 11:39 AM 136176]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29/02/2012 7:50 AM 158856]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12/07/2010 3:33 AM 30432]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/11/2010 11:39 AM 136176]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-16 c:\windows\Tasks\expressburnShakeIcon.job
    - c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2011-03-23 06:57]
    .
    2012-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 23:38]
    .
    2012-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 23:38]
    .
    2012-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1918235205-1724217292-322963331-1003.job
    - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-24 21:39]
    .
    2012-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2596039655-1110919557-3213181978-1003Core.job
    - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-24 21:39]
    .
    2012-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2596039655-1110919557-3213181978-1003UA.job
    - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-24 21:39]
    .
    2012-05-20 c:\windows\Tasks\User_Feed_Synchronization-{0D08D22A-D2EC-49FA-8583-9999B4002DC0}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-07 16:31]
    .
    2012-04-02 c:\windows\Tasks\videopadShakeIcon.job
    - c:\program files\NCH Software\VideoPad\videopad.exe [2012-04-01 05:36]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uDefault_Search_URL = hxxp://www.google.com
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_NZ&c=Q304&bd=pavilion&pf=desktop
    mWindow Title =
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = localhost
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
    TCP: DhcpNameServer = 10.1.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
    MSConfigStartUp-CTFMON - (no file)
    MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2012-05-20 21:09
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PCDRSRVC]
    "ImagePath"="system32\drivers\PCDRSRVC.pkms"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(760)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    Completion time: 2012-05-20 21:13:11
    ComboFix-quarantined-files.txt 2012-05-20 09:12
    .
    Pre-Run: 13,980,520,448 bytes free
    Post-Run: 14,073,237,504 bytes free
    .
    - - End Of File - - 6BE6787D64FA504D9658A021B9085E65

    TDSSKILLER


    20:46:00.0515 2024 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
    20:46:01.0609 2024 ============================================================
    20:46:01.0609 2024 Current date / time: 2012/05/20 20:46:01.0609
    20:46:01.0609 2024 SystemInfo:
    20:46:01.0609 2024
    20:46:01.0609 2024 OS Version: 5.1.2600 ServicePack: 3.0
    20:46:01.0609 2024 Product type: Workstation
    20:46:01.0609 2024 ComputerName: YOUR-FK3WZJTN19
    20:46:01.0609 2024 UserName: Owner
    20:46:01.0609 2024 Windows directory: C:\WINDOWS
    20:46:01.0609 2024 System windows directory: C:\WINDOWS
    20:46:01.0609 2024 Processor architecture: Intel x86
    20:46:01.0609 2024 Number of processors: 1
    20:46:01.0609 2024 Page size: 0x1000
    20:46:01.0609 2024 Boot type: Normal boot
    20:46:01.0609 2024 ============================================================
    20:46:07.0187 2024 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1431, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
    20:46:07.0328 2024 ============================================================
    20:46:07.0328 2024 \Device\Harddisk0\DR0:
    20:46:07.0375 2024 MBR partitions:
    20:46:07.0375 2024 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x830B41
    20:46:07.0375 2024 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x830B80, BlocksNum 0x4254780
    20:46:07.0375 2024 ============================================================
    20:46:07.0562 2024 C: <-> \Device\Harddisk0\DR0\Partition1
    20:46:07.0609 2024 D: <-> \Device\Harddisk0\DR0\Partition0
    20:46:07.0609 2024 ============================================================
    20:46:07.0609 2024 Initialize success
    20:46:07.0609 2024 ============================================================
    20:46:17.0609 3564 ============================================================
    20:46:17.0609 3564 Scan started
    20:46:17.0609 3564 Mode: Manual;
    20:46:17.0609 3564 ============================================================
    20:46:18.0328 3564 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    20:46:18.0375 3564 !SASCORE - ok
    20:46:18.0828 3564 Abiosdsk - ok
    20:46:18.0859 3564 abp480n5 - ok
    20:46:18.0953 3564 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    20:46:19.0031 3564 ACPI - ok
    20:46:19.0093 3564 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    20:46:19.0093 3564 ACPIEC - ok
    20:46:19.0109 3564 adpu160m - ok
    20:46:19.0218 3564 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    20:46:19.0250 3564 aec - ok
    20:46:19.0375 3564 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    20:46:19.0406 3564 AFD - ok
    20:46:19.0750 3564 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
    20:46:20.0046 3564 AgereSoftModem - ok
    20:46:20.0062 3564 Aha154x - ok
    20:46:20.0078 3564 aic78u2 - ok
    20:46:20.0093 3564 aic78xx - ok
    20:46:20.0250 3564 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
    20:46:20.0359 3564 ALCXSENS - ok
    20:46:21.0000 3564 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
    20:46:21.0703 3564 ALCXWDM - ok
    20:46:22.0484 3564 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
    20:46:22.0484 3564 Alerter - ok
    20:46:22.0562 3564 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
    20:46:22.0578 3564 ALG - ok
    20:46:22.0640 3564 AliIde - ok
    20:46:22.0656 3564 amsint - ok
    20:46:22.0671 3564 AppMgmt - ok
    20:46:22.0750 3564 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    20:46:22.0765 3564 Arp1394 - ok
    20:46:22.0781 3564 asc - ok
    20:46:22.0796 3564 asc3350p - ok
    20:46:22.0812 3564 asc3550 - ok
    20:46:23.0109 3564 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    20:46:23.0156 3564 aspnet_state - ok
    20:46:23.0203 3564 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    20:46:23.0203 3564 AsyncMac - ok
    20:46:23.0281 3564 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    20:46:23.0281 3564 atapi - ok
    20:46:23.0296 3564 Atdisk - ok
    20:46:23.0375 3564 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    20:46:23.0390 3564 Atmarpc - ok
    20:46:23.0453 3564 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
    20:46:23.0468 3564 AudioSrv - ok
    20:46:23.0531 3564 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    20:46:23.0546 3564 audstub - ok
    20:46:23.0671 3564 AVG Security Toolbar Service - ok
    20:46:23.0718 3564 Avgfwdx (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
    20:46:23.0718 3564 Avgfwdx - ok
    20:46:23.0734 3564 Avgfwfd (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
    20:46:23.0734 3564 Avgfwfd - ok
    20:46:24.0984 3564 avgfws (5c54d8ec5b500886a7be12f742c7d5a5) C:\Program Files\AVG\AVG10\avgfws.exe
    20:46:26.0109 3564 avgfws - ok
    20:46:29.0187 3564 AVGIDSAgent (707520a45750c4f8300e7acb057ba69d) C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    20:46:31.0296 3564 AVGIDSAgent - ok
    20:46:32.0468 3564 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
    20:46:32.0531 3564 AVGIDSDriver - ok
    20:46:32.0609 3564 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
    20:46:32.0609 3564 AVGIDSEH - ok
    20:46:32.0640 3564 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
    20:46:32.0656 3564 AVGIDSFilter - ok
    20:46:32.0687 3564 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
    20:46:32.0687 3564 AVGIDSShim - ok
    20:46:32.0828 3564 Avgldx86 (1119e5bec6e749e0d292f0f84d48edba) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
    20:46:32.0937 3564 Avgldx86 - ok
    20:46:33.0015 3564 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
    20:46:33.0031 3564 Avgmfx86 - ok
    20:46:33.0125 3564 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
    20:46:33.0125 3564 Avgrkx86 - ok
    20:46:33.0281 3564 Avgtdix (2fd3e3a57fb90679a3a83eeed0360cfd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
    20:46:33.0375 3564 Avgtdix - ok
    20:46:33.0593 3564 avgwd (5f05adb270102264db22bbbf5b85e507) C:\Program Files\AVG\AVG10\avgwdsvc.exe
    20:46:33.0734 3564 avgwd - ok
    20:46:33.0812 3564 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    20:46:33.0812 3564 Beep - ok
    20:46:34.0015 3564 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
    20:46:34.0250 3564 BITS - ok
    20:46:34.0328 3564 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
    20:46:34.0359 3564 Browser - ok
    20:46:34.0421 3564 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    20:46:34.0421 3564 cbidf2k - ok
    20:46:34.0500 3564 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    20:46:34.0500 3564 CCDECODE - ok
    20:46:34.0515 3564 cd20xrnt - ok
    20:46:34.0578 3564 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    20:46:34.0578 3564 Cdaudio - ok
    20:46:34.0640 3564 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    20:46:34.0656 3564 Cdfs - ok
    20:46:34.0703 3564 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    20:46:34.0718 3564 Cdrom - ok
    20:46:34.0734 3564 Changer - ok
    20:46:34.0796 3564 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
    20:46:34.0812 3564 CiSvc - ok
    20:46:34.0843 3564 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
    20:46:34.0843 3564 ClipSrv - ok
    20:46:34.0984 3564 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    20:46:35.0046 3564 clr_optimization_v2.0.50727_32 - ok
    20:46:35.0062 3564 CmdIde - ok
    20:46:35.0078 3564 COMSysApp - ok
    20:46:35.0109 3564 Cpqarray - ok
    20:46:35.0171 3564 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
    20:46:35.0187 3564 CryptSvc - ok
    20:46:35.0218 3564 dac2w2k - ok
    20:46:35.0234 3564 dac960nt - ok
    20:46:35.0421 3564 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
    20:46:35.0609 3564 DcomLaunch - ok
    20:46:35.0703 3564 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
    20:46:35.0750 3564 Dhcp - ok
    20:46:35.0812 3564 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    20:46:35.0812 3564 Disk - ok
    20:46:35.0828 3564 dmadmin - ok
    20:46:35.0953 3564 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    20:46:36.0031 3564 dmboot - ok
    20:46:36.0093 3564 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    20:46:36.0140 3564 dmio - ok
    20:46:36.0218 3564 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    20:46:36.0218 3564 dmload - ok
    20:46:36.0296 3564 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
    20:46:36.0296 3564 dmserver - ok
    20:46:36.0359 3564 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    20:46:36.0375 3564 DMusic - ok
    20:46:36.0437 3564 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
    20:46:36.0453 3564 Dnscache - ok
    20:46:36.0546 3564 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
    20:46:36.0578 3564 Dot3svc - ok
    20:46:36.0593 3564 dpti2o - ok
    20:46:36.0625 3564 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    20:46:36.0625 3564 drmkaud - ok
    20:46:36.0687 3564 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
    20:46:36.0687 3564 EapHost - ok
    20:46:36.0750 3564 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
    20:46:36.0765 3564 ERSvc - ok
    20:46:36.0843 3564 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    20:46:36.0890 3564 Eventlog - ok
    20:46:37.0031 3564 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
    20:46:37.0109 3564 EventSystem - ok
    20:46:37.0203 3564 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    20:46:37.0250 3564 Fastfat - ok
    20:46:37.0375 3564 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    20:46:37.0453 3564 FastUserSwitchingCompatibility - ok
    20:46:37.0484 3564 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    20:46:37.0500 3564 Fdc - ok
    20:46:37.0546 3564 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    20:46:37.0562 3564 Fips - ok
    20:46:37.0625 3564 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    20:46:37.0625 3564 Flpydisk - ok
    20:46:37.0718 3564 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    20:46:37.0750 3564 FltMgr - ok
    20:46:37.0937 3564 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    20:46:37.0953 3564 FontCache3.0.0.0 - ok
    20:46:38.0015 3564 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    20:46:38.0031 3564 Fs_Rec - ok
    20:46:38.0093 3564 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    20:46:38.0125 3564 Ftdisk - ok
    20:46:38.0187 3564 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    20:46:38.0187 3564 GEARAspiWDM - ok
    20:46:38.0250 3564 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    20:46:38.0265 3564 Gpc - ok
    20:46:38.0453 3564 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
    20:46:38.0484 3564 gupdate - ok
    20:46:38.0500 3564 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
    20:46:38.0500 3564 gupdatem - ok
    20:46:38.0625 3564 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    20:46:38.0640 3564 helpsvc - ok
    20:46:38.0656 3564 HidServ - ok
    20:46:38.0703 3564 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    20:46:38.0703 3564 HidUsb - ok
    20:46:38.0781 3564 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
    20:46:38.0796 3564 hkmsvc - ok
    20:46:38.0812 3564 hpn - ok
    20:46:38.0953 3564 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    20:46:39.0031 3564 HTTP - ok
    20:46:39.0062 3564 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
    20:46:39.0062 3564 HTTPFilter - ok
    20:46:39.0078 3564 i2omgmt - ok
    20:46:39.0093 3564 i2omp - ok
    20:46:39.0140 3564 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    20:46:39.0156 3564 i8042prt - ok
    20:46:39.0375 3564 ialm (0acebb31989cbf9a5663fe4a33d28d21) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    20:46:39.0546 3564 ialm - ok
    20:46:39.0859 3564 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    20:46:40.0046 3564 idsvc - ok
    20:46:40.0125 3564 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    20:46:40.0140 3564 Imapi - ok
    20:46:40.0218 3564 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
    20:46:40.0265 3564 ImapiService - ok
    20:46:40.0296 3564 ini910u - ok
    20:46:40.0343 3564 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    20:46:40.0343 3564 IntelIde - ok
    20:46:40.0421 3564 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    20:46:40.0437 3564 intelppm - ok
    20:46:40.0484 3564 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    20:46:40.0500 3564 ip6fw - ok
    20:46:40.0562 3564 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    20:46:40.0578 3564 IpFilterDriver - ok
    20:46:40.0640 3564 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    20:46:40.0640 3564 IpInIp - ok
    20:46:40.0718 3564 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    20:46:40.0750 3564 IpNat - ok
    20:46:41.0187 3564 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe
    20:46:41.0484 3564 iPod Service - ok
    20:46:41.0562 3564 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    20:46:41.0578 3564 IPSec - ok
    20:46:41.0640 3564 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    20:46:41.0640 3564 IRENUM - ok
    20:46:41.0703 3564 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    20:46:41.0718 3564 isapnp - ok
    20:46:41.0750 3564 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    20:46:41.0765 3564 Kbdclass - ok
    20:46:41.0843 3564 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    20:46:41.0890 3564 kmixer - ok
    20:46:41.0953 3564 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    20:46:41.0968 3564 KSecDD - ok
    20:46:42.0046 3564 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
    20:46:42.0093 3564 lanmanserver - ok
    20:46:42.0203 3564 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
    20:46:42.0250 3564 lanmanworkstation - ok
    20:46:42.0265 3564 lbrtfdc - ok
    20:46:42.0343 3564 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
    20:46:42.0359 3564 LmHosts - ok
    20:46:42.0406 3564 LPDSVC (32933b07fc16d9f778bee12545fa1b1a) C:\WINDOWS\System32\tcpsvcs.exe
    20:46:42.0406 3564 LPDSVC - ok
    20:46:42.0468 3564 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
    20:46:42.0484 3564 Messenger - ok
    20:46:42.0531 3564 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    20:46:42.0531 3564 mnmdd - ok
    20:46:42.0593 3564 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
    20:46:42.0609 3564 mnmsrvc - ok
    20:46:42.0656 3564 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    20:46:42.0671 3564 Modem - ok
    20:46:42.0687 3564 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    20:46:42.0703 3564 Mouclass - ok
    20:46:42.0750 3564 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    20:46:42.0750 3564 mouhid - ok
    20:46:42.0796 3564 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    20:46:42.0796 3564 MountMgr - ok
    20:46:42.0812 3564 mraid35x - ok
    20:46:42.0875 3564 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    20:46:42.0953 3564 MRxDAV - ok
    20:46:43.0156 3564 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    20:46:43.0343 3564 MRxSmb - ok
    20:46:43.0390 3564 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
    20:46:43.0406 3564 MSDTC - ok
    20:46:43.0453 3564 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    20:46:43.0453 3564 Msfs - ok
    20:46:43.0468 3564 MSIServer - ok
    20:46:43.0531 3564 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    20:46:43.0546 3564 MSKSSRV - ok
    20:46:43.0562 3564 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    20:46:43.0578 3564 MSPCLOCK - ok
    20:46:43.0593 3564 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    20:46:43.0609 3564 MSPQM - ok
    20:46:43.0656 3564 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    20:46:43.0671 3564 mssmbios - ok
    20:46:43.0703 3564 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    20:46:43.0703 3564 MSTEE - ok
    20:46:43.0812 3564 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    20:46:43.0843 3564 Mup - ok
    20:46:43.0890 3564 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    20:46:43.0906 3564 NABTSFEC - ok
    20:46:44.0046 3564 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
    20:46:44.0125 3564 napagent - ok
    20:46:44.0234 3564 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    20:46:44.0312 3564 NDIS - ok
    20:46:44.0343 3564 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    20:46:44.0359 3564 NdisIP - ok
    20:46:44.0421 3564 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    20:46:44.0437 3564 NdisTapi - ok
    20:46:44.0468 3564 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    20:46:44.0468 3564 Ndisuio - ok
    20:46:44.0546 3564 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    20:46:44.0562 3564 NdisWan - ok
    20:46:44.0625 3564 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    20:46:44.0640 3564 NDProxy - ok
    20:46:44.0671 3564 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    20:46:44.0687 3564 NetBIOS - ok
    20:46:44.0890 3564 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    20:46:44.0953 3564 NetBT - ok
    20:46:45.0031 3564 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    20:46:45.0062 3564 NetDDE - ok
    20:46:45.0078 3564 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    20:46:45.0078 3564 NetDDEdsdm - ok
    20:46:45.0156 3564 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    20:46:45.0156 3564 Netlogon - ok
    20:46:45.0250 3564 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
    20:46:45.0328 3564 Netman - ok
    20:46:45.0875 3564 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    20:46:45.0906 3564 NetTcpPortSharing - ok
    20:46:45.0984 3564 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    20:46:46.0000 3564 NIC1394 - ok
    20:46:46.0156 3564 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
    20:46:46.0234 3564 Nla - ok
    20:46:46.0281 3564 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    20:46:46.0281 3564 Npfs - ok
    20:46:46.0515 3564 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    20:46:46.0750 3564 Ntfs - ok
    20:46:46.0765 3564 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
    20:46:46.0765 3564 NtLmSsp - ok
    20:46:46.0953 3564 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
    20:46:47.0062 3564 NtmsSvc - ok
    20:46:47.0125 3564 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    20:46:47.0125 3564 Null - ok
    20:46:47.0171 3564 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    20:46:47.0171 3564 NwlnkFlt - ok
    20:46:47.0250 3564 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    20:46:47.0265 3564 NwlnkFwd - ok
    20:46:47.0328 3564 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    20:46:47.0328 3564 ohci1394 - ok
    20:46:47.0390 3564 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    20:46:47.0421 3564 Parport - ok
    20:46:47.0437 3564 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    20:46:47.0437 3564 PartMgr - ok
    20:46:47.0500 3564 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    20:46:47.0500 3564 ParVdm - ok
    20:46:47.0515 3564 PCDRSRVC - ok
    20:46:47.0562 3564 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    20:46:47.0593 3564 PCI - ok
    20:46:47.0593 3564 PCIDump - ok
    20:46:47.0625 3564 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    20:46:47.0625 3564 PCIIde - ok
    20:46:47.0703 3564 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    20:46:47.0750 3564 Pcmcia - ok
    20:46:47.0750 3564 PDCOMP - ok
    20:46:47.0765 3564 PDFRAME - ok
    20:46:47.0781 3564 PDRELI - ok
    20:46:47.0812 3564 PDRFRAME - ok
    20:46:47.0828 3564 perc2 - ok
    20:46:47.0843 3564 perc2hib - ok
    20:46:47.0984 3564 PID_0920 (9b4aff0adade21cba680e074f6be600b) C:\WINDOWS\system32\DRIVERS\LV532AV.SYS
    20:46:48.0015 3564 PID_0920 - ok
    20:46:48.0093 3564 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    20:46:48.0093 3564 PlugPlay - ok
    20:46:48.0125 3564 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    20:46:48.0125 3564 PolicyAgent - ok
    20:46:48.0156 3564 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    20:46:48.0171 3564 PptpMiniport - ok
    20:46:48.0218 3564 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    20:46:48.0234 3564 Processor - ok
    20:46:48.0250 3564 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    20:46:48.0250 3564 ProtectedStorage - ok
    20:46:48.0296 3564 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
    20:46:48.0312 3564 Ps2 - ok
    20:46:48.0343 3564 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    20:46:48.0359 3564 PSched - ok
    20:46:48.0406 3564 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    20:46:48.0421 3564 Ptilink - ok
    20:46:48.0500 3564 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    20:46:48.0500 3564 PxHelp20 - ok
    20:46:48.0515 3564 ql1080 - ok
    20:46:48.0531 3564 Ql10wnt - ok
    20:46:48.0562 3564 ql12160 - ok
    20:46:48.0578 3564 ql1240 - ok
    20:46:48.0593 3564 ql1280 - ok
    20:46:48.0625 3564 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    20:46:48.0625 3564 RasAcd - ok
    20:46:48.0718 3564 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
    20:46:48.0734 3564 RasAuto - ok
    20:46:48.0781 3564 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    20:46:48.0796 3564 Rasl2tp - ok
    20:46:48.0921 3564 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
    20:46:48.0984 3564 RasMan - ok
    20:46:49.0031 3564 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    20:46:49.0031 3564 RasPppoe - ok
    20:46:49.0078 3564 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    20:46:49.0078 3564 Raspti - ok
    20:46:49.0156 3564 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    20:46:49.0218 3564 Rdbss - ok
    20:46:49.0265 3564 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    20:46:49.0265 3564 RDPCDD - ok
    20:46:49.0375 3564 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
    20:46:49.0437 3564 RDPWD - ok
    20:46:49.0546 3564 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
    20:46:49.0578 3564 RDSessMgr - ok
    20:46:49.0640 3564 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    20:46:49.0656 3564 redbook - ok
    20:46:49.0734 3564 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
    20:46:49.0750 3564 RemoteAccess - ok
    20:46:49.0796 3564 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
    20:46:49.0812 3564 RpcLocator - ok
    20:46:50.0031 3564 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
    20:46:50.0031 3564 RpcSs - ok
    20:46:50.0140 3564 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
    20:46:50.0187 3564 RSVP - ok
    20:46:50.0250 3564 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
    20:46:50.0265 3564 rtl8139 - ok
    20:46:50.0328 3564 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    20:46:50.0328 3564 SamSs - ok
    20:46:50.0468 3564 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    20:46:50.0484 3564 SASDIFSV - ok
    20:46:50.0515 3564 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    20:46:50.0546 3564 SASKUTIL - ok
    20:46:50.0640 3564 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
    20:46:50.0671 3564 SCardSvr - ok
    20:46:50.0812 3564 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
    20:46:50.0890 3564 Schedule - ok
    20:46:50.0968 3564 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    20:46:50.0984 3564 Secdrv - ok
    20:46:51.0031 3564 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
    20:46:51.0046 3564 seclogon - ok
    20:46:51.0078 3564 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
    20:46:51.0109 3564 SENS - ok
    20:46:51.0125 3564 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    20:46:51.0140 3564 serenum - ok
    20:46:51.0171 3564 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    20:46:51.0187 3564 Serial - ok
    20:46:51.0250 3564 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    20:46:51.0250 3564 Sfloppy - ok
    20:46:51.0421 3564 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
    20:46:51.0546 3564 SharedAccess - ok
    20:46:51.0656 3564 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    20:46:51.0671 3564 ShellHWDetection - ok
    20:46:51.0687 3564 Simbad - ok
    20:46:51.0828 3564 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
    20:46:51.0890 3564 SkypeUpdate - ok
    20:46:51.0937 3564 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    20:46:51.0937 3564 SLIP - ok
    20:46:51.0968 3564 Sparrow - ok
    20:46:52.0031 3564 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    20:46:52.0031 3564 splitter - ok
    20:46:52.0109 3564 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
    20:46:52.0125 3564 Spooler - ok
    20:46:52.0468 3564 sptd (1a606a8d611816adc47d2b25dbedcb1f) C:\WINDOWS\system32\Drivers\sptd.sys
    20:46:52.0468 3564 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 1a606a8d611816adc47d2b25dbedcb1f
    20:46:52.0468 3564 sptd ( LockedFile.Multi.Generic ) - warning
    20:46:52.0468 3564 sptd - detected LockedFile.Multi.Generic (1)
    20:46:52.0578 3564 sp_rsdrv2 (8831252bcf05fcfb5abd116a22e552d8) C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
    20:46:52.0640 3564 sp_rsdrv2 - ok
    20:46:52.0875 3564 sp_rssrv (642180b8f50e7fc1fbaf87c718e259d6) C:\Program Files\Spyware Terminator\sp_rsser.exe
    20:46:53.0062 3564 sp_rssrv - ok
    20:46:53.0125 3564 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    20:46:53.0140 3564 sr - ok
    20:46:53.0250 3564 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
    20:46:53.0312 3564 srservice - ok
    20:46:53.0500 3564 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    20:46:53.0640 3564 Srv - ok
    20:46:53.0687 3564 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
    20:46:53.0718 3564 SSDPSRV - ok
    20:46:53.0812 3564 StarPortLite (4384dca7f1e9a3f6876196c07f10a007) C:\WINDOWS\system32\DRIVERS\StarPortLite.sys
    20:46:53.0843 3564 StarPortLite - ok
    20:46:53.0984 3564 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
    20:46:54.0125 3564 stisvc - ok
    20:46:54.0187 3564 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    20:46:54.0187 3564 streamip - ok
    20:46:54.0203 3564 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    20:46:54.0218 3564 swenum - ok
    20:46:54.0265 3564 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    20:46:54.0281 3564 swmidi - ok
    20:46:54.0296 3564 SwPrv - ok
    20:46:54.0328 3564 symc810 - ok
    20:46:54.0343 3564 symc8xx - ok
    20:46:54.0359 3564 sym_hi - ok
    20:46:54.0390 3564 sym_u3 - ok
    20:46:54.0421 3564 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    20:46:54.0437 3564 sysaudio - ok
    20:46:54.0531 3564 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
    20:46:54.0546 3564 SysmonLog - ok
    20:46:54.0703 3564 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
    20:46:54.0796 3564 TapiSrv - ok
    20:46:54.0953 3564 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    20:46:55.0046 3564 Tcpip - ok
    20:46:55.0125 3564 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    20:46:55.0125 3564 TDPIPE - ok
    20:46:55.0156 3564 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    20:46:55.0171 3564 TDTCP - ok
    20:46:55.0234 3564 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    20:46:55.0250 3564 TermDD - ok
    20:46:55.0812 3564 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
    20:46:55.0921 3564 TermService - ok
    20:46:56.0046 3564 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    20:46:56.0046 3564 Themes - ok
    20:46:56.0078 3564 TosIde - ok
    20:46:56.0125 3564 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
    20:46:56.0156 3564 TrkWks - ok
    20:46:56.0234 3564 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    20:46:56.0250 3564 Udfs - ok
    20:46:56.0265 3564 ultra - ok
    20:46:56.0453 3564 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    20:46:56.0593 3564 Update - ok
    20:46:56.0671 3564 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
    20:46:56.0718 3564 upnphost - ok
    20:46:56.0765 3564 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
    20:46:56.0765 3564 UPS - ok
    20:46:56.0796 3564 USBAAPL - ok
    20:46:56.0875 3564 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    20:46:56.0890 3564 usbccgp - ok
    20:46:56.0937 3564 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    20:46:56.0953 3564 usbehci - ok
    20:46:57.0000 3564 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    20:46:57.0015 3564 usbhub - ok
    20:46:57.0062 3564 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    20:46:57.0078 3564 usbprint - ok
    20:46:57.0093 3564 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    20:46:57.0109 3564 usbscan - ok
    20:46:57.0156 3564 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    20:46:57.0171 3564 USBSTOR - ok
    20:46:57.0203 3564 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    20:46:57.0203 3564 usbuhci - ok
    20:46:57.0250 3564 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
    20:46:57.0265 3564 usb_rndisx - ok
    20:46:57.0312 3564 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    20:46:57.0312 3564 VgaSave - ok
    20:46:57.0343 3564 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    20:46:57.0343 3564 ViaIde - ok
    20:46:57.0375 3564 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    20:46:57.0375 3564 VolSnap - ok
    20:46:57.0484 3564 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
    20:46:57.0562 3564 VSS - ok
    20:46:57.0671 3564 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
    20:46:57.0750 3564 W32Time - ok
    20:46:57.0812 3564 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    20:46:57.0812 3564 Wanarp - ok
    20:46:57.0843 3564 WDICA - ok
    20:46:57.0890 3564 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    20:46:57.0921 3564 wdmaud - ok
    20:46:57.0968 3564 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
    20:46:58.0000 3564 WebClient - ok
    20:46:58.0156 3564 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
    20:46:58.0203 3564 winmgmt - ok
    20:46:58.0296 3564 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
    20:46:58.0312 3564 WmdmPmSN - ok
    20:46:58.0390 3564 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
    20:46:58.0421 3564 WmiApSrv - ok
    20:46:58.0796 3564 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
    20:46:59.0015 3564 WMPNetworkSvc - ok
    20:46:59.0093 3564 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
    20:46:59.0156 3564 wscsvc - ok
    20:46:59.0187 3564 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    20:46:59.0203 3564 WSTCODEC - ok
    20:46:59.0250 3564 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
    20:46:59.0250 3564 wuauserv - ok
    20:46:59.0328 3564 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    20:46:59.0343 3564 WudfPf - ok
    20:46:59.0453 3564 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    20:46:59.0468 3564 WudfRd - ok
    20:46:59.0531 3564 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
    20:46:59.0546 3564 WudfSvc - ok
    20:46:59.0765 3564 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
    20:46:59.0968 3564 WZCSVC - ok
    20:47:00.0046 3564 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
    20:47:00.0078 3564 xmlprov - ok
    20:47:00.0171 3564 MBR (0x1B8) (bad0263fbe81b49f5f07b32dc9d198b3) \Device\Harddisk0\DR0
    20:47:00.0203 3564 \Device\Harddisk0\DR0 - ok
    20:47:00.0218 3564 Boot (0x1200) (6fc0082765bebf116626d0ed2c4ddea7) \Device\Harddisk0\DR0\Partition0
    20:47:00.0218 3564 \Device\Harddisk0\DR0\Partition0 - ok
    20:47:00.0265 3564 Boot (0x1200) (36b19f625fd8f48523c0231bc51e28a6) \Device\Harddisk0\DR0\Partition1
    20:47:00.0265 3564 \Device\Harddisk0\DR0\Partition1 - ok
    20:47:00.0265 3564 ============================================================
    20:47:00.0265 3564 Scan finished
    20:47:00.0265 3564 ============================================================
    20:47:00.0296 3204 Detected object count: 1
    20:47:00.0296 3204 Actual detected object count: 1
    20:47:14.0500 3204 C:\WINDOWS\system32\Drivers\sptd.sys - copied to quarantine
    20:47:14.0500 3204 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine
    20:47:22.0937 2204 Deinitialize success

    Things seem to be back in order, Im able to D/L anti-virus apps / progs now but before doing so is there one (FREE) you'd recommend and also Im unable to unistall AVG & Spyware terminator because of corrupt file/s. Thanks plenty for cleaning out the gunk that was slowing down and hindering my comps performance. Much appreciated to everyone who offered their help

    Leon

  6. #6
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello, We can get rid of AVg and spyware terminator no problem. We will write a script to get rid of them.


    1.
    • Please download and install an antivirus program, and make sure that you keep it updated.
      New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
      Three good antivirus programs free for non-commercial home use are:

      Note: You should only have one antivirus installed at a time! Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.



    2.
    We need to run a CFScript.

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the codebox below into it:

    Code:
    REGISTRY::
    [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayRSAlert]
    [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinished]
    [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinishedThreatFound]
    [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanStarted]
    [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdEnd]
    [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdEndFail]
    [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdStart]
    [-HKEY_CURRENT_USER\AppEvents\Schemes\Apps\avgtray]
    [-HKEY_CURRENT_USER\Software\Avg]
    [-HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG9 Shell Extension]
    [-HKEY_CLASSES_ROOT\.avgdx]
    [-HKEY_CLASSES_ROOT\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A3E}]
    [-HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
    [-HKEY_CLASSES_ROOT\CLSID\{41B21542-2055-4212-A6F2-395CD109B14B}]
    [-HKEY_CLASSES_ROOT\CLSID\{6F59E522-4689-156E-316C-D5B48819DE95} ]
    [-HKEY_CLASSES_ROOT\CLSID\{86E8C5B0-75B6-4ff2-B04F-6789CC7AE386}]
    [-HKEY_CLASSES_ROOT\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}]
    [-HKEY_CLASSES_ROOT\CLSID\{EF0BB4CD-81FA-48AF-99B3-AB6C1F079BEC}]
    [-HKEY_CLASSES_ROOT\CLSID\{F1FE4608-7924-4908-8E12-81CFA206F00A}]
    [-HKEY_CLASSES_ROOT\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}]
    [-HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\AVG9 Shell Extension]
    [-HKEY_CLASSES_ROOT\Installer\Features\36E852A15FD8BDA48923830A21D156BE]
    [-HKEY_CLASSES_ROOT\Installer\Features\69BC3230A1222404483A39DE4E0799CF]
    [-HKEY_CLASSES_ROOT\Installer\Features\CFD2C1F142D260E3CB8B271543DA9F98]
    [-HKEY_CLASSES_ROOT\Installer\Products\36E852A15FD8BDA48923830A21D156BE]
    [-HKEY_CLASSES_ROOT\Installer\Products\69BC3230A1222404483A39DE4E0799CF]
    [-HKEY_CLASSES_ROOT\Installer\Products\CFD2C1F142D260E3CB8B271543DA9F98]
    [-HKEY_CLASSES_ROOT\Installer\UpgradeCodes6DD9E4F7F3FF9C41BC2BD64A2CE18FE]
    [-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\38F747DBDC97B4E459142E21199F9D10]
    [-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\41A387AA3A7A33D3590FA953D1350011]
    [-HKEY_CLASSES_ROOT\LinkScannerIE.NavFilter]
    [-HKEY_CLASSES_ROOT\LinkScannerIE.NavFilter.1]
    [-HKEY_CLASSES_ROOT\MicroScanner.MicroScanner]
    [-HKEY_CLASSES_ROOT\piffile\shellex\ContextMenuHandlers\AVG9 Shell Extension]
    [-HKEY_CLASSES_ROOT\PROTOCOLS\Handler\linkscanner]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\AVG]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DevDiv\VC]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AVGSE.DLL]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0323CB96-221A-4042-84A3-93EDE47099FC}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1A258E63-8DF5-4ADB-9832-38A0121D65EB}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AlwaysUnloadDll]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG]
    [-HKEY_CLASSES_ROOT\CLSID\{50A96677-4378-434d-9F4B-6B28B485933F}\{976BA62F-ABED-40e0-8F7B-6DE4F6756F0B}]
    [-HKEY_CLASSES_ROOT\CLSID\{50A96677-4378-434d-9F4B-6B28B485933F}\{976BA62F-ABEE-40e0-8F7B-6DE4F6756F0B}]
    [-HKEY_CLASSES_ROOT\CLSID\{50A96677-4378-434d-9F4B-6B28B485933F}\{976BA62F-ABEF-40e0-8F7B-6DE4F6756F0B}]
    [-HKEY_CLASSES_ROOT\CLSID\{9781B2D1-AF27-474F-A3A5-C0763FBDF3B7}]
    [-HKEY_CLASSES_ROOT\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    [-HKEY_CLASSES_ROOT\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
    [-HKEY_CLASSES_ROOT\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}]
    [-HKEY_CLASSES_ROOT\PROTOCOLS\Handler\avgsecuritytoolbar]
    [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayWSAlert]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
    [-HKEY_CURRENT_USER\Software\AppDataLow\Avg]
    [-HKEY_CURRENT_USER\Software\AVG Security Toolbar]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\AVG Security Toolbar]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms]
    [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayRSAlert]
    [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayScanFinished]
    [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayScanFinishedThreatFound]
    [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayScanStarted]
    [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayWSAlert]
    [-HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\avgtray]
    [-HKEY_USERS\.DEFAULT\Software\AppDataLow\Avg]
    [-HKEY_USERS\.DEFAULT\Software\Avg]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
    
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{A3BC75A2-1F87-4686-AA43-5347D756017C}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG9_TRAY"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"=-
    "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
    "{3f963a5b-e555-4543-90e2-c3908898db71}"=-
    "avg@igeared"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GroupOrderList]
    "AVG"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpywareTerminator"=-
    
    DRIVER::
    Avg
    AVGIDSAgent
    AVGIDSDriver
    AVGIDSEH
    AVGIDSFilter
    AVGIDSShim
    Avgldx86
    Avgmfx86
    Avgrkx86
    Avgtdix
    avgwd
    AVG Security Toolbar Service
    avg9emc
    avg9wd
    sp_rsdrv2 
    
    FOLDER::
    %SYSTEMDRIVE%\$AVG
    %COMMONAPPDATA%\AVG10
    %COMMONAPPDATA%\MFAData
    %COMMONPROGRAMS%\AVG 2011
    %APPDATA%\AVG10
    %PROGRAMFILES%\AVG
    %SYSTEM%\drivers\AVG
    %COMMONAPPDATA%\AVG Security Toolbar
    %COMMONAPPDATA%\avg9
    %COMMONPrograms%\AVG Free 9.0
    c:\program files\Spyware Terminator
    c:\documents and settings\Owner\Application Data\Spyware Terminator
    :\documents and settings\All Users\Application Data\Spyware Terminator
    
    File::
    %COMMONAPPDATA%\Common Files\6F59E522-4689-156E-316C-D5B48819DE95.dat
    %COMMONDESKTOP%\AVG 2011.lnk
    %SYSTEM%\drivers\AVGIDSDriver.sys
    %SYSTEM%\drivers\AVGIDSEH.sys
    %SYSTEM%\drivers\AVGIDSFilter.sys
    %SYSTEM%\drivers\AVGIDSShim.sys
    %SYSTEM%\drivers\avgldx86.sys
    %SYSTEM%\drivers\avgmfx86.sys
    %SYSTEM%\drivers\avgrkx86.sys
    %SYSTEM%\drivers\avgtdix.sys
    %COMMONDesktop%\AVG Free 9.0.lnk
    %PROGRAMFILES%\Mozilla Firefox\searchplugins\avg_igeared.xml
    %SYSTEM%\avgrsstx.dll
    c:\windows\system32\drivers\sp_rsdrv2.sys 
    
    SECCENTER::
    AVG Anti-Virus Free
    Save this as CFScript.txt, in the same location as ComboFix.exe




    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


    3.
    Please download Malwarebytes Anti-Malware and save it to your desktop.
    • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.

    Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

    • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
      For instructions with screenshots, please refer to this Guide.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
    • If an update is found, the program will automatically update itself. Press the OK button and continue.
    • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

    • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
    • Click on the Scan button.
    • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked and then click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab.
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
    • Exit Malwarebytes when done.

    Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

    4.
    I'd like us to scan your machine with ESET OnlineScan
    1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
    2. Click the button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the
        icon on your desktop.
    4. Check "YES, I accept the Terms of Use."
    5. Click the Start button.
    6. Accept any security warnings from your browser.
    7. Under scan settings, check "Scan Archives" and "Remove found threats"
    8. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
    9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    10. When the scan completes, click List Threats
    11. Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    12. Click the Back button.
    13. Click the Finish button.


    Things to include in your next reply::
    Combofix.txt
    MBAM log
    Eset log
    How is your machine running now?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  7. #7
    Member
    Join Date
    Feb 2010
    Posts
    126
    Points
    1

    Default

    COMBOFIX


    ComboFix 12-05-21.06 - Owner 22/05/2012 18:08:41.3.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.746 [GMT 12:00]
    Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
    Command switches used :: c:\documents and settings\Owner\My Documents\Downloads\CFScript.txt.txt
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}
    .
    FILE ::
    "c:\documents and settings\All Users\Application Data\Common Files\6F59E522-4689-156E-316C-D5B48819DE95.dat"
    "c:\documents and settings\All Users\Desktop\AVG 2011.lnk"
    "c:\documents and settings\All Users\Desktop\AVG Free 9.0.lnk"
    "c:\program files\Mozilla Firefox\searchplugins\avg_igeared.xml"
    "c:\windows\system32\avgrsstx.dll"
    "c:\windows\system32\drivers\AVGIDSDriver.sys"
    "c:\windows\system32\drivers\AVGIDSEH.sys"
    "c:\windows\system32\drivers\AVGIDSFilter.sys"
    "c:\windows\system32\drivers\AVGIDSShim.sys"
    "c:\windows\system32\drivers\avgldx86.sys"
    "c:\windows\system32\drivers\avgmfx86.sys"
    "c:\windows\system32\drivers\avgrkx86.sys"
    "c:\windows\system32\drivers\avgtdix.sys"
    "c:\windows\system32\drivers\sp_rsdrv2.sys"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\AVG Security Toolbar
    c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
    c:\documents and settings\All Users\Application Data\AVG Security Toolbar\Languages\en.ini
    c:\documents and settings\All Users\Application Data\AVG Security Toolbar\Languages\languages.cfg
    c:\documents and settings\All Users\Application Data\AVG Security Toolbar\osd.xml
    c:\documents and settings\All Users\Application Data\MFAData
    c:\documents and settings\All Users\Application Data\MFAData\logs\mfa-20120515-080650.log
    c:\documents and settings\All Users\Application Data\MFAData\logs\mfa-20120515-081952.log
    c:\documents and settings\All Users\Application Data\MFAData\logs\mfa-20120520-092704.log
    c:\documents and settings\All Users\Application Data\MFAData\logs\mfa-20120520-223416.log
    c:\documents and settings\All Users\Application Data\MFAData\logs\msi-20120520-092704.log
    c:\documents and settings\All Users\Application Data\MFAData\logs\msi-20120520-223416.log
    c:\documents and settings\All Users\Application Data\MFAData\public_installation_log.xml
    c:\documents and settings\All Users\Application Data\MFAData\setup_tp.cab
    c:\documents and settings\Owner\Application Data\Spyware Terminator
    c:\documents and settings\Owner\Application Data\Spyware Terminator\BIN_STREVIEWS.SPT
    c:\documents and settings\Owner\Application Data\Spyware Terminator\BIN_STRSBW.SPT
    c:\documents and settings\Owner\Application Data\Spyware Terminator\info.htm
    c:\documents and settings\Owner\Application Data\Spyware Terminator\LanguageAct\info.ini
    c:\documents and settings\Owner\Application Data\Spyware Terminator\LanguageAct\language.inf
    c:\documents and settings\Owner\Application Data\Spyware Terminator\LanguageAct\language.ini
    c:\documents and settings\Owner\Application Data\Spyware Terminator\Reports\reports.dat
    c:\documents and settings\Owner\Application Data\Spyware Terminator\Reports\scan_0001.dat
    c:\documents and settings\Owner\Application Data\Spyware Terminator\Reports\supportReport.txt
    c:\documents and settings\Owner\Application Data\Spyware Terminator\scanConfig.xml
    c:\documents and settings\Owner\Application Data\Spyware Terminator\shields.xml
    c:\documents and settings\Owner\WINDOWS
    C:\install.exe
    c:\program files\AVG
    c:\program files\AVG\AVG10\avg.snu
    c:\program files\AVG\AVG10\avgatend.stp
    c:\program files\AVG\AVG10\avgatupd.stp
    c:\program files\AVG\AVG10\avgmfapx.exe
    c:\program files\AVG\AVG10\avgmfarx.dll
    c:\program files\AVG\AVG10\avgupd.sig
    c:\program files\AVG\AVG10\avgupdx.dll
    c:\program files\AVG\AVG10\cf.dat
    c:\program files\Spyware Terminator
    c:\program files\Spyware Terminator\BIN_RSCSDA.SPF
    c:\program files\Spyware Terminator\history.txt
    c:\program files\Spyware Terminator\languages\ST_BRAZILIANS.cab
    c:\program files\Spyware Terminator\languages\ST_CATALAN.cab
    c:\program files\Spyware Terminator\languages\ST_CHINESE.cab
    c:\program files\Spyware Terminator\languages\ST_CZECH.cab
    c:\program files\Spyware Terminator\languages\ST_DANISH.cab
    c:\program files\Spyware Terminator\languages\ST_DUTCH.cab
    c:\program files\Spyware Terminator\languages\ST_ENGLISH.cab
    c:\program files\Spyware Terminator\languages\ST_FRENCH.cab
    c:\program files\Spyware Terminator\languages\ST_GERMAN.cab
    c:\program files\Spyware Terminator\languages\ST_HUNGARIAN.cab
    c:\program files\Spyware Terminator\languages\ST_ITALIANO.cab
    c:\program files\Spyware Terminator\languages\ST_PORTUGUESE.cab
    c:\program files\Spyware Terminator\languages\ST_ROMANIAN.cab
    c:\program files\Spyware Terminator\languages\ST_RUSSIAN.cab
    c:\program files\Spyware Terminator\languages\ST_SERBIAN.cab
    c:\program files\Spyware Terminator\languages\ST_SPANISH.cab
    c:\program files\Spyware Terminator\languages\ST_TURKISH.cab
    c:\program files\Spyware Terminator\languages\ST_VALENCIAN.cab
    c:\program files\Spyware Terminator\sp_rsser.exe
    c:\program files\Spyware Terminator\sptcontmenu.dll
    c:\program files\Spyware Terminator\SpyWareTerminator.exe
    c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe
    c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
    c:\program files\Spyware Terminator\TorentDll.dll
    c:\program files\Spyware Terminator\unins000.exe
    c:\program files\Spyware Terminator\update\WebSecurityGuard_STSetup.exe
    c:\windows\help\wmplayer.bak
    c:\windows\iun6002.exe
    c:\windows\SwSys1.bmp
    c:\windows\SwSys2.bmp
    c:\windows\system32\dllcache\dlimport.exe
    c:\windows\system32\dllcache\wmpvis.dll
    c:\windows\system32\drivers\AVG
    c:\windows\system32\drivers\AVG\iavifw.avm
    c:\windows\system32\drivers\AVGIDSEH.sys
    c:\windows\system32\drivers\etc\hosts.ics
    c:\windows\system32\drivers\sp_rsdrv2.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_AVGIDSDRIVER
    -------\Legacy_AVGIDSEH
    -------\Legacy_AVGIDSFILTER
    -------\Legacy_AVGIDSSHIM
    -------\Legacy_AVGLDX86
    -------\Legacy_AVGRKX86
    -------\Legacy_AVGTDIX
    -------\Legacy_SP_RSDRV2
    -------\Service_AVG Security Toolbar Service
    -------\Service_sp_rsdrv2
    -------\Legacy_sp_rssrv
    -------\Legacy_sp_rssrv
    -------\Service_sp_rssrv
    -------\Service_sp_rssrv
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-04-22 to 2012-05-22 )))))))))))))))))))))))))))))))
    .
    .
    2012-05-22 00:19 . 2012-05-22 00:19 -------- d-----w- c:\documents and settings\Owner\Application Data\Carambis
    2012-05-22 00:18 . 2012-05-22 00:18 -------- d-----w- c:\program files\Carambis
    2012-05-22 00:03 . 2004-02-26 17:01 79654 ----a-w- c:\windows\system32\E_FLM9BL.DLL
    2012-05-22 00:03 . 2000-06-06 13:01 34304 ----a-w- c:\windows\system32\E_FBCH9BL.DLL
    2012-05-22 00:03 . 2003-05-20 14:27 64000 ----a-w- c:\windows\system32\E_FBCB9BL.DLL
    2012-05-22 00:01 . 2004-03-11 13:30 82944 ----a-w- c:\windows\system32\EAL.EXE
    2012-05-22 00:01 . 2004-01-15 13:10 309248 ----a-w- c:\windows\system32\EAL32.DLL
    2012-05-21 23:52 . 2012-05-21 23:52 -------- d-----w- c:\windows\TWAIN
    2012-05-21 23:52 . 1994-09-16 02:00 20976 ----a-w- c:\windows\system32\CTL3D.DLL
    2012-05-21 23:52 . 2012-05-21 23:58 -------- d-----w- C:\EPSCAN32
    2012-05-21 23:52 . 1997-04-08 08:08 299520 ----a-w- c:\windows\uninst.exe
    2012-05-21 23:52 . 2012-05-21 23:52 -------- d-----w- C:\EPSON
    2012-05-20 23:39 . 2012-05-20 23:39 -------- d-----w- c:\program files\OpenOffice.org 3
    2012-05-20 09:33 . 2012-05-20 22:51 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
    2012-05-16 04:54 . 2012-05-16 04:59 -------- d-----w- C:\8d0e81301c2bcfc3f949b2943302
    2012-05-16 04:21 . 2012-05-16 04:21 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-05-16 04:15 . 2012-05-16 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
    2012-05-16 04:15 . 2012-05-16 04:15 -------- d-----w- c:\program files\WinClamAVShield
    2012-05-16 00:47 . 2012-05-16 00:47 -------- d-----w- c:\documents and settings\Owner\Application Data\ElevatedDiagnostics
    2012-05-15 08:36 . 2012-05-15 08:36 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
    2012-05-15 08:36 . 2012-05-15 08:36 -------- d-----w- c:\program files\Trend Micro
    2012-05-15 08:35 . 2012-05-16 04:33 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-05-15 08:35 . 2012-05-15 08:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2012-05-13 02:49 . 2012-05-16 04:16 -------- d-----w- c:\program files\Crawler
    2012-05-11 03:09 . 2012-05-16 04:18 -------- d-----w- c:\program files\Common Files\Java(2)
    2012-05-11 03:06 . 2012-05-11 03:06 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Sun
    2012-05-07 08:35 . 2012-05-16 04:19 -------- d-----w- c:\program files\Blip Blop
    2012-05-07 08:14 . 2012-05-16 04:19 -------- d-----w- c:\program files\Westbang
    2012-04-30 02:43 . 2012-04-30 02:43 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-11 13:12 . 2004-04-02 05:38 1862272 ----a-w- c:\windows\system32\win32k.sys
    2012-04-11 13:10 . 2004-04-02 05:38 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-04-11 12:35 . 2002-08-29 08:04 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-03-06 03:43 . 2012-04-18 05:15 772248 ----a-w- c:\windows\system32\msvcr100.dll
    2012-03-06 03:43 . 2012-04-18 05:15 419480 ----a-w- c:\windows\system32\msvcp100.dll
    2012-03-06 03:43 . 2012-04-18 05:15 136344 ----a-w- c:\windows\system32\atl100.dll
    2012-03-06 03:43 . 2012-04-18 05:15 80024 ----a-w- c:\windows\system32\mfcm100u.dll
    2012-03-06 03:43 . 2012-04-18 05:15 4421272 ----a-w- c:\windows\system32\mfc100u.dll
    2012-03-01 11:01 . 2004-05-19 04:52 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-03-01 11:01 . 2004-05-19 04:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-03-01 11:01 . 2004-01-21 13:16 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-02-29 14:10 . 2004-05-19 04:12 177664 ----a-w- c:\windows\system32\wintrust.dll
    2012-02-29 14:10 . 2004-04-02 05:37 148480 ----a-w- c:\windows\system32\imagehlp.dll
    2012-02-29 12:17 . 2009-06-22 02:08 385024 ----a-w- c:\windows\system32\html.iec
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-05-20_09.09.36 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-11-06 14:19 . 2007-11-06 14:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
    + 2008-04-10 16:32 . 2008-04-10 16:32 49152 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90kor.dll
    + 2008-04-10 16:32 . 2008-04-10 16:32 49664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90jpn.dll
    + 2008-04-10 16:32 . 2008-04-10 16:32 61952 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90ita.dll
    + 2008-04-10 16:32 . 2008-04-10 16:32 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90fra.dll
    + 2008-04-10 16:32 . 2008-04-10 16:32 61952 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90esp.dll
    + 2008-04-10 16:32 . 2008-04-10 16:32 61952 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90esn.dll
    + 2008-04-10 16:32 . 2008-04-10 16:32 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90enu.dll
    + 2008-04-10 16:32 . 2008-04-10 16:32 63488 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90deu.dll
    + 2008-04-10 16:32 . 2008-04-10 16:32 44544 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90cht.dll
    + 2008-04-10 16:32 . 2008-04-10 16:32 44032 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90chs.dll
    + 2008-04-10 13:51 . 2008-04-10 13:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_421e9f78\mfcm90u.dll
    + 2008-04-10 13:51 . 2008-04-10 13:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_421e9f78\mfcm90.dll
    + 2012-05-21 23:52 . 1996-08-23 13:00 29984 c:\windows\TWAIN\CALIBRAT\EPSCNCAL.EXE
    + 2010-03-17 21:15 . 2010-03-17 21:15 51024 c:\windows\system32\vcomp100.dll
    - 2009-06-22 03:07 . 2003-02-20 01:08 54784 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\EPSET32.DLL
    + 2009-06-22 03:07 . 2003-02-19 13:08 54784 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\EPSET32.DLL
    + 2009-06-22 03:07 . 2003-11-11 13:02 81920 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\EBPSHRE4.DLL
    - 2009-06-22 03:07 . 2003-11-12 01:02 81920 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\EBPSHRE4.DLL
    - 2009-06-22 03:07 . 2004-02-19 02:03 65536 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_S00RP1.EXE
    + 2009-06-22 03:07 . 2004-02-18 14:03 65536 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_S00RP1.EXE
    + 2012-05-22 00:01 . 2004-05-23 16:00 93696 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FMW09BL.DLL
    + 2012-05-22 00:03 . 2004-01-18 17:00 68362 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FMAI9BL.DLL
    + 2012-05-22 00:03 . 2004-03-17 20:00 19968 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FHUT9BL.EXE
    + 2012-05-22 00:01 . 2004-05-25 13:00 92672 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FHSR9BL.DLL
    + 2012-05-22 00:03 . 2004-02-03 14:00 71680 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FGRC9BL.DLL
    + 2012-05-22 00:03 . 2004-03-29 17:00 55269 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FDSP9BL.DLL
    + 2012-05-22 00:03 . 2002-06-06 16:00 28160 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FBSR9BL.EXE
    + 2012-05-22 00:03 . 2004-02-17 13:10 98304 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FBAG9BL.DLL
    + 2012-05-22 00:03 . 2004-03-03 15:00 98304 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FATI9BL.EXE
    + 2012-05-22 00:03 . 2004-02-18 15:02 94208 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FASK9BL.DLL
    + 2012-05-22 00:03 . 2004-03-02 15:05 81920 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FARN9BL.EXE
    + 2012-05-22 00:03 . 2004-03-17 13:00 56832 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FAIR9BL.DLL
    + 2010-03-17 21:15 . 2010-03-17 21:15 80208 c:\windows\system32\mfcm100.dll
    + 2010-03-17 21:15 . 2010-03-17 21:15 60752 c:\windows\system32\mfc100rus.dll
    + 2010-03-17 21:15 . 2010-03-17 21:15 43344 c:\windows\system32\mfc100kor.dll
    + 2010-03-17 21:15 . 2010-03-17 21:15 43856 c:\windows\system32\mfc100jpn.dll
    + 2010-03-17 21:15 . 2010-03-17 21:15 62288 c:\windows\system32\mfc100ita.dll
    + 2010-03-17 21:15 . 2010-03-17 21:15 64336 c:\windows\system32\mfc100fra.dll
    + 2010-03-17 21:15 . 2010-03-17 21:15 63824 c:\windows\system32\mfc100esn.dll
    + 2010-03-17 21:15 . 2010-03-17 21:15 55120 c:\windows\system32\mfc100enu.dll
    + 2010-03-17 21:15 . 2010-03-17 21:15 64336 c:\windows\system32\mfc100deu.dll
    + 2010-03-17 21:15 . 2010-03-17 21:15 36176 c:\windows\system32\mfc100cht.dll
    + 2010-03-17 21:15 . 2010-03-17 21:15 36176 c:\windows\system32\mfc100chs.dll
    + 2012-05-20 23:39 . 2012-05-20 23:39 11264 c:\windows\assembly\GAC_MSIL\cli_basetypes\1.0.19.0__ce2cb7e279207b9e\cli_basetypes.dll
    + 2012-05-20 23:40 . 2012-05-20 23:40 63488 c:\windows\assembly\GAC_32\cli_cppuhelper\1.0.22.0__ce2cb7e279207b9e\cli_cppuhelper.dll
    + 2009-06-22 03:07 . 2003-11-17 12:00 6289 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\EPUPDATE.DAT
    + 2012-05-22 00:03 . 2004-03-23 15:10 2696 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FAIF9BL.DAT
    + 2012-05-20 23:40 . 2012-05-20 23:40 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_uretypes\8.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_uretypes.dll
    + 2012-05-20 23:40 . 2012-05-20 23:40 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_ure\22.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_ure.dll
    + 2012-05-20 23:41 . 2012-05-20 23:41 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_oootypes\8.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_oootypes.dll
    + 2012-05-20 23:40 . 2012-05-20 23:40 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_basetypes\19.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_basetypes.dll
    + 2012-05-20 23:40 . 2012-05-20 23:40 7680 c:\windows\assembly\GAC_MSIL\cli_ure\1.0.22.0__ce2cb7e279207b9e\cli_ure.dll
    + 2012-05-20 23:41 . 2012-05-20 23:41 3072 c:\windows\assembly\GAC_32\policy.1.0.cli_cppuhelper\22.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_cppuhelper.dll
    + 2008-04-10 16:32 . 2008-04-10 16:32 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_71382c73\msvcr90.dll
    + 2008-04-10 16:32 . 2008-04-10 16:32 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_71382c73\msvcp90.dll
    + 2008-04-10 10:52 . 2008-04-10 10:52 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_71382c73\msvcm90.dll
    + 2007-11-06 14:19 . 2007-11-06 14:19 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_312cf0e9\atl90.dll
    + 2012-05-21 23:52 . 1997-06-22 13:03 126944 c:\windows\TWAIN\CALIBRAT\EPPRNCAL.EXE
    - 2009-06-22 03:07 . 2004-02-05 01:05 122880 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\SAGENT4.EXE
    + 2009-06-22 03:07 . 2004-02-04 13:05 122880 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\SAGENT4.EXE
    + 2009-06-22 03:07 . 2004-02-02 18:05 675840 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\EPUPDATE.EXE
    - 2009-06-22 03:07 . 2004-02-03 06:05 675840 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\EPUPDATE.EXE
    + 2012-05-22 00:03 . 2004-03-28 17:00 404240 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FUIC9BL.DLL
    + 2012-05-22 00:03 . 2004-01-19 16:00 509952 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FPRU9BL.DLL
    + 2012-05-22 00:03 . 2004-01-28 16:00 145408 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FPRE9BL.EXE
    + 2012-05-22 00:03 . 2004-01-28 16:00 421376 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FJBC9BL.DLL
    + 2012-05-22 00:03 . 2004-03-17 20:00 142848 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FHUT9BL.DLL
    + 2012-05-22 00:03 . 2004-03-02 16:00 218624 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FHT09BL.DLL
    + 2012-05-22 00:03 . 2004-03-17 16:00 336896 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FHM09BL.DLL
    + 2012-05-22 00:01 . 2004-04-28 13:01 605184 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FHBR9BL.DLL
    + 2012-05-22 00:03 . 2004-01-28 16:00 315392 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FCON9BL.DLL
    + 2012-05-22 00:03 . 2004-02-26 17:01 192512 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FBLP9BL.DLL
    + 2012-05-22 00:03 . 2004-03-02 16:20 155648 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FBIN9BL.EXE
    + 2012-05-22 00:03 . 2004-02-04 17:00 159744 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FBAP9BL.DLL
    + 2012-05-22 00:01 . 2004-05-10 15:10 385024 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FASR9BL.DLL
    + 2012-05-22 00:03 . 2004-04-04 15:10 331776 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FAPR9BL.DLL
    + 2012-05-22 00:03 . 2004-03-02 15:07 110592 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FAMT9BL.EXE
    + 2012-05-22 00:03 . 2004-04-01 15:13 192512 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FAMD9BL.EXE
    + 2012-05-22 00:19 . 2012-05-22 00:19 151552 c:\windows\Installer\b29b1a.msi
    + 2012-05-20 23:38 . 2012-05-20 23:38 228864 c:\windows\Installer\2b4682.msi
    + 2012-05-20 23:40 . 2012-05-20 23:40 118784 c:\windows\assembly\GAC_MSIL\cli_uretypes\1.0.8.0__ce2cb7e279207b9e\cli_uretypes.dll
    + 2012-05-20 23:41 . 2012-05-20 23:41 905216 c:\windows\assembly\GAC_MSIL\cli_oootypes\1.0.8.0__ce2cb7e279207b9e\cli_oootypes.dll
    + 2008-04-10 16:32 . 2008-04-10 16:32 3783160 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_421e9f78\mfc90u.dll
    + 2008-04-10 16:32 . 2008-04-10 16:32 3767288 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_421e9f78\mfc90.dll
    + 2012-05-22 00:01 . 2004-05-25 14:01 1077248 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FUIR9BL.DLL
    + 2012-05-22 00:01 . 2004-05-23 16:00 1182208 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FSR09BL.DLL
    + 2010-03-17 21:15 . 2010-03-17 21:15 4342088 c:\windows\system32\mfc100.dll
    + 2004-04-01 22:44 . 2012-05-21 21:10 3614368 c:\windows\system32\FNTCACHE.DAT
    + 2012-05-20 23:42 . 2012-05-20 23:42 3105280 c:\windows\Installer\2b46a8.msi
    + 2011-07-11 08:43 . 2011-07-11 08:43 11641344 c:\windows\Installer\75d9e.msp
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-01 3905920]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-28 88363]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
    2009-06-26 04:52 68592 -c--a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-12-07 12:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\tixati\\tixati.exe"=
    "c:\\WINDOWS\\system32\\msiexec.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    .
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/09/2010 3:52 PM 721904]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/07/2011 4:27 AM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [13/07/2011 9:55 AM 67664]
    R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [11/09/2010 3:51 PM 85760]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 11:38 AM 116608]
    R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12/07/2010 3:33 AM 30432]
    R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2/04/2004 2:12 AM 152576]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/11/2010 11:39 AM 136176]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29/02/2012 7:50 AM 158856]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/11/2010 11:39 AM 136176]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-16 c:\windows\Tasks\expressburnShakeIcon.job
    - c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2011-03-23 06:57]
    .
    2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 23:38]
    .
    2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 23:38]
    .
    2012-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1918235205-1724217292-322963331-1003.job
    - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-24 21:39]
    .
    2012-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2596039655-1110919557-3213181978-1003Core.job
    - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-24 21:39]
    .
    2012-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2596039655-1110919557-3213181978-1003UA.job
    - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-24 21:39]
    .
    2012-05-22 c:\windows\Tasks\User_Feed_Synchronization-{0D08D22A-D2EC-49FA-8583-9999B4002DC0}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-07 16:31]
    .
    2012-04-02 c:\windows\Tasks\videopadShakeIcon.job
    - c:\program files\NCH Software\VideoPad\videopad.exe [2012-04-01 05:36]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://www.trademe.co.nz/
    uDefault_Search_URL = hxxp://www.google.com
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_NZ&c=Q304&bd=pavilion&pf=desktop
    mWindow Title =
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = localhost
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
    TCP: DhcpNameServer = 10.1.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    HKLM-Run-EPSON Stylus CX3500 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9BL.EXE
    MSConfigStartUp-EPSON Stylus CX3500 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE
    AddRemove-Spyware Terminator_is1 - c:\program files\Spyware Terminator\unins000.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2012-05-22 18:24
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PCDRSRVC]
    "ImagePath"="system32\drivers\PCDRSRVC.pkms"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(932)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(3928)
    c:\windows\system32\WININET.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\igfxpph.dll
    c:\windows\system32\hccutils.DLL
    c:\windows\system32\igfxres.dll
    c:\windows\system32\igfxsrvc.dll
    c:\windows\system32\igfxdev.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\AGRSMMSG.exe
    c:\progra~1\Microsoft ActiveSync\rapimgr.exe
    c:\windows\SoftwareDistribution\Download\Install\NDP20SP2-KB2572073-x86.exe
    c:\1540017b0bee09accfff07e45226\HotFixInstaller.exe
    c:\windows\system32\msiexec.exe
    c:\windows\system32\MsiExec.exe
    c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    .
    **************************************************************************
    .
    Completion time: 2012-05-22 18:36:09 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-05-22 06:36
    .
    Pre-Run: 13,608,660,992 bytes free
    Post-Run: 13,875,191,808 bytes free
    .
    - - End Of File - - 522C7EAE51212AEB0ED589F6B6DE4452

    MBAM


    Malwarebytes Anti-Malware 1.61.0.1400

    Database version: v2012.05.22.03

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Owner :: YOUR-FK3WZJTN19 [administrator]

    23/05/2012 11:53:29 AM
    mbam-log-2012-05-23 (11-53-29).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 209334
    Time elapsed: 14 minute(s), 54 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    NO threats found in the ESET scan, wasn't able to retrieve a log either. Have installed Avira as well and the comp seems to be in tip-top shape!
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

  8. #8
    Member
    Join Date
    Feb 2010
    Posts
    126
    Points
    1

    Default

    COMBOFIX


    ComboFix 12-05-21.06 - Owner 22/05/2012 18:08:41.3.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.746 [GMT 12:00]
    Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
    Command switches used :: c:\documents and settings\Owner\My Documents\Downloads\CFScript.txt.txt
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}
    .
    FILE ::
    "c:\documents and settings\All Users\Application Data\Common Files\6F59E522-4689-156E-316C-D5B48819DE95.dat"
    "c:\documents and settings\All Users\Desktop\AVG 2011.lnk"
    "c:\documents and settings\All Users\Desktop\AVG Free 9.0.lnk"
    "c:\program files\Mozilla Firefox\searchplugins\avg_igeared.xml"
    "c:\windows\system32\avgrsstx.dll"
    "c:\windows\system32\drivers\AVGIDSDriver.sys"
    "c:\windows\system32\drivers\AVGIDSEH.sys"
    "c:\windows\system32\drivers\AVGIDSFilter.sys"
    "c:\windows\system32\drivers\AVGIDSShim.sys"
    "c:\windows\system32\drivers\avgldx86.sys"
    "c:\windows\system32\drivers\avgmfx86.sys"
    "c:\windows\system32\drivers\avgrkx86.sys"
    "c:\windows\system32\drivers\avgtdix.sys"
    "c:\windows\system32\drivers\sp_rsdrv2.sys"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\AVG Security Toolbar
    c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
    c:\documents and settings\All Users\Application Data\AVG Security Toolbar\Languages\en.ini
    c:\documents and settings\All Users\Application Data\AVG Security Toolbar\Languages\languages.cfg
    c:\documents and settings\All Users\Application Data\AVG Security Toolbar\osd.xml
    c:\documents and settings\All Users\Application Data\MFAData
    c:\documents and settings\All Users\Application Data\MFAData\logs\mfa-20120515-080650.log
    c:\documents and settings\All Users\Application Data\MFAData\logs\mfa-20120515-081952.log
    c:\documents and settings\All Users\Application Data\MFAData\logs\mfa-20120520-092704.log
    c:\documents and settings\All Users\Application Data\MFAData\logs\mfa-20120520-223416.log
    c:\documents and settings\All Users\Application Data\MFAData\logs\msi-20120520-092704.log
    c:\documents and settings\All Users\Application Data\MFAData\logs\msi-20120520-223416.log
    c:\documents and settings\All Users\Application Data\MFAData\public_installation_log.xml
    c:\documents and settings\All Users\Application Data\MFAData\setup_tp.cab
    c:\documents and settings\Owner\Application Data\Spyware Terminator
    c:\documents and settings\Owner\Application Data\Spyware Terminator\BIN_STREVIEWS.SPT
    c:\documents and settings\Owner\Application Data\Spyware Terminator\BIN_STRSBW.SPT
    c:\documents and settings\Owner\Application Data\Spyware Terminator\info.htm
    c:\documents and settings\Owner\Application Data\Spyware Terminator\LanguageAct\info.ini
    c:\documents and settings\Owner\Application Data\Spyware Terminator\LanguageAct\language.inf
    c:\documents and settings\Owner\Application Data\Spyware Terminator\LanguageAct\language.ini
    c:\documents and settings\Owner\Application Data\Spyware Terminator\Reports\reports.dat
    c:\documents and settings\Owner\Application Data\Spyware Terminator\Reports\scan_0001.dat
    c:\documents and settings\Owner\Application Data\Spyware Terminator\Reports\supportReport.txt
    c:\documents and settings\Owner\Application Data\Spyware Terminator\scanConfig.xml
    c:\documents and settings\Owner\Application Data\Spyware Terminator\shields.xml
    c:\documents and settings\Owner\WINDOWS
    C:\install.exe
    c:\program files\AVG
    c:\program files\AVG\AVG10\avg.snu
    c:\program files\AVG\AVG10\avgatend.stp
    c:\program files\AVG\AVG10\avgatupd.stp
    c:\program files\AVG\AVG10\avgmfapx.exe
    c:\program files\AVG\AVG10\avgmfarx.dll
    c:\program files\AVG\AVG10\avgupd.sig
    c:\program files\AVG\AVG10\avgupdx.dll
    c:\program files\AVG\AVG10\cf.dat
    c:\program files\Spyware Terminator
    c:\program files\Spyware Terminator\BIN_RSCSDA.SPF
    c:\program files\Spyware Terminator\history.txt
    c:\program files\Spyware Terminator\languages\ST_BRAZILIANS.cab
    c:\program files\Spyware Terminator\languages\ST_CATALAN.cab
    c:\program files\Spyware Terminator\languages\ST_CHINESE.cab
    c:\program files\Spyware Terminator\languages\ST_CZECH.cab
    c:\program files\Spyware Terminator\languages\ST_DANISH.cab
    c:\program files\Spyware Terminator\languages\ST_DUTCH.cab
    c:\program files\Spyware Terminator\languages\ST_ENGLISH.cab
    c:\program files\Spyware Terminator\languages\ST_FRENCH.cab
    c:\program files\Spyware Terminator\languages\ST_GERMAN.cab
    c:\program files\Spyware Terminator\languages\ST_HUNGARIAN.cab
    c:\program files\Spyware Terminator\languages\ST_ITALIANO.cab
    c:\program files\Spyware Terminator\languages\ST_PORTUGUESE.cab
    c:\program files\Spyware Terminator\languages\ST_ROMANIAN.cab
    c:\program files\Spyware Terminator\languages\ST_RUSSIAN.cab
    c:\program files\Spyware Terminator\languages\ST_SERBIAN.cab
    c:\program files\Spyware Terminator\languages\ST_SPANISH.cab
    c:\program files\Spyware Terminator\languages\ST_TURKISH.cab
    c:\program files\Spyware Terminator\languages\ST_VALENCIAN.cab
    c:\program files\Spyware Terminator\sp_rsser.exe
    c:\program files\Spyware Terminator\sptcontmenu.dll
    c:\program files\Spyware Terminator\SpyWareTerminator.exe
    c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe
    c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
    c:\program files\Spyware Terminator\TorentDll.dll
    c:\program files\Spyware Terminator\unins000.exe
    c:\program files\Spyware Terminator\update\WebSecurityGuard_STSetup.exe
    c:\windows\help\wmplayer.bak
    c:\windows\iun6002.exe
    c:\windows\SwSys1.bmp
    c:\windows\SwSys2.bmp
    c:\windows\system32\dllcache\dlimport.exe
    c:\windows\system32\dllcache\wmpvis.dll
    c:\windows\system32\drivers\AVG
    c:\windows\system32\drivers\AVG\iavifw.avm
    c:\windows\system32\drivers\AVGIDSEH.sys
    c:\windows\system32\drivers\etc\hosts.ics
    c:\windows\system32\drivers\sp_rsdrv2.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_AVGIDSDRIVER
    -------\Legacy_AVGIDSEH
    -------\Legacy_AVGIDSFILTER
    -------\Legacy_AVGIDSSHIM
    -------\Legacy_AVGLDX86
    -------\Legacy_AVGRKX86
    -------\Legacy_AVGTDIX
    -------\Legacy_SP_RSDRV2
    -------\Service_AVG Security Toolbar Service
    -------\Service_sp_rsdrv2
    -------\Legacy_sp_rssrv
    -------\Legacy_sp_rssrv
    -------\Service_sp_rssrv
    -------\Service_sp_rssrv
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-04-22 to 2012-05-22 )))))))))))))))))))))))))))))))
    .
    .
    2012-05-22 00:19 . 2012-05-22 00:19 -------- d-----w- c:\documents and settings\Owner\Application Data\Carambis
    2012-05-22 00:18 . 2012-05-22 00:18 -------- d-----w- c:\program files\Carambis
    2012-05-22 00:03 . 2004-02-26 17:01 79654 ----a-w- c:\windows\system32\E_FLM9BL.DLL
    2012-05-22 00:03 . 2000-06-06 13:01 34304 ----a-w- c:\windows\system32\E_FBCH9BL.DLL
    2012-05-22 00:03 . 2003-05-20 14:27 64000 ----a-w- c:\windows\system32\E_FBCB9BL.DLL
    2012-05-22 00:01 . 2004-03-11 13:30 82944 ----a-w- c:\windows\system32\EAL.EXE
    2012-05-22 00:01 . 2004-01-15 13:10 309248 ----a-w- c:\windows\system32\EAL32.DLL
    2012-05-21 23:52 . 2012-05-21 23:52 -------- d-----w- c:\windows\TWAIN
    2012-05-21 23:52 . 1994-09-16 02:00 20976 ----a-w- c:\windows\system32\CTL3D.DLL
    2012-05-21 23:52 . 2012-05-21 23:58 -------- d-----w- C:\EPSCAN32
    2012-05-21 23:52 . 1997-04-08 08:08 299520 ----a-w- c:\windows\uninst.exe
    2012-05-21 23:52 . 2012-05-21 23:52 -------- d-----w- C:\EPSON
    2012-05-20 23:39 . 2012-05-20 23:39 -------- d-----w- c:\program files\OpenOffice.org 3
    2012-05-20 09:33 . 2012-05-20 22:51 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
    2012-05-16 04:54 . 2012-05-16 04:59 -------- d-----w- C:\8d0e81301c2bcfc3f949b2943302
    2012-05-16 04:21 . 2012-05-16 04:21 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-05-16 04:15 . 2012-05-16 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
    2012-05-16 04:15 . 2012-05-16 04:15 -------- d-----w- c:\program files\WinClamAVShield
    2012-05-16 00:47 . 2012-05-16 00:47 -------- d-----w- c:\documents and settings\Owner\Application Data\ElevatedDiagnostics
    2012-05-15 08:36 . 2012-05-15 08:36 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
    2012-05-15 08:36 . 2012-05-15 08:36 -------- d-----w- c:\program files\Trend Micro
    2012-05-15 08:35 . 2012-05-16 04:33 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-05-15 08:35 . 2012-05-15 08:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2012-05-13 02:49 . 2012-05-16 04:16 -------- d-----w- c:\program files\Crawler
    2012-05-11 03:09 . 2012-05-16 04:18 -------- d-----w- c:\program files\Common Files\Java(2)
    2012-05-11 03:06 . 2012-05-11 03:06 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Sun
    2012-05-07 08:35 . 2012-05-16 04:19 -------- d-----w- c:\program files\Blip Blop
    2012-05-07 08:14 . 2012-05-16 04:19 -------- d-----w- c:\program files\Westbang
    2012-04-30 02:43 . 2012-04-30 02:43 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-11 13:12 . 2004-04-02 05:38 1862272 ----a-w- c:\windows\system32\win32k.sys
    2012-04-11 13:10 . 2004-04-02 05:38 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-04-11 12:35 . 2002-08-29 08:04 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-03-06 03:43 . 2012-04-18 05:15 772248 ----a-w- c:\windows\system32\msvcr100.dll
    2012-03-06 03:43 . 2012-04-18 05:15 419480 ----a-w- c:\windows\system32\msvcp100.dll
    2012-03-06 03:43 . 2012-04-18 05:15 136344 ----a-w- c:\windows\system32\atl100.dll
    2012-03-06 03:43 . 2012-04-18 05:15 80024 ----a-w- c:\windows\system32\mfcm100u.dll
    2012-03-06 03:43 . 2012-04-18 05:15 4421272 ----a-w- c:\windows\system32\mfc100u.dll
    2012-03-01 11:01 . 2004-05-19 04:52 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-03-01 11:01 . 2004-05-19 04:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-03-01 11:01 . 2004-01-21 13:16 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-02-29 14:10 . 2004-05-19 04:12 177664 ----a-w- c:\windows\system32\wintrust.dll
    2012-02-29 14:10 . 2004-04-02 05:37 148480 ----a-w- c:\windows\system32\imagehlp.dll
    2012-02-29 12:17 . 2009-06-22 02:08 385024 ----a-w- c:\windows\system32\html.iec
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-05-20_09.09.36 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-11-06 14:19 . 2007-11-06 14:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
    + 2008-04-10 16:32 . 2008-04-10 16:32 49152 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90kor.dll
    + 2008-04-10 16:32 . 2008-04-10 16:32 49664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90jpn.dll
    + 2008-04-10 16:32 . 2008-04-10 16:32 61952 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90ita.dll
    + 2008-04-10 16:32 . 2008-04-10 16:32 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90fra.dll
    + 2008-04-10 16:32 . 2008-04-10 16:32 61952 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90esp.dll
    + 2008-04-10 16:32 . 2008-04-10 16:32 61952 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90esn.dll
    + 2008-04-10 16:32 . 2008-04-10 16:32 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90enu.dll
    + 2008-04-10 16:32 . 2008-04-10 16:32 63488 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90deu.dll
    + 2008-04-10 16:32 . 2008-04-10 16:32 44544 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90cht.dll
    + 2008-04-10 16:32 . 2008-04-10 16:32 44032 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90chs.dll
    + 2008-04-10 13:51 . 2008-04-10 13:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_421e9f78\mfcm90u.dll
    + 2008-04-10 13:51 . 2008-04-10 13:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_421e9f78\mfcm90.dll
    + 2012-05-21 23:52 . 1996-08-23 13:00 29984 c:\windows\TWAIN\CALIBRAT\EPSCNCAL.EXE
    + 2010-03-17 21:15 . 2010-03-17 21:15 51024 c:\windows\system32\vcomp100.dll
    - 2009-06-22 03:07 . 2003-02-20 01:08 54784 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\EPSET32.DLL
    + 2009-06-22 03:07 . 2003-02-19 13:08 54784 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\EPSET32.DLL
    + 2009-06-22 03:07 . 2003-11-11 13:02 81920 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\EBPSHRE4.DLL
    - 2009-06-22 03:07 . 2003-11-12 01:02 81920 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\EBPSHRE4.DLL
    - 2009-06-22 03:07 . 2004-02-19 02:03 65536 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_S00RP1.EXE
    + 2009-06-22 03:07 . 2004-02-18 14:03 65536 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_S00RP1.EXE
    + 2012-05-22 00:01 . 2004-05-23 16:00 93696 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FMW09BL.DLL
    + 2012-05-22 00:03 . 2004-01-18 17:00 68362 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FMAI9BL.DLL
    + 2012-05-22 00:03 . 2004-03-17 20:00 19968 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FHUT9BL.EXE
    + 2012-05-22 00:01 . 2004-05-25 13:00 92672 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FHSR9BL.DLL
    + 2012-05-22 00:03 . 2004-02-03 14:00 71680 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FGRC9BL.DLL
    + 2012-05-22 00:03 . 2004-03-29 17:00 55269 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FDSP9BL.DLL
    + 2012-05-22 00:03 . 2002-06-06 16:00 28160 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FBSR9BL.EXE
    + 2012-05-22 00:03 . 2004-02-17 13:10 98304 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FBAG9BL.DLL
    + 2012-05-22 00:03 . 2004-03-03 15:00 98304 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FATI9BL.EXE
    + 2012-05-22 00:03 . 2004-02-18 15:02 94208 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FASK9BL.DLL
    + 2012-05-22 00:03 . 2004-03-02 15:05 81920 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FARN9BL.EXE
    + 2012-05-22 00:03 . 2004-03-17 13:00 56832 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FAIR9BL.DLL
    + 2010-03-17 21:15 . 2010-03-17 21:15 80208 c:\windows\system32\mfcm100.dll
    + 2010-03-17 21:15 . 2010-03-17 21:15 60752 c:\windows\system32\mfc100rus.dll
    + 2010-03-17 21:15 . 2010-03-17 21:15 43344 c:\windows\system32\mfc100kor.dll
    + 2010-03-17 21:15 . 2010-03-17 21:15 43856 c:\windows\system32\mfc100jpn.dll
    + 2010-03-17 21:15 . 2010-03-17 21:15 62288 c:\windows\system32\mfc100ita.dll
    + 2010-03-17 21:15 . 2010-03-17 21:15 64336 c:\windows\system32\mfc100fra.dll
    + 2010-03-17 21:15 . 2010-03-17 21:15 63824 c:\windows\system32\mfc100esn.dll
    + 2010-03-17 21:15 . 2010-03-17 21:15 55120 c:\windows\system32\mfc100enu.dll
    + 2010-03-17 21:15 . 2010-03-17 21:15 64336 c:\windows\system32\mfc100deu.dll
    + 2010-03-17 21:15 . 2010-03-17 21:15 36176 c:\windows\system32\mfc100cht.dll
    + 2010-03-17 21:15 . 2010-03-17 21:15 36176 c:\windows\system32\mfc100chs.dll
    + 2012-05-20 23:39 . 2012-05-20 23:39 11264 c:\windows\assembly\GAC_MSIL\cli_basetypes\1.0.19.0__ce2cb7e279207b9e\cli_basetypes.dll
    + 2012-05-20 23:40 . 2012-05-20 23:40 63488 c:\windows\assembly\GAC_32\cli_cppuhelper\1.0.22.0__ce2cb7e279207b9e\cli_cppuhelper.dll
    + 2009-06-22 03:07 . 2003-11-17 12:00 6289 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\EPUPDATE.DAT
    + 2012-05-22 00:03 . 2004-03-23 15:10 2696 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FAIF9BL.DAT
    + 2012-05-20 23:40 . 2012-05-20 23:40 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_uretypes\8.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_uretypes.dll
    + 2012-05-20 23:40 . 2012-05-20 23:40 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_ure\22.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_ure.dll
    + 2012-05-20 23:41 . 2012-05-20 23:41 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_oootypes\8.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_oootypes.dll
    + 2012-05-20 23:40 . 2012-05-20 23:40 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_basetypes\19.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_basetypes.dll
    + 2012-05-20 23:40 . 2012-05-20 23:40 7680 c:\windows\assembly\GAC_MSIL\cli_ure\1.0.22.0__ce2cb7e279207b9e\cli_ure.dll
    + 2012-05-20 23:41 . 2012-05-20 23:41 3072 c:\windows\assembly\GAC_32\policy.1.0.cli_cppuhelper\22.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_cppuhelper.dll
    + 2008-04-10 16:32 . 2008-04-10 16:32 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_71382c73\msvcr90.dll
    + 2008-04-10 16:32 . 2008-04-10 16:32 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_71382c73\msvcp90.dll
    + 2008-04-10 10:52 . 2008-04-10 10:52 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_71382c73\msvcm90.dll
    + 2007-11-06 14:19 . 2007-11-06 14:19 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_312cf0e9\atl90.dll
    + 2012-05-21 23:52 . 1997-06-22 13:03 126944 c:\windows\TWAIN\CALIBRAT\EPPRNCAL.EXE
    - 2009-06-22 03:07 . 2004-02-05 01:05 122880 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\SAGENT4.EXE
    + 2009-06-22 03:07 . 2004-02-04 13:05 122880 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\SAGENT4.EXE
    + 2009-06-22 03:07 . 2004-02-02 18:05 675840 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\EPUPDATE.EXE
    - 2009-06-22 03:07 . 2004-02-03 06:05 675840 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\EPUPDATE.EXE
    + 2012-05-22 00:03 . 2004-03-28 17:00 404240 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FUIC9BL.DLL
    + 2012-05-22 00:03 . 2004-01-19 16:00 509952 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FPRU9BL.DLL
    + 2012-05-22 00:03 . 2004-01-28 16:00 145408 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FPRE9BL.EXE
    + 2012-05-22 00:03 . 2004-01-28 16:00 421376 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FJBC9BL.DLL
    + 2012-05-22 00:03 . 2004-03-17 20:00 142848 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FHUT9BL.DLL
    + 2012-05-22 00:03 . 2004-03-02 16:00 218624 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FHT09BL.DLL
    + 2012-05-22 00:03 . 2004-03-17 16:00 336896 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FHM09BL.DLL
    + 2012-05-22 00:01 . 2004-04-28 13:01 605184 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FHBR9BL.DLL
    + 2012-05-22 00:03 . 2004-01-28 16:00 315392 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FCON9BL.DLL
    + 2012-05-22 00:03 . 2004-02-26 17:01 192512 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FBLP9BL.DLL
    + 2012-05-22 00:03 . 2004-03-02 16:20 155648 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FBIN9BL.EXE
    + 2012-05-22 00:03 . 2004-02-04 17:00 159744 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FBAP9BL.DLL
    + 2012-05-22 00:01 . 2004-05-10 15:10 385024 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FASR9BL.DLL
    + 2012-05-22 00:03 . 2004-04-04 15:10 331776 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FAPR9BL.DLL
    + 2012-05-22 00:03 . 2004-03-02 15:07 110592 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FAMT9BL.EXE
    + 2012-05-22 00:03 . 2004-04-01 15:13 192512 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FAMD9BL.EXE
    + 2012-05-22 00:19 . 2012-05-22 00:19 151552 c:\windows\Installer\b29b1a.msi
    + 2012-05-20 23:38 . 2012-05-20 23:38 228864 c:\windows\Installer\2b4682.msi
    + 2012-05-20 23:40 . 2012-05-20 23:40 118784 c:\windows\assembly\GAC_MSIL\cli_uretypes\1.0.8.0__ce2cb7e279207b9e\cli_uretypes.dll
    + 2012-05-20 23:41 . 2012-05-20 23:41 905216 c:\windows\assembly\GAC_MSIL\cli_oootypes\1.0.8.0__ce2cb7e279207b9e\cli_oootypes.dll
    + 2008-04-10 16:32 . 2008-04-10 16:32 3783160 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_421e9f78\mfc90u.dll
    + 2008-04-10 16:32 . 2008-04-10 16:32 3767288 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_421e9f78\mfc90.dll
    + 2012-05-22 00:01 . 2004-05-25 14:01 1077248 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FUIR9BL.DLL
    + 2012-05-22 00:01 . 2004-05-23 16:00 1182208 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FSR09BL.DLL
    + 2010-03-17 21:15 . 2010-03-17 21:15 4342088 c:\windows\system32\mfc100.dll
    + 2004-04-01 22:44 . 2012-05-21 21:10 3614368 c:\windows\system32\FNTCACHE.DAT
    + 2012-05-20 23:42 . 2012-05-20 23:42 3105280 c:\windows\Installer\2b46a8.msi
    + 2011-07-11 08:43 . 2011-07-11 08:43 11641344 c:\windows\Installer\75d9e.msp
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-01 3905920]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-28 88363]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
    2009-06-26 04:52 68592 -c--a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-12-07 12:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\tixati\\tixati.exe"=
    "c:\\WINDOWS\\system32\\msiexec.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    .
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/09/2010 3:52 PM 721904]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/07/2011 4:27 AM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [13/07/2011 9:55 AM 67664]
    R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [11/09/2010 3:51 PM 85760]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 11:38 AM 116608]
    R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12/07/2010 3:33 AM 30432]
    R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2/04/2004 2:12 AM 152576]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/11/2010 11:39 AM 136176]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29/02/2012 7:50 AM 158856]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/11/2010 11:39 AM 136176]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-16 c:\windows\Tasks\expressburnShakeIcon.job
    - c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2011-03-23 06:57]
    .
    2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 23:38]
    .
    2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 23:38]
    .
    2012-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1918235205-1724217292-322963331-1003.job
    - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-24 21:39]
    .
    2012-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2596039655-1110919557-3213181978-1003Core.job
    - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-24 21:39]
    .
    2012-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2596039655-1110919557-3213181978-1003UA.job
    - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-24 21:39]
    .
    2012-05-22 c:\windows\Tasks\User_Feed_Synchronization-{0D08D22A-D2EC-49FA-8583-9999B4002DC0}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-07 16:31]
    .
    2012-04-02 c:\windows\Tasks\videopadShakeIcon.job
    - c:\program files\NCH Software\VideoPad\videopad.exe [2012-04-01 05:36]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://www.trademe.co.nz/
    uDefault_Search_URL = hxxp://www.google.com
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_NZ&c=Q304&bd=pavilion&pf=desktop
    mWindow Title =
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = localhost
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
    TCP: DhcpNameServer = 10.1.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    HKLM-Run-EPSON Stylus CX3500 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9BL.EXE
    MSConfigStartUp-EPSON Stylus CX3500 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE
    AddRemove-Spyware Terminator_is1 - c:\program files\Spyware Terminator\unins000.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2012-05-22 18:24
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PCDRSRVC]
    "ImagePath"="system32\drivers\PCDRSRVC.pkms"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(932)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(3928)
    c:\windows\system32\WININET.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\igfxpph.dll
    c:\windows\system32\hccutils.DLL
    c:\windows\system32\igfxres.dll
    c:\windows\system32\igfxsrvc.dll
    c:\windows\system32\igfxdev.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\AGRSMMSG.exe
    c:\progra~1\Microsoft ActiveSync\rapimgr.exe
    c:\windows\SoftwareDistribution\Download\Install\NDP20SP2-KB2572073-x86.exe
    c:\1540017b0bee09accfff07e45226\HotFixInstaller.exe
    c:\windows\system32\msiexec.exe
    c:\windows\system32\MsiExec.exe
    c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    .
    **************************************************************************
    .
    Completion time: 2012-05-22 18:36:09 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-05-22 06:36
    .
    Pre-Run: 13,608,660,992 bytes free
    Post-Run: 13,875,191,808 bytes free
    .
    - - End Of File - - 522C7EAE51212AEB0ED589F6B6DE4452

    MBAM


    Malwarebytes Anti-Malware 1.61.0.1400

    Database version: v2012.05.22.03

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Owner :: YOUR-FK3WZJTN19 [administrator]

    23/05/2012 11:53:29 AM
    mbam-log-2012-05-23 (11-53-29).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 209334
    Time elapsed: 14 minute(s), 54 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    NO threats found in the ESET scan, wasn't able to retrieve a log either. Have installed Avira as well and the comp seems to be in tip-top shape!
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

  9. #9
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello, xtrakt.
    Congratulations! You now appear clean!

    Are things running okay? Do you have any more questions?


    Uninstall Combofix
    • Make sure that Combofix.exe that you downloaded is on your Desktop but Do not run it!
      o *If it is not on your Desktop, the below will not work.
    • Click on then Run....
    • Now copy & paste the green bolded text in the run-box and click OK.

      ComboFix /Uninstall



      <Notice the space between the "x" and "/".> <--- It needs to be there
      Windows Vista users: Press the Windows Key + R to bring the Run... Command and then from there you can add in the Combofix /Uninstall

    • Please advise if this step is missed for any reason as it performs some important actions:
      "This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
      It also makes a clean Restore Point and flashes all the old restore points in order to prevent possible reinfection from an old one through system restore".





    System Still Slow?
    You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
    If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

    We Need to Clean Up Our Mess
    • Download OTC by OldTimer and save it to your desktop.
    • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
    • Then Click the big button.
    • You will get a prompt saying "Being Cleanup Process". Please select Yes.
    • Restart your computer when prompted.




    One of the most common questions found when cleaning malware is "how did my machine get infected?"

    There are a variety of reasons, but the most common ones are that you are not practicing Safe Internet, you are not running the proper security software or that your computer's security settings are set too low.

    Below I have outlined a series of categories that outline how you can increase the security of your computer to help reduce the chance of being infected again in the future.

    Do not use P2P programs
    Peer-to-peer or file-sharing programs (such as uTorrent, Limewire and Bitorrent) are probably the primary route of infection nowadays. These programs allow file sharing between users as the name(s) suggest. It is almost impossible to know whether the file you’re downloading through P2P programs is safe.

    It is therefore possible to be infected by downloading infected files via peer-to-peer programs and so I recommend that you do not use these programs. Should you wish to use them, they must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

    In addition, P2P programs facilitate cyber crime and help distribute pirated software, movies and other illegal material.

    Practice Safe Internet
    Another one of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will.

    Below are a list of simple precautions to take to keep your computer clean and running securely:
    1. If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
    2. If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
    3. If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know who is themselves infected with malware which is trying to infect everyone in their address book. A key thing to look out for here is: does the email sound as though it’s from the person you know? Often, the email may simply have a web link or a “Run this file to make your PC run fast” message in it.
    4. If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of pop-ups, or Foistware, you should read this article: Foistware, And how to avoid it.
      There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. Removal instructions for a lot of these "rogues" can be found here.
    5. Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you, or will download a file to your PC without your knowledge. You can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake. DO NOT click on these windows, instead close them by finding the open window on your Taskbar, right click and chose close.
    6. Do not visit pornographic websites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do, as this can often form part of their funding.
    7. When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link you should message back to the person asking if it is legit.
    8. Stay away from Warez and Crack sites! As with Peer-2-Peer programs, in addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
    9. Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download files from a site, and are not sure if they are legitimate, you can use tools such as BitDefender Traffic Light, Norton Safe Web, or McAfee SiteAdvisor to look up info on the site and stay protected against malicious sites. Please be sure to only choose and install one of those tool bars.
    10. DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.
      Sometimes even legitimate programs will try to bundle extra, unwanted, software with the program you want - this is done to raise money for the program. Be sure to untick any boxes which may indicate that other programs will be downloaded.


    Keep Windows up-to-date
    Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure.

    • Windows XP users
      You should visit Windows Update to check for the latest updates to your system. The latest service pack (SP3) can be obtained directly from Microsoft here.
    • Windows Vista users
      You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP2) can be obtained directly from Microsoft here.
    • Windows 7 users
      You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP1) can be obtained directly from Microsoft here



    Keep your browser secure
    Most modern browsers have come on in leaps and bounds with their inbuilt, default security. The best way to keep your browser secure nowadays is simply to keep it up-to-date.

    The latest versions of the three common browsers can be found below:


    Use an AntiVirus Software
    It is very important that your computer has an up-to-date anti-virus software on it which has a real-time agent running. This alone can save you a lot of trouble with malware in the future.
    See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources, a couple of free Anti-Virus programs you may be interested in are Microsoft Security Essentials and Avast.

    It is imperative that you update your Antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

    Use a Firewall
    I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

    All versions of Windows starting from XP have an in-built firewall. With Windows XP this firewall will protect you from incoming traffic (i.e. hackers). Starting with Windows Vista, the firewall was beefed up to also protect you against outgoing traffic (i.e. malicious programs installed on your machine should be blocked from sending data, such as your bank details and passwords, out).

    In addition, if you connect to the internet via a router, this will normally have a firewall in-built.

    Some people will recommend installing a different firewall (instead of the Windows’ built one), this is personal choice, but the message is to definitely have one! For a tutorial on Firewalls and a listing of some available ones see this link: Understanding and Using Firewalls

    Install an Anti-Malware program
    Recommended, and free, Anti-Malware programs are Malwarebytes Anti-Malware and SuperAntiSpyware.

    You should regularly (perhaps once a week) scan your computer with an Anti-Malware program just as you would with an antivirus software.

    Make sure your applications have all of their updates
    It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is very important to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities (such as Adobe Reader and Java). You can check these by visiting Secunia Software Inspector.

    Follow this list and your potential for being infected again will reduce dramatically.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  10. #10
    Member
    Join Date
    Feb 2010
    Posts
    126
    Points
    1

    Default

    Thanks a million EVERYONE!

Page 1 of 2 12 LastLast