LinkBack URL
About LinkBacks- 05-15-2012 06:53 AM #1Member
- Join Date
- Feb 2010
- Posts
- 68
- Points
- 1
Unable to open / install ANY anti-virus app / prog (Super + Mal + HJT log/s includ.)
SuperAntiSpyware
SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!
Generated 05/15/2012 at 10:41 PM
Application Version : 5.0.1148
Core Rules Database Version : 8595
Trace Rules Database Version: 6407
Scan type : Complete Scan
Total Scan Time : 02:01:53
Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 429
Memory threats detected : 0
Registry items scanned : 35163
Registry threats detected : 5
File items scanned : 60388
File threats detected : 65
PUP.MyWebSearch/FunWebProducts
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
Adware.Tracking Cookie
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLACONTROL\PROFILES\MOZILLACONTROL\SY662SH0.SLT\COOKIES.TXT ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLACONTROL\PROFILES\MOZILLACONTROL\SY662SH0.SLT\COOKIES.TXT ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLACONTROL\PROFILES\MOZILLACONTROL\SY662SH0.SLT\COOKIES.TXT ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLACONTROL\PROFILES\MOZILLACONTROL\SY662SH0.SLT\COOKIES.TXT ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLACONTROL\PROFILES\MOZILLACONTROL\SY662SH0.SLT\COOKIES.TXT ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLACONTROL\PROFILES\MOZILLACONTROL\SY662SH0.SLT\COOKIES.TXT ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.trackamps.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Online Slots Finder - Your guide to online slots [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserver.kylemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
7.rotator.wigetmedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
7.rotator.wigetmedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Malwarebytes
Malwarebytes Anti-Malware 1.61.0.1400
Malwarebytes : Free anti-malware, anti-virus and spyware removal download
Database version: v2012.05.09.02
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: YOUR-FK3WZJTN19 [administrator]
15/05/2012 8:00:48 PM
mbam-log-2012-05-15 (20-00-48).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 106666
Time elapsed: 3 hour(s), 47 minute(s), 18 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
HJT
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:53:20 PM, on 15/05/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\PROGRA~1\Microsoft ActiveSync\rapimgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: ÿþ# Copyright (c) 1993-2009 Microsoft Corp.
O2 - BHO: &Crawler Toolbar Helper - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: ???????@Mail.Ru - {8984B388-A5BB-4DF7-B274-77B879E179DB} - (no file)
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SpywareTerminator2012Setup] C:\Documents and Settings\All Users\Application Data\SpywareTerminator2012Upgrade\ST2012UpgradeSetup.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Rbuouf] C:\Documents and Settings\Owner\Application Data\Rbuouf.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe (file missing)
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
--
End of file - 7864 bytes
I have removed all the infected finding/s. Awaiting further instruction if needed. Thanks to the experts in advance
- 05-16-2012 09:12 PM #2Member
- Join Date
- Apr 2009
- Location
- Cloud 9
- Posts
- 2,324
- Points
- 394
Hello extrakt and welcome to Help2Go
We apologize for the delay in responding to your request for help. Here at Help2Go we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
Please take note:
- If you have since resolved the original problem you were having, we would appreciate you letting us know.
- If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
- If you are unsure about any of these characteristics just post what you can and we will guide you.
- Please tell us if you have your original Windows CD/DVD available.
- If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
- If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
- Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
- If you have already posted a DDS log, please do so again, as your situation may have changed.
- Use the 'Add Reply and add the new log to this thread.
* We need to see some information about what is happening in your machine. Please perform the following scans and our expert will be with you as soon as possible. Thank you for being so patient in your time of need:
DDS
Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
* When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt
Save both reports to your desktop post the contents of the DDS.txt log. Save the other report incase I need to look at it later.
GMER
Please download GMER from one of the following locations and save it to your desktop:
- Main Mirror
This version will download a randomly named file (Recommended) - Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
- Disconnect from the Internet and close all running programs.
- Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
- Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
- Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
- GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
- If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
- Now click the Scan button. If you see a rootkit warning window, click OK.
- When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
- Click the Copy button and paste the results into your next reply.
- Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe ModeLast edited by DonnaB; 05-16-2012 at 09:22 PM.
I am currently taking a degree in Malware Removal, and during this time, it is not appropriate for me to offer any assistance in the analysis of or the removal of Malware. Thank you for understanding.
If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.
If your problem is solved, here's how to say thanks!
Very proud parent of a U.S. Navy C.B.
"People may forget what you say,
People may forget what you did,
but People will never forget how you made them feel!"
Gateway ML6714 Laptop
Genuine Intel(R) CPU T2080 @1.73GHz
2.00 GB 32-bit
Windows Vista Home Premium SP2
Firefox, IE8
- 05-17-2012 10:35 PM #3Member
- Join Date
- Feb 2010
- Posts
- 68
- Points
- 1
Hey there Donna,
Here are the logs / results you requested below.
DDS
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 12:33:29 on 2012-05-18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.416 [GMT 12:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\rundll32.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_NZ&c=Q304&bd=pavilion&pf=desktop
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
mURLSearchHooks: H - No File
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: {8984B388-A5BB-4DF7-B274-77B879E179DB} - No File
BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SpywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe"
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Search the Web - c:\program files\sweetim\toolbars\internet explorer\resources\menuext.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\microsoft activesync\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\microsoft activesync\INetRepl.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.1.1.1
TCP: Interfaces\{AF735C98-84D2-4792-B90A-0E7179D8BBDD} : DhcpNameServer = 10.1.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 298448]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2011-7-7 142592]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [2010-9-11 85760]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2010-9-10 3210176]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-9-3 6104144]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2004-4-2 152576]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-9-10 265400]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-29 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\toolbarbroker.exe --> c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-29 136176]
.
=============== Created Last 30 ================
.
2012-05-16 04:54:38 -------- d-----w- C:\8d0e81301c2bcfc3f949b2943302
2012-05-16 04:29:13 388096 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-05-16 04:21:13 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-05-16 04:21:12 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-16 04:15:14 -------- d-----w- c:\documents and settings\owner\application data\Spyware Terminator
2012-05-16 04:15:14 -------- d-----w- c:\documents and settings\all users\application data\Spyware Terminator
2012-05-16 04:15:10 -------- d-----w- c:\program files\Spyware Terminator
2012-05-16 04:15:07 -------- d-----w- c:\program files\WinClamAVShield
2012-05-16 00:47:00 -------- d-----w- c:\documents and settings\owner\application data\ElevatedDiagnostics
2012-05-15 08:36:53 -------- d-----w- c:\documents and settings\owner\application data\SUPERAntiSpyware.com
2012-05-15 08:36:18 -------- d-----w- c:\program files\Trend Micro
2012-05-15 08:35:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-15 08:35:02 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-05-13 02:49:52 -------- d-----w- c:\program files\Crawler
2012-05-11 03:09:46 -------- d-----w- c:\program files\common files\Java(2)
2012-05-11 03:07:18 -------- d-----w- c:\program files\Oracle
2012-05-11 03:06:53 -------- d-----w- c:\documents and settings\owner\local settings\application data\Sun
2012-05-07 08:35:09 -------- d-----w- c:\program files\Blip Blop
2012-05-07 08:14:30 -------- d-----w- c:\program files\Westbang
2012-04-30 12:28:21 -------- d-----w- c:\windows\Desktop
2012-04-30 02:43:55 -------- d-----w- c:\documents and settings\owner\application data\OpenOffice.org
2012-04-30 01:31:15 -------- d-----w- c:\program files\OpenOffice.org 3
2012-04-30 01:28:09 -------- d-----w- c:\program files\OpenOffice.org 3.3 (en-US) Installation Files
2012-04-27 00:05:34 110080 ------w- c:\documents and settings\owner\application data\Rbuouf.exe
2012-04-22 03:02:44 -------- d-----w- c:\documents and settings\all users\application data\Premium
2012-04-22 03:01:46 -------- d-----w- c:\documents and settings\all users\application data\ADDICT-THING
2012-04-22 03:00:26 -------- d-----w- c:\documents and settings\all users\application data\InstallMate
2012-04-18 05:15:26 772248 ----a-w- c:\windows\system32\msvcr100.dll
2012-04-18 05:15:26 -------- d-----w- c:\program files\common files\DVDVideoSoft
2012-04-18 05:15:25 419480 ----a-w- c:\windows\system32\msvcp100.dll
2012-04-18 05:15:24 136344 ----a-w- c:\windows\system32\atl100.dll
2012-04-18 05:15:23 80024 ----a-w- c:\windows\system32\mfcm100u.dll
2012-04-18 05:15:22 4421272 ----a-w- c:\windows\system32\mfc100u.dll
2012-04-18 05:14:38 -------- d-----w- c:\documents and settings\owner\application data\DVDVideoSoft
.
==================== Find3M ====================
.
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10:58 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35:52 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 03:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 12:35:58.31 ===============
GMER
GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2012-05-18 15:31:35
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5 ST340015A rev.3.15
Running: myc4nkwi.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kfpdyfod.sys
---- System - GMER 1.0.15 ----
SSDT spoz.sys ZwCreateKey [0xF74D60E0]
SSDT spoz.sys ZwEnumerateKey [0xF74F4DA4]
SSDT spoz.sys ZwEnumerateValueKey [0xF74F5132]
SSDT spoz.sys ZwOpenKey [0xF74D60C0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xAFD296C0]
SSDT spoz.sys ZwQueryKey [0xF74F520A]
SSDT spoz.sys ZwQueryValueKey [0xF74F508A]
SSDT spoz.sys ZwSetValueKey [0xF74F529C]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAF843640]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xAFD29810]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xAFD298B0]
INT 0x62 ? 8A5B8BF8
INT 0x82 ? 8A5B8BF8
INT 0x83 ? 8A251BF8
INT 0xA4 ? 8A251BF8
INT 0xB4 ? 8A251BF8
---- Kernel code sections - GMER 1.0.15 ----
? spoz.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B94018AC 5 Bytes JMP 8A2511D8
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A54C5E0
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7507D4C] spoz.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7507DA0] spoz.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D7042] spoz.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D713E] spoz.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D70C0] spoz.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D7800] spoz.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D76D6] spoz.sys
IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A2512D8
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74E6E9C] spoz.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A5B71F8
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
Device \FileSystem\Fastfat \FatCdrom 8A26A500
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbuhci \Device\USBPDO-0 8A3C01F8
Device \Driver\usbuhci \Device\USBPDO-1 8A3C01F8
Device \Driver\usbuhci \Device\USBPDO-2 8A3C01F8
Device \Driver\usbehci \Device\USBPDO-3 8A2421F8
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A54A1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{AF735C98-84D2-4792-B90A-0E7179D8BBDD} 8A05E1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A54A1F8
Device \Driver\atapi \Device\Ide\IdePort0 [F7849B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7849B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 [F7849B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A05E1F8
Device \Driver\NetBT \Device\NetbiosSmb 8A05E1F8
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\USBSTOR \Device\0000006a 89FD51F8
Device \Driver\USBSTOR \Device\0000006c 89FD51F8
Device \Driver\usbuhci \Device\USBFDO-0 8A3C01F8
Device \Driver\USBSTOR \Device\0000006d 89FD51F8
Device \Driver\usbuhci \Device\USBFDO-1 8A3C01F8
Device \Driver\USBSTOR \Device\0000006e 89FD51F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A026500
Device \Driver\usbuhci \Device\USBFDO-2 8A3C01F8
Device \Driver\USBSTOR \Device\0000006f 89FD51F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A026500
Device \Driver\usbehci \Device\USBFDO-3 8A2421F8
Device \Driver\Ftdisk \Device\FtControl 8A54A1F8
Device \FileSystem\Fastfat \Fat 8A26A500
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1
---- EOF - GMER 1.0.15 ----
- 05-19-2012 12:04 PM #4Member Spyware Fighter
- Join Date
- Jun 2010
- Location
- Bement,Ill USA
- Posts
- 1,132
- Points
- 104
Hello,
Can you please run the following tools and post there results.
1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
- Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator. - If TDSSKiller does not run, try renaming it.
- To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
- Click the Start Scan button.
- Do not use the computer during the scan
- If the scan completes with nothing found, click Close to exit.
- If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
- Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed. - A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C
. - Copy and paste the contents of that file in your next reply.
2.
Install Recovery Console and Run ComboFix
This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.
Download Combofix from any of the links below, and save it to your desktop.
Link 1
Link 2
- Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
- Close any open windows, including this one.
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- If you did not have it installed, you will see the prompt below. Choose YES.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
- Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
- Click on Yes, to continue scanning for malware.
- When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
ComboFix will restart your computer if malware is found; allow it to do so.
Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
Things to include in your next reply::
TdssKiller log
Combofix.txt
How is your machine running now?" Extinguishing Malware from the world"
The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-
- 05-20-2012 06:22 PM #5Member
- Join Date
- Feb 2010
- Posts
- 68
- Points
- 1
COMBOFIX
ComboFix 12-05-20.01 - Owner 20/05/2012 20:59:08.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.646 [GMT 12:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\38C
c:\documents and settings\All Users\Application Data\38C\{851C74B1-9B9B-4815-877C-D2F209EA81C2}.swf
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Guest\WINDOWS
c:\documents and settings\Owner\Application Data\Rbuouf.exe
c:\documents and settings\Owner\WINDOWS
c:\windows\desktop
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\ps2.bat
c:\windows\system32\SET319.tmp
c:\windows\system32\SET31A.tmp
c:\windows\system32\SET31E.tmp
c:\windows\system32\SET31F.tmp
c:\windows\system32\SET320.tmp
c:\windows\system32\SET324.tmp
c:\windows\system32\SET326.tmp
c:\windows\system32\SET55.tmp
c:\windows\system32\SET59.tmp
c:\windows\system32\SET61.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-04-20 to 2012-05-20 )))))))))))))))))))))))))))))))
.
.
2012-05-20 08:47 . 2012-05-20 08:47 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-16 04:54 . 2012-05-16 04:59 -------- d-----w- C:\8d0e81301c2bcfc3f949b2943302
2012-05-16 04:29 . 2012-05-16 04:29 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-16 04:21 . 2012-05-16 04:21 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-16 04:15 . 2012-05-16 04:26 -------- d-----w- c:\documents and settings\Owner\Application Data\Spyware Terminator
2012-05-16 04:15 . 2012-05-16 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2012-05-16 04:15 . 2012-05-16 04:27 -------- d-----w- c:\program files\Spyware Terminator
2012-05-16 04:15 . 2012-05-16 04:15 -------- d-----w- c:\program files\WinClamAVShield
2012-05-16 00:47 . 2012-05-16 00:47 -------- d-----w- c:\documents and settings\Owner\Application Data\ElevatedDiagnostics
2012-05-15 08:36 . 2012-05-15 08:36 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2012-05-15 08:36 . 2012-05-15 08:36 -------- d-----w- c:\program files\Trend Micro
2012-05-15 08:35 . 2012-05-16 04:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-15 08:35 . 2012-05-15 08:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-05-13 02:49 . 2012-05-16 04:16 -------- d-----w- c:\program files\Crawler
2012-05-11 03:09 . 2012-05-16 04:18 -------- d-----w- c:\program files\Common Files\Java(2)
2012-05-11 03:07 . 2012-05-11 03:07 -------- d-----w- c:\program files\Oracle
2012-05-11 03:06 . 2012-05-11 03:06 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Sun
2012-05-07 08:35 . 2012-05-16 04:19 -------- d-----w- c:\program files\Blip Blop
2012-05-07 08:14 . 2012-05-16 04:19 -------- d-----w- c:\program files\Westbang
2012-04-30 02:43 . 2012-04-30 02:43 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org
2012-04-30 01:31 . 2012-05-16 04:19 -------- d-----w- c:\program files\OpenOffice.org 3
2012-04-22 03:02 . 2012-04-22 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Premium
2012-04-22 03:01 . 2012-04-22 05:44 -------- d-----w- c:\documents and settings\All Users\Application Data\ADDICT-THING
2012-04-22 03:00 . 2012-04-22 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 13:12 . 2004-04-02 05:38 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10 . 2004-04-02 05:38 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35 . 2002-08-29 08:04 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 03:56 . 2010-10-11 02:22 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 03:43 . 2012-04-18 05:15 772248 ----a-w- c:\windows\system32\msvcr100.dll
2012-03-06 03:43 . 2012-04-18 05:15 419480 ----a-w- c:\windows\system32\msvcp100.dll
2012-03-06 03:43 . 2012-04-18 05:15 136344 ----a-w- c:\windows\system32\atl100.dll
2012-03-06 03:43 . 2012-04-18 05:15 80024 ----a-w- c:\windows\system32\mfcm100u.dll
2012-03-06 03:43 . 2012-04-18 05:15 4421272 ----a-w- c:\windows\system32\mfc100u.dll
2012-03-01 11:01 . 2004-05-19 04:52 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-05-19 04:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-03-01 11:01 . 2004-01-21 13:16 916992 ----a-w- c:\windows\system32\wininet.dll
2012-02-29 14:10 . 2004-05-19 04:12 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-04-02 05:37 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2009-06-22 02:08 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-01 3905920]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-28 88363]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2011-07-06 2216960]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3500 Series]
2004-03-04 03:00 98304 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATI9BP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2009-06-26 04:52 68592 -c--a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-07 12:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\tixati\\tixati.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 3:27 PM 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7/09/2010 2:48 AM 26064]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/09/2010 3:52 PM 721904]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/09/2010 2:48 AM 249424]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/09/2010 2:49 AM 298448]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/07/2011 4:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [13/07/2011 9:55 AM 67664]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [7/07/2011 11:18 AM 142592]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [11/09/2010 3:51 PM 85760]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 11:38 AM 116608]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12/07/2010 3:33 AM 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 8:42 PM 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 8:42 PM 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 8:42 PM 26192]
R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2/04/2004 2:12 AM 152576]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe [10/09/2010 12:45 AM 3210176]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [3/09/2010 9:35 AM 6104144]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [10/09/2010 12:45 AM 265400]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/11/2010 11:39 AM 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29/02/2012 7:50 AM 158856]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12/07/2010 3:33 AM 30432]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/11/2010 11:39 AM 136176]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-16 c:\windows\Tasks\expressburnShakeIcon.job
- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2011-03-23 06:57]
.
2012-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 23:38]
.
2012-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 23:38]
.
2012-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1918235205-1724217292-322963331-1003.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-24 21:39]
.
2012-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2596039655-1110919557-3213181978-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-24 21:39]
.
2012-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2596039655-1110919557-3213181978-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-24 21:39]
.
2012-05-20 c:\windows\Tasks\User_Feed_Synchronization-{0D08D22A-D2EC-49FA-8583-9999B4002DC0}.job
- c:\windows\system32\msfeedssync.exe [2009-03-07 16:31]
.
2012-04-02 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2012-04-01 05:36]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_NZ&c=Q304&bd=pavilion&pf=desktop
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 10.1.1.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
MSConfigStartUp-CTFMON - (no file)
MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-05-20 21:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PCDRSRVC]
"ImagePath"="system32\drivers\PCDRSRVC.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(760)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2012-05-20 21:13:11
ComboFix-quarantined-files.txt 2012-05-20 09:12
.
Pre-Run: 13,980,520,448 bytes free
Post-Run: 14,073,237,504 bytes free
.
- - End Of File - - 6BE6787D64FA504D9658A021B9085E65
TDSSKILLER
20:46:00.0515 2024 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
20:46:01.0609 2024 ============================================================
20:46:01.0609 2024 Current date / time: 2012/05/20 20:46:01.0609
20:46:01.0609 2024 SystemInfo:
20:46:01.0609 2024
20:46:01.0609 2024 OS Version: 5.1.2600 ServicePack: 3.0
20:46:01.0609 2024 Product type: Workstation
20:46:01.0609 2024 ComputerName: YOUR-FK3WZJTN19
20:46:01.0609 2024 UserName: Owner
20:46:01.0609 2024 Windows directory: C:\WINDOWS
20:46:01.0609 2024 System windows directory: C:\WINDOWS
20:46:01.0609 2024 Processor architecture: Intel x86
20:46:01.0609 2024 Number of processors: 1
20:46:01.0609 2024 Page size: 0x1000
20:46:01.0609 2024 Boot type: Normal boot
20:46:01.0609 2024 ============================================================
20:46:07.0187 2024 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1431, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
20:46:07.0328 2024 ============================================================
20:46:07.0328 2024 \Device\Harddisk0\DR0:
20:46:07.0375 2024 MBR partitions:
20:46:07.0375 2024 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x830B41
20:46:07.0375 2024 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x830B80, BlocksNum 0x4254780
20:46:07.0375 2024 ============================================================
20:46:07.0562 2024 C: <-> \Device\Harddisk0\DR0\Partition1
20:46:07.0609 2024 D: <-> \Device\Harddisk0\DR0\Partition0
20:46:07.0609 2024 ============================================================
20:46:07.0609 2024 Initialize success
20:46:07.0609 2024 ============================================================
20:46:17.0609 3564 ============================================================
20:46:17.0609 3564 Scan started
20:46:17.0609 3564 Mode: Manual;
20:46:17.0609 3564 ============================================================
20:46:18.0328 3564 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
20:46:18.0375 3564 !SASCORE - ok
20:46:18.0828 3564 Abiosdsk - ok
20:46:18.0859 3564 abp480n5 - ok
20:46:18.0953 3564 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:46:19.0031 3564 ACPI - ok
20:46:19.0093 3564 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:46:19.0093 3564 ACPIEC - ok
20:46:19.0109 3564 adpu160m - ok
20:46:19.0218 3564 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:46:19.0250 3564 aec - ok
20:46:19.0375 3564 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:46:19.0406 3564 AFD - ok
20:46:19.0750 3564 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
20:46:20.0046 3564 AgereSoftModem - ok
20:46:20.0062 3564 Aha154x - ok
20:46:20.0078 3564 aic78u2 - ok
20:46:20.0093 3564 aic78xx - ok
20:46:20.0250 3564 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
20:46:20.0359 3564 ALCXSENS - ok
20:46:21.0000 3564 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
20:46:21.0703 3564 ALCXWDM - ok
20:46:22.0484 3564 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
20:46:22.0484 3564 Alerter - ok
20:46:22.0562 3564 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
20:46:22.0578 3564 ALG - ok
20:46:22.0640 3564 AliIde - ok
20:46:22.0656 3564 amsint - ok
20:46:22.0671 3564 AppMgmt - ok
20:46:22.0750 3564 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:46:22.0765 3564 Arp1394 - ok
20:46:22.0781 3564 asc - ok
20:46:22.0796 3564 asc3350p - ok
20:46:22.0812 3564 asc3550 - ok
20:46:23.0109 3564 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:46:23.0156 3564 aspnet_state - ok
20:46:23.0203 3564 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:46:23.0203 3564 AsyncMac - ok
20:46:23.0281 3564 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:46:23.0281 3564 atapi - ok
20:46:23.0296 3564 Atdisk - ok
20:46:23.0375 3564 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:46:23.0390 3564 Atmarpc - ok
20:46:23.0453 3564 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
20:46:23.0468 3564 AudioSrv - ok
20:46:23.0531 3564 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:46:23.0546 3564 audstub - ok
20:46:23.0671 3564 AVG Security Toolbar Service - ok
20:46:23.0718 3564 Avgfwdx (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
20:46:23.0718 3564 Avgfwdx - ok
20:46:23.0734 3564 Avgfwfd (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
20:46:23.0734 3564 Avgfwfd - ok
20:46:24.0984 3564 avgfws (5c54d8ec5b500886a7be12f742c7d5a5) C:\Program Files\AVG\AVG10\avgfws.exe
20:46:26.0109 3564 avgfws - ok
20:46:29.0187 3564 AVGIDSAgent (707520a45750c4f8300e7acb057ba69d) C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
20:46:31.0296 3564 AVGIDSAgent - ok
20:46:32.0468 3564 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
20:46:32.0531 3564 AVGIDSDriver - ok
20:46:32.0609 3564 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
20:46:32.0609 3564 AVGIDSEH - ok
20:46:32.0640 3564 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
20:46:32.0656 3564 AVGIDSFilter - ok
20:46:32.0687 3564 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
20:46:32.0687 3564 AVGIDSShim - ok
20:46:32.0828 3564 Avgldx86 (1119e5bec6e749e0d292f0f84d48edba) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
20:46:32.0937 3564 Avgldx86 - ok
20:46:33.0015 3564 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
20:46:33.0031 3564 Avgmfx86 - ok
20:46:33.0125 3564 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
20:46:33.0125 3564 Avgrkx86 - ok
20:46:33.0281 3564 Avgtdix (2fd3e3a57fb90679a3a83eeed0360cfd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
20:46:33.0375 3564 Avgtdix - ok
20:46:33.0593 3564 avgwd (5f05adb270102264db22bbbf5b85e507) C:\Program Files\AVG\AVG10\avgwdsvc.exe
20:46:33.0734 3564 avgwd - ok
20:46:33.0812 3564 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:46:33.0812 3564 Beep - ok
20:46:34.0015 3564 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
20:46:34.0250 3564 BITS - ok
20:46:34.0328 3564 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
20:46:34.0359 3564 Browser - ok
20:46:34.0421 3564 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:46:34.0421 3564 cbidf2k - ok
20:46:34.0500 3564 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:46:34.0500 3564 CCDECODE - ok
20:46:34.0515 3564 cd20xrnt - ok
20:46:34.0578 3564 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:46:34.0578 3564 Cdaudio - ok
20:46:34.0640 3564 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:46:34.0656 3564 Cdfs - ok
20:46:34.0703 3564 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:46:34.0718 3564 Cdrom - ok
20:46:34.0734 3564 Changer - ok
20:46:34.0796 3564 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
20:46:34.0812 3564 CiSvc - ok
20:46:34.0843 3564 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
20:46:34.0843 3564 ClipSrv - ok
20:46:34.0984 3564 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:46:35.0046 3564 clr_optimization_v2.0.50727_32 - ok
20:46:35.0062 3564 CmdIde - ok
20:46:35.0078 3564 COMSysApp - ok
20:46:35.0109 3564 Cpqarray - ok
20:46:35.0171 3564 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
20:46:35.0187 3564 CryptSvc - ok
20:46:35.0218 3564 dac2w2k - ok
20:46:35.0234 3564 dac960nt - ok
20:46:35.0421 3564 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:46:35.0609 3564 DcomLaunch - ok
20:46:35.0703 3564 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
20:46:35.0750 3564 Dhcp - ok
20:46:35.0812 3564 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:46:35.0812 3564 Disk - ok
20:46:35.0828 3564 dmadmin - ok
20:46:35.0953 3564 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:46:36.0031 3564 dmboot - ok
20:46:36.0093 3564 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:46:36.0140 3564 dmio - ok
20:46:36.0218 3564 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:46:36.0218 3564 dmload - ok
20:46:36.0296 3564 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
20:46:36.0296 3564 dmserver - ok
20:46:36.0359 3564 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:46:36.0375 3564 DMusic - ok
20:46:36.0437 3564 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
20:46:36.0453 3564 Dnscache - ok
20:46:36.0546 3564 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
20:46:36.0578 3564 Dot3svc - ok
20:46:36.0593 3564 dpti2o - ok
20:46:36.0625 3564 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:46:36.0625 3564 drmkaud - ok
20:46:36.0687 3564 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
20:46:36.0687 3564 EapHost - ok
20:46:36.0750 3564 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
20:46:36.0765 3564 ERSvc - ok
20:46:36.0843 3564 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:46:36.0890 3564 Eventlog - ok
20:46:37.0031 3564 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
20:46:37.0109 3564 EventSystem - ok
20:46:37.0203 3564 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:46:37.0250 3564 Fastfat - ok
20:46:37.0375 3564 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:46:37.0453 3564 FastUserSwitchingCompatibility - ok
20:46:37.0484 3564 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:46:37.0500 3564 Fdc - ok
20:46:37.0546 3564 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:46:37.0562 3564 Fips - ok
20:46:37.0625 3564 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:46:37.0625 3564 Flpydisk - ok
20:46:37.0718 3564 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:46:37.0750 3564 FltMgr - ok
20:46:37.0937 3564 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:46:37.0953 3564 FontCache3.0.0.0 - ok
20:46:38.0015 3564 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:46:38.0031 3564 Fs_Rec - ok
20:46:38.0093 3564 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:46:38.0125 3564 Ftdisk - ok
20:46:38.0187 3564 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:46:38.0187 3564 GEARAspiWDM - ok
20:46:38.0250 3564 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:46:38.0265 3564 Gpc - ok
20:46:38.0453 3564 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:46:38.0484 3564 gupdate - ok
20:46:38.0500 3564 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:46:38.0500 3564 gupdatem - ok
20:46:38.0625 3564 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:46:38.0640 3564 helpsvc - ok
20:46:38.0656 3564 HidServ - ok
20:46:38.0703 3564 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:46:38.0703 3564 HidUsb - ok
20:46:38.0781 3564 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
20:46:38.0796 3564 hkmsvc - ok
20:46:38.0812 3564 hpn - ok
20:46:38.0953 3564 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:46:39.0031 3564 HTTP - ok
20:46:39.0062 3564 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
20:46:39.0062 3564 HTTPFilter - ok
20:46:39.0078 3564 i2omgmt - ok
20:46:39.0093 3564 i2omp - ok
20:46:39.0140 3564 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:46:39.0156 3564 i8042prt - ok
20:46:39.0375 3564 ialm (0acebb31989cbf9a5663fe4a33d28d21) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:46:39.0546 3564 ialm - ok
20:46:39.0859 3564 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:46:40.0046 3564 idsvc - ok
20:46:40.0125 3564 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:46:40.0140 3564 Imapi - ok
20:46:40.0218 3564 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
20:46:40.0265 3564 ImapiService - ok
20:46:40.0296 3564 ini910u - ok
20:46:40.0343 3564 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:46:40.0343 3564 IntelIde - ok
20:46:40.0421 3564 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:46:40.0437 3564 intelppm - ok
20:46:40.0484 3564 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:46:40.0500 3564 ip6fw - ok
20:46:40.0562 3564 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:46:40.0578 3564 IpFilterDriver - ok
20:46:40.0640 3564 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:46:40.0640 3564 IpInIp - ok
20:46:40.0718 3564 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:46:40.0750 3564 IpNat - ok
20:46:41.0187 3564 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe
20:46:41.0484 3564 iPod Service - ok
20:46:41.0562 3564 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:46:41.0578 3564 IPSec - ok
20:46:41.0640 3564 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:46:41.0640 3564 IRENUM - ok
20:46:41.0703 3564 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:46:41.0718 3564 isapnp - ok
20:46:41.0750 3564 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:46:41.0765 3564 Kbdclass - ok
20:46:41.0843 3564 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:46:41.0890 3564 kmixer - ok
20:46:41.0953 3564 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:46:41.0968 3564 KSecDD - ok
20:46:42.0046 3564 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
20:46:42.0093 3564 lanmanserver - ok
20:46:42.0203 3564 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
20:46:42.0250 3564 lanmanworkstation - ok
20:46:42.0265 3564 lbrtfdc - ok
20:46:42.0343 3564 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
20:46:42.0359 3564 LmHosts - ok
20:46:42.0406 3564 LPDSVC (32933b07fc16d9f778bee12545fa1b1a) C:\WINDOWS\System32\tcpsvcs.exe
20:46:42.0406 3564 LPDSVC - ok
20:46:42.0468 3564 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
20:46:42.0484 3564 Messenger - ok
20:46:42.0531 3564 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:46:42.0531 3564 mnmdd - ok
20:46:42.0593 3564 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
20:46:42.0609 3564 mnmsrvc - ok
20:46:42.0656 3564 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:46:42.0671 3564 Modem - ok
20:46:42.0687 3564 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:46:42.0703 3564 Mouclass - ok
20:46:42.0750 3564 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:46:42.0750 3564 mouhid - ok
20:46:42.0796 3564 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:46:42.0796 3564 MountMgr - ok
20:46:42.0812 3564 mraid35x - ok
20:46:42.0875 3564 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:46:42.0953 3564 MRxDAV - ok
20:46:43.0156 3564 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:46:43.0343 3564 MRxSmb - ok
20:46:43.0390 3564 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
20:46:43.0406 3564 MSDTC - ok
20:46:43.0453 3564 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:46:43.0453 3564 Msfs - ok
20:46:43.0468 3564 MSIServer - ok
20:46:43.0531 3564 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:46:43.0546 3564 MSKSSRV - ok
20:46:43.0562 3564 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:46:43.0578 3564 MSPCLOCK - ok
20:46:43.0593 3564 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:46:43.0609 3564 MSPQM - ok
20:46:43.0656 3564 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:46:43.0671 3564 mssmbios - ok
20:46:43.0703 3564 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:46:43.0703 3564 MSTEE - ok
20:46:43.0812 3564 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:46:43.0843 3564 Mup - ok
20:46:43.0890 3564 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:46:43.0906 3564 NABTSFEC - ok
20:46:44.0046 3564 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
20:46:44.0125 3564 napagent - ok
20:46:44.0234 3564 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:46:44.0312 3564 NDIS - ok
20:46:44.0343 3564 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:46:44.0359 3564 NdisIP - ok
20:46:44.0421 3564 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:46:44.0437 3564 NdisTapi - ok
20:46:44.0468 3564 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:46:44.0468 3564 Ndisuio - ok
20:46:44.0546 3564 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:46:44.0562 3564 NdisWan - ok
20:46:44.0625 3564 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:46:44.0640 3564 NDProxy - ok
20:46:44.0671 3564 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:46:44.0687 3564 NetBIOS - ok
20:46:44.0890 3564 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:46:44.0953 3564 NetBT - ok
20:46:45.0031 3564 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:46:45.0062 3564 NetDDE - ok
20:46:45.0078 3564 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:46:45.0078 3564 NetDDEdsdm - ok
20:46:45.0156 3564 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:46:45.0156 3564 Netlogon - ok
20:46:45.0250 3564 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
20:46:45.0328 3564 Netman - ok
20:46:45.0875 3564 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:46:45.0906 3564 NetTcpPortSharing - ok
20:46:45.0984 3564 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:46:46.0000 3564 NIC1394 - ok
20:46:46.0156 3564 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
20:46:46.0234 3564 Nla - ok
20:46:46.0281 3564 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:46:46.0281 3564 Npfs - ok
20:46:46.0515 3564 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:46:46.0750 3564 Ntfs - ok
20:46:46.0765 3564 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
20:46:46.0765 3564 NtLmSsp - ok
20:46:46.0953 3564 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
20:46:47.0062 3564 NtmsSvc - ok
20:46:47.0125 3564 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:46:47.0125 3564 Null - ok
20:46:47.0171 3564 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:46:47.0171 3564 NwlnkFlt - ok
20:46:47.0250 3564 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:46:47.0265 3564 NwlnkFwd - ok
20:46:47.0328 3564 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:46:47.0328 3564 ohci1394 - ok
20:46:47.0390 3564 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:46:47.0421 3564 Parport - ok
20:46:47.0437 3564 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:46:47.0437 3564 PartMgr - ok
20:46:47.0500 3564 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:46:47.0500 3564 ParVdm - ok
20:46:47.0515 3564 PCDRSRVC - ok
20:46:47.0562 3564 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:46:47.0593 3564 PCI - ok
20:46:47.0593 3564 PCIDump - ok
20:46:47.0625 3564 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:46:47.0625 3564 PCIIde - ok
20:46:47.0703 3564 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:46:47.0750 3564 Pcmcia - ok
20:46:47.0750 3564 PDCOMP - ok
20:46:47.0765 3564 PDFRAME - ok
20:46:47.0781 3564 PDRELI - ok
20:46:47.0812 3564 PDRFRAME - ok
20:46:47.0828 3564 perc2 - ok
20:46:47.0843 3564 perc2hib - ok
20:46:47.0984 3564 PID_0920 (9b4aff0adade21cba680e074f6be600b) C:\WINDOWS\system32\DRIVERS\LV532AV.SYS
20:46:48.0015 3564 PID_0920 - ok
20:46:48.0093 3564 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:46:48.0093 3564 PlugPlay - ok
20:46:48.0125 3564 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:46:48.0125 3564 PolicyAgent - ok
20:46:48.0156 3564 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:46:48.0171 3564 PptpMiniport - ok
20:46:48.0218 3564 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
20:46:48.0234 3564 Processor - ok
20:46:48.0250 3564 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:46:48.0250 3564 ProtectedStorage - ok
20:46:48.0296 3564 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
20:46:48.0312 3564 Ps2 - ok
20:46:48.0343 3564 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:46:48.0359 3564 PSched - ok
20:46:48.0406 3564 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:46:48.0421 3564 Ptilink - ok
20:46:48.0500 3564 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:46:48.0500 3564 PxHelp20 - ok
20:46:48.0515 3564 ql1080 - ok
20:46:48.0531 3564 Ql10wnt - ok
20:46:48.0562 3564 ql12160 - ok
20:46:48.0578 3564 ql1240 - ok
20:46:48.0593 3564 ql1280 - ok
20:46:48.0625 3564 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:46:48.0625 3564 RasAcd - ok
20:46:48.0718 3564 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
20:46:48.0734 3564 RasAuto - ok
20:46:48.0781 3564 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:46:48.0796 3564 Rasl2tp - ok
20:46:48.0921 3564 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
20:46:48.0984 3564 RasMan - ok
20:46:49.0031 3564 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:46:49.0031 3564 RasPppoe - ok
20:46:49.0078 3564 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:46:49.0078 3564 Raspti - ok
20:46:49.0156 3564 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:46:49.0218 3564 Rdbss - ok
20:46:49.0265 3564 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:46:49.0265 3564 RDPCDD - ok
20:46:49.0375 3564 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
20:46:49.0437 3564 RDPWD - ok
20:46:49.0546 3564 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
20:46:49.0578 3564 RDSessMgr - ok
20:46:49.0640 3564 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:46:49.0656 3564 redbook - ok
20:46:49.0734 3564 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
20:46:49.0750 3564 RemoteAccess - ok
20:46:49.0796 3564 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
20:46:49.0812 3564 RpcLocator - ok
20:46:50.0031 3564 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
20:46:50.0031 3564 RpcSs - ok
20:46:50.0140 3564 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
20:46:50.0187 3564 RSVP - ok
20:46:50.0250 3564 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
20:46:50.0265 3564 rtl8139 - ok
20:46:50.0328 3564 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:46:50.0328 3564 SamSs - ok
20:46:50.0468 3564 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:46:50.0484 3564 SASDIFSV - ok
20:46:50.0515 3564 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:46:50.0546 3564 SASKUTIL - ok
20:46:50.0640 3564 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
20:46:50.0671 3564 SCardSvr - ok
20:46:50.0812 3564 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
20:46:50.0890 3564 Schedule - ok
20:46:50.0968 3564 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:46:50.0984 3564 Secdrv - ok
20:46:51.0031 3564 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
20:46:51.0046 3564 seclogon - ok
20:46:51.0078 3564 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
20:46:51.0109 3564 SENS - ok
20:46:51.0125 3564 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:46:51.0140 3564 serenum - ok
20:46:51.0171 3564 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:46:51.0187 3564 Serial - ok
20:46:51.0250 3564 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:46:51.0250 3564 Sfloppy - ok
20:46:51.0421 3564 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
20:46:51.0546 3564 SharedAccess - ok
20:46:51.0656 3564 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:46:51.0671 3564 ShellHWDetection - ok
20:46:51.0687 3564 Simbad - ok
20:46:51.0828 3564 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
20:46:51.0890 3564 SkypeUpdate - ok
20:46:51.0937 3564 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:46:51.0937 3564 SLIP - ok
20:46:51.0968 3564 Sparrow - ok
20:46:52.0031 3564 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:46:52.0031 3564 splitter - ok
20:46:52.0109 3564 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:46:52.0125 3564 Spooler - ok
20:46:52.0468 3564 sptd (1a606a8d611816adc47d2b25dbedcb1f) C:\WINDOWS\system32\Drivers\sptd.sys
20:46:52.0468 3564 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 1a606a8d611816adc47d2b25dbedcb1f
20:46:52.0468 3564 sptd ( LockedFile.Multi.Generic ) - warning
20:46:52.0468 3564 sptd - detected LockedFile.Multi.Generic (1)
20:46:52.0578 3564 sp_rsdrv2 (8831252bcf05fcfb5abd116a22e552d8) C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
20:46:52.0640 3564 sp_rsdrv2 - ok
20:46:52.0875 3564 sp_rssrv (642180b8f50e7fc1fbaf87c718e259d6) C:\Program Files\Spyware Terminator\sp_rsser.exe
20:46:53.0062 3564 sp_rssrv - ok
20:46:53.0125 3564 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:46:53.0140 3564 sr - ok
20:46:53.0250 3564 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
20:46:53.0312 3564 srservice - ok
20:46:53.0500 3564 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:46:53.0640 3564 Srv - ok
20:46:53.0687 3564 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
20:46:53.0718 3564 SSDPSRV - ok
20:46:53.0812 3564 StarPortLite (4384dca7f1e9a3f6876196c07f10a007) C:\WINDOWS\system32\DRIVERS\StarPortLite.sys
20:46:53.0843 3564 StarPortLite - ok
20:46:53.0984 3564 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
20:46:54.0125 3564 stisvc - ok
20:46:54.0187 3564 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:46:54.0187 3564 streamip - ok
20:46:54.0203 3564 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:46:54.0218 3564 swenum - ok
20:46:54.0265 3564 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:46:54.0281 3564 swmidi - ok
20:46:54.0296 3564 SwPrv - ok
20:46:54.0328 3564 symc810 - ok
20:46:54.0343 3564 symc8xx - ok
20:46:54.0359 3564 sym_hi - ok
20:46:54.0390 3564 sym_u3 - ok
20:46:54.0421 3564 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:46:54.0437 3564 sysaudio - ok
20:46:54.0531 3564 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
20:46:54.0546 3564 SysmonLog - ok
20:46:54.0703 3564 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
20:46:54.0796 3564 TapiSrv - ok
20:46:54.0953 3564 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:46:55.0046 3564 Tcpip - ok
20:46:55.0125 3564 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:46:55.0125 3564 TDPIPE - ok
20:46:55.0156 3564 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:46:55.0171 3564 TDTCP - ok
20:46:55.0234 3564 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:46:55.0250 3564 TermDD - ok
20:46:55.0812 3564 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
20:46:55.0921 3564 TermService - ok
20:46:56.0046 3564 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:46:56.0046 3564 Themes - ok
20:46:56.0078 3564 TosIde - ok
20:46:56.0125 3564 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
20:46:56.0156 3564 TrkWks - ok
20:46:56.0234 3564 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:46:56.0250 3564 Udfs - ok
20:46:56.0265 3564 ultra - ok
20:46:56.0453 3564 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:46:56.0593 3564 Update - ok
20:46:56.0671 3564 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
20:46:56.0718 3564 upnphost - ok
20:46:56.0765 3564 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
20:46:56.0765 3564 UPS - ok
20:46:56.0796 3564 USBAAPL - ok
20:46:56.0875 3564 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:46:56.0890 3564 usbccgp - ok
20:46:56.0937 3564 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:46:56.0953 3564 usbehci - ok
20:46:57.0000 3564 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:46:57.0015 3564 usbhub - ok
20:46:57.0062 3564 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:46:57.0078 3564 usbprint - ok
20:46:57.0093 3564 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:46:57.0109 3564 usbscan - ok
20:46:57.0156 3564 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:46:57.0171 3564 USBSTOR - ok
20:46:57.0203 3564 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:46:57.0203 3564 usbuhci - ok
20:46:57.0250 3564 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
20:46:57.0265 3564 usb_rndisx - ok
20:46:57.0312 3564 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:46:57.0312 3564 VgaSave - ok
20:46:57.0343 3564 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
20:46:57.0343 3564 ViaIde - ok
20:46:57.0375 3564 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:46:57.0375 3564 VolSnap - ok
20:46:57.0484 3564 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
20:46:57.0562 3564 VSS - ok
20:46:57.0671 3564 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
20:46:57.0750 3564 W32Time - ok
20:46:57.0812 3564 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:46:57.0812 3564 Wanarp - ok
20:46:57.0843 3564 WDICA - ok
20:46:57.0890 3564 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:46:57.0921 3564 wdmaud - ok
20:46:57.0968 3564 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
20:46:58.0000 3564 WebClient - ok
20:46:58.0156 3564 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:46:58.0203 3564 winmgmt - ok
20:46:58.0296 3564 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
20:46:58.0312 3564 WmdmPmSN - ok
20:46:58.0390 3564 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
20:46:58.0421 3564 WmiApSrv - ok
20:46:58.0796 3564 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
20:46:59.0015 3564 WMPNetworkSvc - ok
20:46:59.0093 3564 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
20:46:59.0156 3564 wscsvc - ok
20:46:59.0187 3564 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:46:59.0203 3564 WSTCODEC - ok
20:46:59.0250 3564 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
20:46:59.0250 3564 wuauserv - ok
20:46:59.0328 3564 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:46:59.0343 3564 WudfPf - ok
20:46:59.0453 3564 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:46:59.0468 3564 WudfRd - ok
20:46:59.0531 3564 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
20:46:59.0546 3564 WudfSvc - ok
20:46:59.0765 3564 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
20:46:59.0968 3564 WZCSVC - ok
20:47:00.0046 3564 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
20:47:00.0078 3564 xmlprov - ok
20:47:00.0171 3564 MBR (0x1B8) (bad0263fbe81b49f5f07b32dc9d198b3) \Device\Harddisk0\DR0
20:47:00.0203 3564 \Device\Harddisk0\DR0 - ok
20:47:00.0218 3564 Boot (0x1200) (6fc0082765bebf116626d0ed2c4ddea7) \Device\Harddisk0\DR0\Partition0
20:47:00.0218 3564 \Device\Harddisk0\DR0\Partition0 - ok
20:47:00.0265 3564 Boot (0x1200) (36b19f625fd8f48523c0231bc51e28a6) \Device\Harddisk0\DR0\Partition1
20:47:00.0265 3564 \Device\Harddisk0\DR0\Partition1 - ok
20:47:00.0265 3564 ============================================================
20:47:00.0265 3564 Scan finished
20:47:00.0265 3564 ============================================================
20:47:00.0296 3204 Detected object count: 1
20:47:00.0296 3204 Actual detected object count: 1
20:47:14.0500 3204 C:\WINDOWS\system32\Drivers\sptd.sys - copied to quarantine
20:47:14.0500 3204 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine
20:47:22.0937 2204 Deinitialize success
Things seem to be back in order, Im able to D/L anti-virus apps / progs now but before doing so is there one (FREE) you'd recommend and also Im unable to unistall AVG & Spyware terminator because of corrupt file/s. Thanks plenty for cleaning out the gunk that was slowing down and hindering my comps performance. Much appreciated to everyone who offered their help
Leon
- 05-21-2012 06:23 PM #6Member Spyware Fighter
- Join Date
- Jun 2010
- Location
- Bement,Ill USA
- Posts
- 1,132
- Points
- 104
Hello, We can get rid of AVg and spyware terminator no problem. We will write a script to get rid of them.
1.
- Please download and install an antivirus program, and make sure that you keep it updated.
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
Three good antivirus programs free for non-commercial home use are:
Note: You should only have one antivirus installed at a time! Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
2.
We need to run a CFScript.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the codebox below into it:
Save this as CFScript.txt, in the same location as ComboFix.exeCode:REGISTRY:: [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayRSAlert] [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinished] [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinishedThreatFound] [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanStarted] [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdEnd] [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdEndFail] [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdStart] [-HKEY_CURRENT_USER\AppEvents\Schemes\Apps\avgtray] [-HKEY_CURRENT_USER\Software\Avg] [-HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG9 Shell Extension] [-HKEY_CLASSES_ROOT\.avgdx] [-HKEY_CLASSES_ROOT\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A3E}] [-HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] [-HKEY_CLASSES_ROOT\CLSID\{41B21542-2055-4212-A6F2-395CD109B14B}] [-HKEY_CLASSES_ROOT\CLSID\{6F59E522-4689-156E-316C-D5B48819DE95} ] [-HKEY_CLASSES_ROOT\CLSID\{86E8C5B0-75B6-4ff2-B04F-6789CC7AE386}] [-HKEY_CLASSES_ROOT\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}] [-HKEY_CLASSES_ROOT\CLSID\{EF0BB4CD-81FA-48AF-99B3-AB6C1F079BEC}] [-HKEY_CLASSES_ROOT\CLSID\{F1FE4608-7924-4908-8E12-81CFA206F00A}] [-HKEY_CLASSES_ROOT\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}] [-HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\AVG9 Shell Extension] [-HKEY_CLASSES_ROOT\Installer\Features\36E852A15FD8BDA48923830A21D156BE] [-HKEY_CLASSES_ROOT\Installer\Features\69BC3230A1222404483A39DE4E0799CF] [-HKEY_CLASSES_ROOT\Installer\Features\CFD2C1F142D260E3CB8B271543DA9F98] [-HKEY_CLASSES_ROOT\Installer\Products\36E852A15FD8BDA48923830A21D156BE] [-HKEY_CLASSES_ROOT\Installer\Products\69BC3230A1222404483A39DE4E0799CF] [-HKEY_CLASSES_ROOT\Installer\Products\CFD2C1F142D260E3CB8B271543DA9F98] [-HKEY_CLASSES_ROOT\Installer\UpgradeCodes6DD9E4F7F3FF9C41BC2BD64A2CE18FE] [-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\38F747DBDC97B4E459142E21199F9D10] [-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\41A387AA3A7A33D3590FA953D1350011] [-HKEY_CLASSES_ROOT\LinkScannerIE.NavFilter] [-HKEY_CLASSES_ROOT\LinkScannerIE.NavFilter.1] [-HKEY_CLASSES_ROOT\MicroScanner.MicroScanner] [-HKEY_CLASSES_ROOT\piffile\shellex\ContextMenuHandlers\AVG9 Shell Extension] [-HKEY_CLASSES_ROOT\PROTOCOLS\Handler\linkscanner] [-HKEY_LOCAL_MACHINE\SOFTWARE\AVG] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DevDiv\VC] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AVGSE.DLL] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0323CB96-221A-4042-84A3-93EDE47099FC}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1A258E63-8DF5-4ADB-9832-38A0121D65EB}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AlwaysUnloadDll] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG] [-HKEY_CLASSES_ROOT\CLSID\{50A96677-4378-434d-9F4B-6B28B485933F}\{976BA62F-ABED-40e0-8F7B-6DE4F6756F0B}] [-HKEY_CLASSES_ROOT\CLSID\{50A96677-4378-434d-9F4B-6B28B485933F}\{976BA62F-ABEE-40e0-8F7B-6DE4F6756F0B}] [-HKEY_CLASSES_ROOT\CLSID\{50A96677-4378-434d-9F4B-6B28B485933F}\{976BA62F-ABEF-40e0-8F7B-6DE4F6756F0B}] [-HKEY_CLASSES_ROOT\CLSID\{9781B2D1-AF27-474F-A3A5-C0763FBDF3B7}] [-HKEY_CLASSES_ROOT\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}] [-HKEY_CLASSES_ROOT\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] [-HKEY_CLASSES_ROOT\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}] [-HKEY_CLASSES_ROOT\PROTOCOLS\Handler\avgsecuritytoolbar] [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayWSAlert] [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] [-HKEY_CURRENT_USER\Software\AppDataLow\Avg] [-HKEY_CURRENT_USER\Software\AVG Security Toolbar] [-HKEY_LOCAL_MACHINE\SOFTWARE\AVG Security Toolbar] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms] [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayRSAlert] [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayScanFinished] [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayScanFinishedThreatFound] [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayScanStarted] [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayWSAlert] [-HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\avgtray] [-HKEY_USERS\.DEFAULT\Software\AppDataLow\Avg] [-HKEY_USERS\.DEFAULT\Software\Avg] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG9_TRAY"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"=- "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions] "{3f963a5b-e555-4543-90e2-c3908898db71}"=- "avg@igeared"=- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GroupOrderList] "AVG"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpywareTerminator"=- DRIVER:: Avg AVGIDSAgent AVGIDSDriver AVGIDSEH AVGIDSFilter AVGIDSShim Avgldx86 Avgmfx86 Avgrkx86 Avgtdix avgwd AVG Security Toolbar Service avg9emc avg9wd sp_rsdrv2 FOLDER:: %SYSTEMDRIVE%\$AVG %COMMONAPPDATA%\AVG10 %COMMONAPPDATA%\MFAData %COMMONPROGRAMS%\AVG 2011 %APPDATA%\AVG10 %PROGRAMFILES%\AVG %SYSTEM%\drivers\AVG %COMMONAPPDATA%\AVG Security Toolbar %COMMONAPPDATA%\avg9 %COMMONPrograms%\AVG Free 9.0 c:\program files\Spyware Terminator c:\documents and settings\Owner\Application Data\Spyware Terminator :\documents and settings\All Users\Application Data\Spyware Terminator File:: %COMMONAPPDATA%\Common Files\6F59E522-4689-156E-316C-D5B48819DE95.dat %COMMONDESKTOP%\AVG 2011.lnk %SYSTEM%\drivers\AVGIDSDriver.sys %SYSTEM%\drivers\AVGIDSEH.sys %SYSTEM%\drivers\AVGIDSFilter.sys %SYSTEM%\drivers\AVGIDSShim.sys %SYSTEM%\drivers\avgldx86.sys %SYSTEM%\drivers\avgmfx86.sys %SYSTEM%\drivers\avgrkx86.sys %SYSTEM%\drivers\avgtdix.sys %COMMONDesktop%\AVG Free 9.0.lnk %PROGRAMFILES%\Mozilla Firefox\searchplugins\avg_igeared.xml %SYSTEM%\avgrsstx.dll c:\windows\system32\drivers\sp_rsdrv2.sys SECCENTER:: AVG Anti-Virus Free
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
3.
Please download Malwarebytes Anti-Malware and save it to your desktop.- Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
- Make sure you are connected to the Internet and double-click on the renamed file to install the application.
For instructions with screenshots, please refer to this Guide. - When the installation begins, follow the prompts and do not make any changes to default settings.
- Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
- If an update is found, the program will automatically update itself. Press the OK button and continue.
- If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
- Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
- Click on the Scan button.
- When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
- Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
- Make sure that everything is checked and then click Remove Selected.
- When removal is completed, a log report will open in Notepad.
- The log is automatically saved and can be viewed by clicking the Logs tab.
- Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
- Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
4.
I'd like us to scan your machine with ESET OnlineScan- Hold down Control and click on this link to open ESET OnlineScan in a new window.
- Click the
button. - For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
- Double click on the
icon on your desktop.
- Check "YES, I accept the Terms of Use."
- Click the Start button.
- Accept any security warnings from your browser.
- Under scan settings, check "Scan Archives" and "Remove found threats"
- Click Advanced settings and select the following:
- Scan potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, click List Threats
- Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
- Click the Back button.
- Click the Finish button.
Things to include in your next reply::
Combofix.txt
MBAM log
Eset log
How is your machine running now?" Extinguishing Malware from the world"
The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-
- 05-23-2012 04:53 AM #7Member
- Join Date
- Feb 2010
- Posts
- 68
- Points
- 1
COMBOFIX
ComboFix 12-05-21.06 - Owner 22/05/2012 18:08:41.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.746 [GMT 12:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\My Documents\Downloads\CFScript.txt.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
FILE ::
"c:\documents and settings\All Users\Application Data\Common Files\6F59E522-4689-156E-316C-D5B48819DE95.dat"
"c:\documents and settings\All Users\Desktop\AVG 2011.lnk"
"c:\documents and settings\All Users\Desktop\AVG Free 9.0.lnk"
"c:\program files\Mozilla Firefox\searchplugins\avg_igeared.xml"
"c:\windows\system32\avgrsstx.dll"
"c:\windows\system32\drivers\AVGIDSDriver.sys"
"c:\windows\system32\drivers\AVGIDSEH.sys"
"c:\windows\system32\drivers\AVGIDSFilter.sys"
"c:\windows\system32\drivers\AVGIDSShim.sys"
"c:\windows\system32\drivers\avgldx86.sys"
"c:\windows\system32\drivers\avgmfx86.sys"
"c:\windows\system32\drivers\avgrkx86.sys"
"c:\windows\system32\drivers\avgtdix.sys"
"c:\windows\system32\drivers\sp_rsdrv2.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\AVG Security Toolbar
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\Languages\en.ini
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\Languages\languages.cfg
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\osd.xml
c:\documents and settings\All Users\Application Data\MFAData
c:\documents and settings\All Users\Application Data\MFAData\logs\mfa-20120515-080650.log
c:\documents and settings\All Users\Application Data\MFAData\logs\mfa-20120515-081952.log
c:\documents and settings\All Users\Application Data\MFAData\logs\mfa-20120520-092704.log
c:\documents and settings\All Users\Application Data\MFAData\logs\mfa-20120520-223416.log
c:\documents and settings\All Users\Application Data\MFAData\logs\msi-20120520-092704.log
c:\documents and settings\All Users\Application Data\MFAData\logs\msi-20120520-223416.log
c:\documents and settings\All Users\Application Data\MFAData\public_installation_log.xml
c:\documents and settings\All Users\Application Data\MFAData\setup_tp.cab
c:\documents and settings\Owner\Application Data\Spyware Terminator
c:\documents and settings\Owner\Application Data\Spyware Terminator\BIN_STREVIEWS.SPT
c:\documents and settings\Owner\Application Data\Spyware Terminator\BIN_STRSBW.SPT
c:\documents and settings\Owner\Application Data\Spyware Terminator\info.htm
c:\documents and settings\Owner\Application Data\Spyware Terminator\LanguageAct\info.ini
c:\documents and settings\Owner\Application Data\Spyware Terminator\LanguageAct\language.inf
c:\documents and settings\Owner\Application Data\Spyware Terminator\LanguageAct\language.ini
c:\documents and settings\Owner\Application Data\Spyware Terminator\Reports\reports.dat
c:\documents and settings\Owner\Application Data\Spyware Terminator\Reports\scan_0001.dat
c:\documents and settings\Owner\Application Data\Spyware Terminator\Reports\supportReport.txt
c:\documents and settings\Owner\Application Data\Spyware Terminator\scanConfig.xml
c:\documents and settings\Owner\Application Data\Spyware Terminator\shields.xml
c:\documents and settings\Owner\WINDOWS
C:\install.exe
c:\program files\AVG
c:\program files\AVG\AVG10\avg.snu
c:\program files\AVG\AVG10\avgatend.stp
c:\program files\AVG\AVG10\avgatupd.stp
c:\program files\AVG\AVG10\avgmfapx.exe
c:\program files\AVG\AVG10\avgmfarx.dll
c:\program files\AVG\AVG10\avgupd.sig
c:\program files\AVG\AVG10\avgupdx.dll
c:\program files\AVG\AVG10\cf.dat
c:\program files\Spyware Terminator
c:\program files\Spyware Terminator\BIN_RSCSDA.SPF
c:\program files\Spyware Terminator\history.txt
c:\program files\Spyware Terminator\languages\ST_BRAZILIANS.cab
c:\program files\Spyware Terminator\languages\ST_CATALAN.cab
c:\program files\Spyware Terminator\languages\ST_CHINESE.cab
c:\program files\Spyware Terminator\languages\ST_CZECH.cab
c:\program files\Spyware Terminator\languages\ST_DANISH.cab
c:\program files\Spyware Terminator\languages\ST_DUTCH.cab
c:\program files\Spyware Terminator\languages\ST_ENGLISH.cab
c:\program files\Spyware Terminator\languages\ST_FRENCH.cab
c:\program files\Spyware Terminator\languages\ST_GERMAN.cab
c:\program files\Spyware Terminator\languages\ST_HUNGARIAN.cab
c:\program files\Spyware Terminator\languages\ST_ITALIANO.cab
c:\program files\Spyware Terminator\languages\ST_PORTUGUESE.cab
c:\program files\Spyware Terminator\languages\ST_ROMANIAN.cab
c:\program files\Spyware Terminator\languages\ST_RUSSIAN.cab
c:\program files\Spyware Terminator\languages\ST_SERBIAN.cab
c:\program files\Spyware Terminator\languages\ST_SPANISH.cab
c:\program files\Spyware Terminator\languages\ST_TURKISH.cab
c:\program files\Spyware Terminator\languages\ST_VALENCIAN.cab
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Spyware Terminator\sptcontmenu.dll
c:\program files\Spyware Terminator\SpyWareTerminator.exe
c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe
c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
c:\program files\Spyware Terminator\TorentDll.dll
c:\program files\Spyware Terminator\unins000.exe
c:\program files\Spyware Terminator\update\WebSecurityGuard_STSetup.exe
c:\windows\help\wmplayer.bak
c:\windows\iun6002.exe
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\drivers\AVG
c:\windows\system32\drivers\AVG\iavifw.avm
c:\windows\system32\drivers\AVGIDSEH.sys
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\drivers\sp_rsdrv2.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AVGIDSDRIVER
-------\Legacy_AVGIDSEH
-------\Legacy_AVGIDSFILTER
-------\Legacy_AVGIDSSHIM
-------\Legacy_AVGLDX86
-------\Legacy_AVGRKX86
-------\Legacy_AVGTDIX
-------\Legacy_SP_RSDRV2
-------\Service_AVG Security Toolbar Service
-------\Service_sp_rsdrv2
-------\Legacy_sp_rssrv
-------\Legacy_sp_rssrv
-------\Service_sp_rssrv
-------\Service_sp_rssrv
.
.
((((((((((((((((((((((((( Files Created from 2012-04-22 to 2012-05-22 )))))))))))))))))))))))))))))))
.
.
2012-05-22 00:19 . 2012-05-22 00:19 -------- d-----w- c:\documents and settings\Owner\Application Data\Carambis
2012-05-22 00:18 . 2012-05-22 00:18 -------- d-----w- c:\program files\Carambis
2012-05-22 00:03 . 2004-02-26 17:01 79654 ----a-w- c:\windows\system32\E_FLM9BL.DLL
2012-05-22 00:03 . 2000-06-06 13:01 34304 ----a-w- c:\windows\system32\E_FBCH9BL.DLL
2012-05-22 00:03 . 2003-05-20 14:27 64000 ----a-w- c:\windows\system32\E_FBCB9BL.DLL
2012-05-22 00:01 . 2004-03-11 13:30 82944 ----a-w- c:\windows\system32\EAL.EXE
2012-05-22 00:01 . 2004-01-15 13:10 309248 ----a-w- c:\windows\system32\EAL32.DLL
2012-05-21 23:52 . 2012-05-21 23:52 -------- d-----w- c:\windows\TWAIN
2012-05-21 23:52 . 1994-09-16 02:00 20976 ----a-w- c:\windows\system32\CTL3D.DLL
2012-05-21 23:52 . 2012-05-21 23:58 -------- d-----w- C:\EPSCAN32
2012-05-21 23:52 . 1997-04-08 08:08 299520 ----a-w- c:\windows\uninst.exe
2012-05-21 23:52 . 2012-05-21 23:52 -------- d-----w- C:\EPSON
2012-05-20 23:39 . 2012-05-20 23:39 -------- d-----w- c:\program files\OpenOffice.org 3
2012-05-20 09:33 . 2012-05-20 22:51 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-05-16 04:54 . 2012-05-16 04:59 -------- d-----w- C:\8d0e81301c2bcfc3f949b2943302
2012-05-16 04:21 . 2012-05-16 04:21 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-16 04:15 . 2012-05-16 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2012-05-16 04:15 . 2012-05-16 04:15 -------- d-----w- c:\program files\WinClamAVShield
2012-05-16 00:47 . 2012-05-16 00:47 -------- d-----w- c:\documents and settings\Owner\Application Data\ElevatedDiagnostics
2012-05-15 08:36 . 2012-05-15 08:36 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2012-05-15 08:36 . 2012-05-15 08:36 -------- d-----w- c:\program files\Trend Micro
2012-05-15 08:35 . 2012-05-16 04:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-15 08:35 . 2012-05-15 08:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-05-13 02:49 . 2012-05-16 04:16 -------- d-----w- c:\program files\Crawler
2012-05-11 03:09 . 2012-05-16 04:18 -------- d-----w- c:\program files\Common Files\Java(2)
2012-05-11 03:06 . 2012-05-11 03:06 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Sun
2012-05-07 08:35 . 2012-05-16 04:19 -------- d-----w- c:\program files\Blip Blop
2012-05-07 08:14 . 2012-05-16 04:19 -------- d-----w- c:\program files\Westbang
2012-04-30 02:43 . 2012-04-30 02:43 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 13:12 . 2004-04-02 05:38 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10 . 2004-04-02 05:38 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35 . 2002-08-29 08:04 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-06 03:43 . 2012-04-18 05:15 772248 ----a-w- c:\windows\system32\msvcr100.dll
2012-03-06 03:43 . 2012-04-18 05:15 419480 ----a-w- c:\windows\system32\msvcp100.dll
2012-03-06 03:43 . 2012-04-18 05:15 136344 ----a-w- c:\windows\system32\atl100.dll
2012-03-06 03:43 . 2012-04-18 05:15 80024 ----a-w- c:\windows\system32\mfcm100u.dll
2012-03-06 03:43 . 2012-04-18 05:15 4421272 ----a-w- c:\windows\system32\mfc100u.dll
2012-03-01 11:01 . 2004-05-19 04:52 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-05-19 04:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-03-01 11:01 . 2004-01-21 13:16 916992 ----a-w- c:\windows\system32\wininet.dll
2012-02-29 14:10 . 2004-05-19 04:12 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-04-02 05:37 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2009-06-22 02:08 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-20_09.09.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-06 14:19 . 2007-11-06 14:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-04-10 16:32 . 2008-04-10 16:32 49152 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90kor.dll
+ 2008-04-10 16:32 . 2008-04-10 16:32 49664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90jpn.dll
+ 2008-04-10 16:32 . 2008-04-10 16:32 61952 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90ita.dll
+ 2008-04-10 16:32 . 2008-04-10 16:32 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90fra.dll
+ 2008-04-10 16:32 . 2008-04-10 16:32 61952 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90esp.dll
+ 2008-04-10 16:32 . 2008-04-10 16:32 61952 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90esn.dll
+ 2008-04-10 16:32 . 2008-04-10 16:32 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90enu.dll
+ 2008-04-10 16:32 . 2008-04-10 16:32 63488 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90deu.dll
+ 2008-04-10 16:32 . 2008-04-10 16:32 44544 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90cht.dll
+ 2008-04-10 16:32 . 2008-04-10 16:32 44032 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90chs.dll
+ 2008-04-10 13:51 . 2008-04-10 13:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_421e9f78\mfcm90u.dll
+ 2008-04-10 13:51 . 2008-04-10 13:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_421e9f78\mfcm90.dll
+ 2012-05-21 23:52 . 1996-08-23 13:00 29984 c:\windows\TWAIN\CALIBRAT\EPSCNCAL.EXE
+ 2010-03-17 21:15 . 2010-03-17 21:15 51024 c:\windows\system32\vcomp100.dll
- 2009-06-22 03:07 . 2003-02-20 01:08 54784 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\EPSET32.DLL
+ 2009-06-22 03:07 . 2003-02-19 13:08 54784 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\EPSET32.DLL
+ 2009-06-22 03:07 . 2003-11-11 13:02 81920 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\EBPSHRE4.DLL
- 2009-06-22 03:07 . 2003-11-12 01:02 81920 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\EBPSHRE4.DLL
- 2009-06-22 03:07 . 2004-02-19 02:03 65536 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_S00RP1.EXE
+ 2009-06-22 03:07 . 2004-02-18 14:03 65536 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_S00RP1.EXE
+ 2012-05-22 00:01 . 2004-05-23 16:00 93696 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FMW09BL.DLL
+ 2012-05-22 00:03 . 2004-01-18 17:00 68362 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FMAI9BL.DLL
+ 2012-05-22 00:03 . 2004-03-17 20:00 19968 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FHUT9BL.EXE
+ 2012-05-22 00:01 . 2004-05-25 13:00 92672 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FHSR9BL.DLL
+ 2012-05-22 00:03 . 2004-02-03 14:00 71680 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FGRC9BL.DLL
+ 2012-05-22 00:03 . 2004-03-29 17:00 55269 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FDSP9BL.DLL
+ 2012-05-22 00:03 . 2002-06-06 16:00 28160 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FBSR9BL.EXE
+ 2012-05-22 00:03 . 2004-02-17 13:10 98304 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FBAG9BL.DLL
+ 2012-05-22 00:03 . 2004-03-03 15:00 98304 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FATI9BL.EXE
+ 2012-05-22 00:03 . 2004-02-18 15:02 94208 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FASK9BL.DLL
+ 2012-05-22 00:03 . 2004-03-02 15:05 81920 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FARN9BL.EXE
+ 2012-05-22 00:03 . 2004-03-17 13:00 56832 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FAIR9BL.DLL
+ 2010-03-17 21:15 . 2010-03-17 21:15 80208 c:\windows\system32\mfcm100.dll
+ 2010-03-17 21:15 . 2010-03-17 21:15 60752 c:\windows\system32\mfc100rus.dll
+ 2010-03-17 21:15 . 2010-03-17 21:15 43344 c:\windows\system32\mfc100kor.dll
+ 2010-03-17 21:15 . 2010-03-17 21:15 43856 c:\windows\system32\mfc100jpn.dll
+ 2010-03-17 21:15 . 2010-03-17 21:15 62288 c:\windows\system32\mfc100ita.dll
+ 2010-03-17 21:15 . 2010-03-17 21:15 64336 c:\windows\system32\mfc100fra.dll
+ 2010-03-17 21:15 . 2010-03-17 21:15 63824 c:\windows\system32\mfc100esn.dll
+ 2010-03-17 21:15 . 2010-03-17 21:15 55120 c:\windows\system32\mfc100enu.dll
+ 2010-03-17 21:15 . 2010-03-17 21:15 64336 c:\windows\system32\mfc100deu.dll
+ 2010-03-17 21:15 . 2010-03-17 21:15 36176 c:\windows\system32\mfc100cht.dll
+ 2010-03-17 21:15 . 2010-03-17 21:15 36176 c:\windows\system32\mfc100chs.dll
+ 2012-05-20 23:39 . 2012-05-20 23:39 11264 c:\windows\assembly\GAC_MSIL\cli_basetypes\1.0.19.0__ce2cb7e279207b9e\cli_basetypes.dll
+ 2012-05-20 23:40 . 2012-05-20 23:40 63488 c:\windows\assembly\GAC_32\cli_cppuhelper\1.0.22.0__ce2cb7e279207b9e\cli_cppuhelper.dll
+ 2009-06-22 03:07 . 2003-11-17 12:00 6289 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\EPUPDATE.DAT
+ 2012-05-22 00:03 . 2004-03-23 15:10 2696 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FAIF9BL.DAT
+ 2012-05-20 23:40 . 2012-05-20 23:40 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_uretypes\8.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_uretypes.dll
+ 2012-05-20 23:40 . 2012-05-20 23:40 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_ure\22.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_ure.dll
+ 2012-05-20 23:41 . 2012-05-20 23:41 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_oootypes\8.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_oootypes.dll
+ 2012-05-20 23:40 . 2012-05-20 23:40 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_basetypes\19.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_basetypes.dll
+ 2012-05-20 23:40 . 2012-05-20 23:40 7680 c:\windows\assembly\GAC_MSIL\cli_ure\1.0.22.0__ce2cb7e279207b9e\cli_ure.dll
+ 2012-05-20 23:41 . 2012-05-20 23:41 3072 c:\windows\assembly\GAC_32\policy.1.0.cli_cppuhelper\22.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_cppuhelper.dll
+ 2008-04-10 16:32 . 2008-04-10 16:32 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_71382c73\msvcr90.dll
+ 2008-04-10 16:32 . 2008-04-10 16:32 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_71382c73\msvcp90.dll
+ 2008-04-10 10:52 . 2008-04-10 10:52 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_71382c73\msvcm90.dll
+ 2007-11-06 14:19 . 2007-11-06 14:19 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_312cf0e9\atl90.dll
+ 2012-05-21 23:52 . 1997-06-22 13:03 126944 c:\windows\TWAIN\CALIBRAT\EPPRNCAL.EXE
- 2009-06-22 03:07 . 2004-02-05 01:05 122880 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\SAGENT4.EXE
+ 2009-06-22 03:07 . 2004-02-04 13:05 122880 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\SAGENT4.EXE
+ 2009-06-22 03:07 . 2004-02-02 18:05 675840 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\EPUPDATE.EXE
- 2009-06-22 03:07 . 2004-02-03 06:05 675840 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\EPUPDATE.EXE
+ 2012-05-22 00:03 . 2004-03-28 17:00 404240 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FUIC9BL.DLL
+ 2012-05-22 00:03 . 2004-01-19 16:00 509952 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FPRU9BL.DLL
+ 2012-05-22 00:03 . 2004-01-28 16:00 145408 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FPRE9BL.EXE
+ 2012-05-22 00:03 . 2004-01-28 16:00 421376 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FJBC9BL.DLL
+ 2012-05-22 00:03 . 2004-03-17 20:00 142848 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FHUT9BL.DLL
+ 2012-05-22 00:03 . 2004-03-02 16:00 218624 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FHT09BL.DLL
+ 2012-05-22 00:03 . 2004-03-17 16:00 336896 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FHM09BL.DLL
+ 2012-05-22 00:01 . 2004-04-28 13:01 605184 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FHBR9BL.DLL
+ 2012-05-22 00:03 . 2004-01-28 16:00 315392 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FCON9BL.DLL
+ 2012-05-22 00:03 . 2004-02-26 17:01 192512 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FBLP9BL.DLL
+ 2012-05-22 00:03 . 2004-03-02 16:20 155648 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FBIN9BL.EXE
+ 2012-05-22 00:03 . 2004-02-04 17:00 159744 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FBAP9BL.DLL
+ 2012-05-22 00:01 . 2004-05-10 15:10 385024 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FASR9BL.DLL
+ 2012-05-22 00:03 . 2004-04-04 15:10 331776 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FAPR9BL.DLL
+ 2012-05-22 00:03 . 2004-03-02 15:07 110592 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FAMT9BL.EXE
+ 2012-05-22 00:03 . 2004-04-01 15:13 192512 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FAMD9BL.EXE
+ 2012-05-22 00:19 . 2012-05-22 00:19 151552 c:\windows\Installer\b29b1a.msi
+ 2012-05-20 23:38 . 2012-05-20 23:38 228864 c:\windows\Installer\2b4682.msi
+ 2012-05-20 23:40 . 2012-05-20 23:40 118784 c:\windows\assembly\GAC_MSIL\cli_uretypes\1.0.8.0__ce2cb7e279207b9e\cli_uretypes.dll
+ 2012-05-20 23:41 . 2012-05-20 23:41 905216 c:\windows\assembly\GAC_MSIL\cli_oootypes\1.0.8.0__ce2cb7e279207b9e\cli_oootypes.dll
+ 2008-04-10 16:32 . 2008-04-10 16:32 3783160 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_421e9f78\mfc90u.dll
+ 2008-04-10 16:32 . 2008-04-10 16:32 3767288 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_421e9f78\mfc90.dll
+ 2012-05-22 00:01 . 2004-05-25 14:01 1077248 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FUIR9BL.DLL
+ 2012-05-22 00:01 . 2004-05-23 16:00 1182208 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FSR09BL.DLL
+ 2010-03-17 21:15 . 2010-03-17 21:15 4342088 c:\windows\system32\mfc100.dll
+ 2004-04-01 22:44 . 2012-05-21 21:10 3614368 c:\windows\system32\FNTCACHE.DAT
+ 2012-05-20 23:42 . 2012-05-20 23:42 3105280 c:\windows\Installer\2b46a8.msi
+ 2011-07-11 08:43 . 2011-07-11 08:43 11641344 c:\windows\Installer\75d9e.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-01 3905920]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-28 88363]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2009-06-26 04:52 68592 -c--a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-07 12:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\tixati\\tixati.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/09/2010 3:52 PM 721904]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/07/2011 4:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [13/07/2011 9:55 AM 67664]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [11/09/2010 3:51 PM 85760]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 11:38 AM 116608]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12/07/2010 3:33 AM 30432]
R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2/04/2004 2:12 AM 152576]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/11/2010 11:39 AM 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29/02/2012 7:50 AM 158856]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/11/2010 11:39 AM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-16 c:\windows\Tasks\expressburnShakeIcon.job
- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2011-03-23 06:57]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 23:38]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 23:38]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1918235205-1724217292-322963331-1003.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-24 21:39]
.
2012-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2596039655-1110919557-3213181978-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-24 21:39]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2596039655-1110919557-3213181978-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-24 21:39]
.
2012-05-22 c:\windows\Tasks\User_Feed_Synchronization-{0D08D22A-D2EC-49FA-8583-9999B4002DC0}.job
- c:\windows\system32\msfeedssync.exe [2009-03-07 16:31]
.
2012-04-02 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2012-04-01 05:36]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.trademe.co.nz/
uDefault_Search_URL = hxxp://www.google.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_NZ&c=Q304&bd=pavilion&pf=desktop
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 10.1.1.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-EPSON Stylus CX3500 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9BL.EXE
MSConfigStartUp-EPSON Stylus CX3500 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE
AddRemove-Spyware Terminator_is1 - c:\program files\Spyware Terminator\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-05-22 18:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PCDRSRVC]
"ImagePath"="system32\drivers\PCDRSRVC.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(932)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3928)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\igfxpph.dll
c:\windows\system32\hccutils.DLL
c:\windows\system32\igfxres.dll
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\igfxdev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\AGRSMMSG.exe
c:\progra~1\Microsoft ActiveSync\rapimgr.exe
c:\windows\SoftwareDistribution\Download\Install\NDP20SP2-KB2572073-x86.exe
c:\1540017b0bee09accfff07e45226\HotFixInstaller.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\MsiExec.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
.
**************************************************************************
.
Completion time: 2012-05-22 18:36:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-22 06:36
.
Pre-Run: 13,608,660,992 bytes free
Post-Run: 13,875,191,808 bytes free
.
- - End Of File - - 522C7EAE51212AEB0ED589F6B6DE4452
MBAM
Malwarebytes Anti-Malware 1.61.0.1400
Database version: v2012.05.22.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: YOUR-FK3WZJTN19 [administrator]
23/05/2012 11:53:29 AM
mbam-log-2012-05-23 (11-53-29).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 209334
Time elapsed: 14 minute(s), 54 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
NO threats found in the ESET scan, wasn't able to retrieve a log either. Have installed Avira as well and the comp seems to be in tip-top shape!
Malwarebytes : Free anti-malware, anti-virus and spyware removal download
- 05-23-2012 04:58 AM #8Member
- Join Date
- Feb 2010
- Posts
- 68
- Points
- 1
COMBOFIX
ComboFix 12-05-21.06 - Owner 22/05/2012 18:08:41.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.746 [GMT 12:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\My Documents\Downloads\CFScript.txt.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
FILE ::
"c:\documents and settings\All Users\Application Data\Common Files\6F59E522-4689-156E-316C-D5B48819DE95.dat"
"c:\documents and settings\All Users\Desktop\AVG 2011.lnk"
"c:\documents and settings\All Users\Desktop\AVG Free 9.0.lnk"
"c:\program files\Mozilla Firefox\searchplugins\avg_igeared.xml"
"c:\windows\system32\avgrsstx.dll"
"c:\windows\system32\drivers\AVGIDSDriver.sys"
"c:\windows\system32\drivers\AVGIDSEH.sys"
"c:\windows\system32\drivers\AVGIDSFilter.sys"
"c:\windows\system32\drivers\AVGIDSShim.sys"
"c:\windows\system32\drivers\avgldx86.sys"
"c:\windows\system32\drivers\avgmfx86.sys"
"c:\windows\system32\drivers\avgrkx86.sys"
"c:\windows\system32\drivers\avgtdix.sys"
"c:\windows\system32\drivers\sp_rsdrv2.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\AVG Security Toolbar
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\Languages\en.ini
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\Languages\languages.cfg
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\osd.xml
c:\documents and settings\All Users\Application Data\MFAData
c:\documents and settings\All Users\Application Data\MFAData\logs\mfa-20120515-080650.log
c:\documents and settings\All Users\Application Data\MFAData\logs\mfa-20120515-081952.log
c:\documents and settings\All Users\Application Data\MFAData\logs\mfa-20120520-092704.log
c:\documents and settings\All Users\Application Data\MFAData\logs\mfa-20120520-223416.log
c:\documents and settings\All Users\Application Data\MFAData\logs\msi-20120520-092704.log
c:\documents and settings\All Users\Application Data\MFAData\logs\msi-20120520-223416.log
c:\documents and settings\All Users\Application Data\MFAData\public_installation_log.xml
c:\documents and settings\All Users\Application Data\MFAData\setup_tp.cab
c:\documents and settings\Owner\Application Data\Spyware Terminator
c:\documents and settings\Owner\Application Data\Spyware Terminator\BIN_STREVIEWS.SPT
c:\documents and settings\Owner\Application Data\Spyware Terminator\BIN_STRSBW.SPT
c:\documents and settings\Owner\Application Data\Spyware Terminator\info.htm
c:\documents and settings\Owner\Application Data\Spyware Terminator\LanguageAct\info.ini
c:\documents and settings\Owner\Application Data\Spyware Terminator\LanguageAct\language.inf
c:\documents and settings\Owner\Application Data\Spyware Terminator\LanguageAct\language.ini
c:\documents and settings\Owner\Application Data\Spyware Terminator\Reports\reports.dat
c:\documents and settings\Owner\Application Data\Spyware Terminator\Reports\scan_0001.dat
c:\documents and settings\Owner\Application Data\Spyware Terminator\Reports\supportReport.txt
c:\documents and settings\Owner\Application Data\Spyware Terminator\scanConfig.xml
c:\documents and settings\Owner\Application Data\Spyware Terminator\shields.xml
c:\documents and settings\Owner\WINDOWS
C:\install.exe
c:\program files\AVG
c:\program files\AVG\AVG10\avg.snu
c:\program files\AVG\AVG10\avgatend.stp
c:\program files\AVG\AVG10\avgatupd.stp
c:\program files\AVG\AVG10\avgmfapx.exe
c:\program files\AVG\AVG10\avgmfarx.dll
c:\program files\AVG\AVG10\avgupd.sig
c:\program files\AVG\AVG10\avgupdx.dll
c:\program files\AVG\AVG10\cf.dat
c:\program files\Spyware Terminator
c:\program files\Spyware Terminator\BIN_RSCSDA.SPF
c:\program files\Spyware Terminator\history.txt
c:\program files\Spyware Terminator\languages\ST_BRAZILIANS.cab
c:\program files\Spyware Terminator\languages\ST_CATALAN.cab
c:\program files\Spyware Terminator\languages\ST_CHINESE.cab
c:\program files\Spyware Terminator\languages\ST_CZECH.cab
c:\program files\Spyware Terminator\languages\ST_DANISH.cab
c:\program files\Spyware Terminator\languages\ST_DUTCH.cab
c:\program files\Spyware Terminator\languages\ST_ENGLISH.cab
c:\program files\Spyware Terminator\languages\ST_FRENCH.cab
c:\program files\Spyware Terminator\languages\ST_GERMAN.cab
c:\program files\Spyware Terminator\languages\ST_HUNGARIAN.cab
c:\program files\Spyware Terminator\languages\ST_ITALIANO.cab
c:\program files\Spyware Terminator\languages\ST_PORTUGUESE.cab
c:\program files\Spyware Terminator\languages\ST_ROMANIAN.cab
c:\program files\Spyware Terminator\languages\ST_RUSSIAN.cab
c:\program files\Spyware Terminator\languages\ST_SERBIAN.cab
c:\program files\Spyware Terminator\languages\ST_SPANISH.cab
c:\program files\Spyware Terminator\languages\ST_TURKISH.cab
c:\program files\Spyware Terminator\languages\ST_VALENCIAN.cab
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Spyware Terminator\sptcontmenu.dll
c:\program files\Spyware Terminator\SpyWareTerminator.exe
c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe
c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
c:\program files\Spyware Terminator\TorentDll.dll
c:\program files\Spyware Terminator\unins000.exe
c:\program files\Spyware Terminator\update\WebSecurityGuard_STSetup.exe
c:\windows\help\wmplayer.bak
c:\windows\iun6002.exe
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\drivers\AVG
c:\windows\system32\drivers\AVG\iavifw.avm
c:\windows\system32\drivers\AVGIDSEH.sys
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\drivers\sp_rsdrv2.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AVGIDSDRIVER
-------\Legacy_AVGIDSEH
-------\Legacy_AVGIDSFILTER
-------\Legacy_AVGIDSSHIM
-------\Legacy_AVGLDX86
-------\Legacy_AVGRKX86
-------\Legacy_AVGTDIX
-------\Legacy_SP_RSDRV2
-------\Service_AVG Security Toolbar Service
-------\Service_sp_rsdrv2
-------\Legacy_sp_rssrv
-------\Legacy_sp_rssrv
-------\Service_sp_rssrv
-------\Service_sp_rssrv
.
.
((((((((((((((((((((((((( Files Created from 2012-04-22 to 2012-05-22 )))))))))))))))))))))))))))))))
.
.
2012-05-22 00:19 . 2012-05-22 00:19 -------- d-----w- c:\documents and settings\Owner\Application Data\Carambis
2012-05-22 00:18 . 2012-05-22 00:18 -------- d-----w- c:\program files\Carambis
2012-05-22 00:03 . 2004-02-26 17:01 79654 ----a-w- c:\windows\system32\E_FLM9BL.DLL
2012-05-22 00:03 . 2000-06-06 13:01 34304 ----a-w- c:\windows\system32\E_FBCH9BL.DLL
2012-05-22 00:03 . 2003-05-20 14:27 64000 ----a-w- c:\windows\system32\E_FBCB9BL.DLL
2012-05-22 00:01 . 2004-03-11 13:30 82944 ----a-w- c:\windows\system32\EAL.EXE
2012-05-22 00:01 . 2004-01-15 13:10 309248 ----a-w- c:\windows\system32\EAL32.DLL
2012-05-21 23:52 . 2012-05-21 23:52 -------- d-----w- c:\windows\TWAIN
2012-05-21 23:52 . 1994-09-16 02:00 20976 ----a-w- c:\windows\system32\CTL3D.DLL
2012-05-21 23:52 . 2012-05-21 23:58 -------- d-----w- C:\EPSCAN32
2012-05-21 23:52 . 1997-04-08 08:08 299520 ----a-w- c:\windows\uninst.exe
2012-05-21 23:52 . 2012-05-21 23:52 -------- d-----w- C:\EPSON
2012-05-20 23:39 . 2012-05-20 23:39 -------- d-----w- c:\program files\OpenOffice.org 3
2012-05-20 09:33 . 2012-05-20 22:51 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-05-16 04:54 . 2012-05-16 04:59 -------- d-----w- C:\8d0e81301c2bcfc3f949b2943302
2012-05-16 04:21 . 2012-05-16 04:21 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-16 04:15 . 2012-05-16 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2012-05-16 04:15 . 2012-05-16 04:15 -------- d-----w- c:\program files\WinClamAVShield
2012-05-16 00:47 . 2012-05-16 00:47 -------- d-----w- c:\documents and settings\Owner\Application Data\ElevatedDiagnostics
2012-05-15 08:36 . 2012-05-15 08:36 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2012-05-15 08:36 . 2012-05-15 08:36 -------- d-----w- c:\program files\Trend Micro
2012-05-15 08:35 . 2012-05-16 04:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-15 08:35 . 2012-05-15 08:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-05-13 02:49 . 2012-05-16 04:16 -------- d-----w- c:\program files\Crawler
2012-05-11 03:09 . 2012-05-16 04:18 -------- d-----w- c:\program files\Common Files\Java(2)
2012-05-11 03:06 . 2012-05-11 03:06 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Sun
2012-05-07 08:35 . 2012-05-16 04:19 -------- d-----w- c:\program files\Blip Blop
2012-05-07 08:14 . 2012-05-16 04:19 -------- d-----w- c:\program files\Westbang
2012-04-30 02:43 . 2012-04-30 02:43 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 13:12 . 2004-04-02 05:38 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10 . 2004-04-02 05:38 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35 . 2002-08-29 08:04 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-06 03:43 . 2012-04-18 05:15 772248 ----a-w- c:\windows\system32\msvcr100.dll
2012-03-06 03:43 . 2012-04-18 05:15 419480 ----a-w- c:\windows\system32\msvcp100.dll
2012-03-06 03:43 . 2012-04-18 05:15 136344 ----a-w- c:\windows\system32\atl100.dll
2012-03-06 03:43 . 2012-04-18 05:15 80024 ----a-w- c:\windows\system32\mfcm100u.dll
2012-03-06 03:43 . 2012-04-18 05:15 4421272 ----a-w- c:\windows\system32\mfc100u.dll
2012-03-01 11:01 . 2004-05-19 04:52 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-05-19 04:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-03-01 11:01 . 2004-01-21 13:16 916992 ----a-w- c:\windows\system32\wininet.dll
2012-02-29 14:10 . 2004-05-19 04:12 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-04-02 05:37 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2009-06-22 02:08 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-20_09.09.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-06 14:19 . 2007-11-06 14:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-04-10 16:32 . 2008-04-10 16:32 49152 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90kor.dll
+ 2008-04-10 16:32 . 2008-04-10 16:32 49664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90jpn.dll
+ 2008-04-10 16:32 . 2008-04-10 16:32 61952 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90ita.dll
+ 2008-04-10 16:32 . 2008-04-10 16:32 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90fra.dll
+ 2008-04-10 16:32 . 2008-04-10 16:32 61952 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90esp.dll
+ 2008-04-10 16:32 . 2008-04-10 16:32 61952 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90esn.dll
+ 2008-04-10 16:32 . 2008-04-10 16:32 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90enu.dll
+ 2008-04-10 16:32 . 2008-04-10 16:32 63488 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90deu.dll
+ 2008-04-10 16:32 . 2008-04-10 16:32 44544 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90cht.dll
+ 2008-04-10 16:32 . 2008-04-10 16:32 44032 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90chs.dll
+ 2008-04-10 13:51 . 2008-04-10 13:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_421e9f78\mfcm90u.dll
+ 2008-04-10 13:51 . 2008-04-10 13:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_421e9f78\mfcm90.dll
+ 2012-05-21 23:52 . 1996-08-23 13:00 29984 c:\windows\TWAIN\CALIBRAT\EPSCNCAL.EXE
+ 2010-03-17 21:15 . 2010-03-17 21:15 51024 c:\windows\system32\vcomp100.dll
- 2009-06-22 03:07 . 2003-02-20 01:08 54784 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\EPSET32.DLL
+ 2009-06-22 03:07 . 2003-02-19 13:08 54784 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\EPSET32.DLL
+ 2009-06-22 03:07 . 2003-11-11 13:02 81920 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\EBPSHRE4.DLL
- 2009-06-22 03:07 . 2003-11-12 01:02 81920 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\EBPSHRE4.DLL
- 2009-06-22 03:07 . 2004-02-19 02:03 65536 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_S00RP1.EXE
+ 2009-06-22 03:07 . 2004-02-18 14:03 65536 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_S00RP1.EXE
+ 2012-05-22 00:01 . 2004-05-23 16:00 93696 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FMW09BL.DLL
+ 2012-05-22 00:03 . 2004-01-18 17:00 68362 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FMAI9BL.DLL
+ 2012-05-22 00:03 . 2004-03-17 20:00 19968 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FHUT9BL.EXE
+ 2012-05-22 00:01 . 2004-05-25 13:00 92672 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FHSR9BL.DLL
+ 2012-05-22 00:03 . 2004-02-03 14:00 71680 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FGRC9BL.DLL
+ 2012-05-22 00:03 . 2004-03-29 17:00 55269 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FDSP9BL.DLL
+ 2012-05-22 00:03 . 2002-06-06 16:00 28160 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FBSR9BL.EXE
+ 2012-05-22 00:03 . 2004-02-17 13:10 98304 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FBAG9BL.DLL
+ 2012-05-22 00:03 . 2004-03-03 15:00 98304 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FATI9BL.EXE
+ 2012-05-22 00:03 . 2004-02-18 15:02 94208 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FASK9BL.DLL
+ 2012-05-22 00:03 . 2004-03-02 15:05 81920 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FARN9BL.EXE
+ 2012-05-22 00:03 . 2004-03-17 13:00 56832 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FAIR9BL.DLL
+ 2010-03-17 21:15 . 2010-03-17 21:15 80208 c:\windows\system32\mfcm100.dll
+ 2010-03-17 21:15 . 2010-03-17 21:15 60752 c:\windows\system32\mfc100rus.dll
+ 2010-03-17 21:15 . 2010-03-17 21:15 43344 c:\windows\system32\mfc100kor.dll
+ 2010-03-17 21:15 . 2010-03-17 21:15 43856 c:\windows\system32\mfc100jpn.dll
+ 2010-03-17 21:15 . 2010-03-17 21:15 62288 c:\windows\system32\mfc100ita.dll
+ 2010-03-17 21:15 . 2010-03-17 21:15 64336 c:\windows\system32\mfc100fra.dll
+ 2010-03-17 21:15 . 2010-03-17 21:15 63824 c:\windows\system32\mfc100esn.dll
+ 2010-03-17 21:15 . 2010-03-17 21:15 55120 c:\windows\system32\mfc100enu.dll
+ 2010-03-17 21:15 . 2010-03-17 21:15 64336 c:\windows\system32\mfc100deu.dll
+ 2010-03-17 21:15 . 2010-03-17 21:15 36176 c:\windows\system32\mfc100cht.dll
+ 2010-03-17 21:15 . 2010-03-17 21:15 36176 c:\windows\system32\mfc100chs.dll
+ 2012-05-20 23:39 . 2012-05-20 23:39 11264 c:\windows\assembly\GAC_MSIL\cli_basetypes\1.0.19.0__ce2cb7e279207b9e\cli_basetypes.dll
+ 2012-05-20 23:40 . 2012-05-20 23:40 63488 c:\windows\assembly\GAC_32\cli_cppuhelper\1.0.22.0__ce2cb7e279207b9e\cli_cppuhelper.dll
+ 2009-06-22 03:07 . 2003-11-17 12:00 6289 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\EPUPDATE.DAT
+ 2012-05-22 00:03 . 2004-03-23 15:10 2696 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FAIF9BL.DAT
+ 2012-05-20 23:40 . 2012-05-20 23:40 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_uretypes\8.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_uretypes.dll
+ 2012-05-20 23:40 . 2012-05-20 23:40 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_ure\22.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_ure.dll
+ 2012-05-20 23:41 . 2012-05-20 23:41 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_oootypes\8.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_oootypes.dll
+ 2012-05-20 23:40 . 2012-05-20 23:40 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_basetypes\19.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_basetypes.dll
+ 2012-05-20 23:40 . 2012-05-20 23:40 7680 c:\windows\assembly\GAC_MSIL\cli_ure\1.0.22.0__ce2cb7e279207b9e\cli_ure.dll
+ 2012-05-20 23:41 . 2012-05-20 23:41 3072 c:\windows\assembly\GAC_32\policy.1.0.cli_cppuhelper\22.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_cppuhelper.dll
+ 2008-04-10 16:32 . 2008-04-10 16:32 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_71382c73\msvcr90.dll
+ 2008-04-10 16:32 . 2008-04-10 16:32 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_71382c73\msvcp90.dll
+ 2008-04-10 10:52 . 2008-04-10 10:52 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_71382c73\msvcm90.dll
+ 2007-11-06 14:19 . 2007-11-06 14:19 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_312cf0e9\atl90.dll
+ 2012-05-21 23:52 . 1997-06-22 13:03 126944 c:\windows\TWAIN\CALIBRAT\EPPRNCAL.EXE
- 2009-06-22 03:07 . 2004-02-05 01:05 122880 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\SAGENT4.EXE
+ 2009-06-22 03:07 . 2004-02-04 13:05 122880 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\SAGENT4.EXE
+ 2009-06-22 03:07 . 2004-02-02 18:05 675840 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\EPUPDATE.EXE
- 2009-06-22 03:07 . 2004-02-03 06:05 675840 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\EPUPDATE.EXE
+ 2012-05-22 00:03 . 2004-03-28 17:00 404240 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FUIC9BL.DLL
+ 2012-05-22 00:03 . 2004-01-19 16:00 509952 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FPRU9BL.DLL
+ 2012-05-22 00:03 . 2004-01-28 16:00 145408 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FPRE9BL.EXE
+ 2012-05-22 00:03 . 2004-01-28 16:00 421376 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FJBC9BL.DLL
+ 2012-05-22 00:03 . 2004-03-17 20:00 142848 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FHUT9BL.DLL
+ 2012-05-22 00:03 . 2004-03-02 16:00 218624 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FHT09BL.DLL
+ 2012-05-22 00:03 . 2004-03-17 16:00 336896 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FHM09BL.DLL
+ 2012-05-22 00:01 . 2004-04-28 13:01 605184 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FHBR9BL.DLL
+ 2012-05-22 00:03 . 2004-01-28 16:00 315392 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FCON9BL.DLL
+ 2012-05-22 00:03 . 2004-02-26 17:01 192512 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FBLP9BL.DLL
+ 2012-05-22 00:03 . 2004-03-02 16:20 155648 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FBIN9BL.EXE
+ 2012-05-22 00:03 . 2004-02-04 17:00 159744 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FBAP9BL.DLL
+ 2012-05-22 00:01 . 2004-05-10 15:10 385024 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FASR9BL.DLL
+ 2012-05-22 00:03 . 2004-04-04 15:10 331776 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FAPR9BL.DLL
+ 2012-05-22 00:03 . 2004-03-02 15:07 110592 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FAMT9BL.EXE
+ 2012-05-22 00:03 . 2004-04-01 15:13 192512 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FAMD9BL.EXE
+ 2012-05-22 00:19 . 2012-05-22 00:19 151552 c:\windows\Installer\b29b1a.msi
+ 2012-05-20 23:38 . 2012-05-20 23:38 228864 c:\windows\Installer\2b4682.msi
+ 2012-05-20 23:40 . 2012-05-20 23:40 118784 c:\windows\assembly\GAC_MSIL\cli_uretypes\1.0.8.0__ce2cb7e279207b9e\cli_uretypes.dll
+ 2012-05-20 23:41 . 2012-05-20 23:41 905216 c:\windows\assembly\GAC_MSIL\cli_oootypes\1.0.8.0__ce2cb7e279207b9e\cli_oootypes.dll
+ 2008-04-10 16:32 . 2008-04-10 16:32 3783160 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_421e9f78\mfc90u.dll
+ 2008-04-10 16:32 . 2008-04-10 16:32 3767288 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_421e9f78\mfc90.dll
+ 2012-05-22 00:01 . 2004-05-25 14:01 1077248 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FUIR9BL.DLL
+ 2012-05-22 00:01 . 2004-05-23 16:00 1182208 c:\windows\system32\spool\drivers\w32x86\epsonstylus_cx3500432e\E_FSR09BL.DLL
+ 2010-03-17 21:15 . 2010-03-17 21:15 4342088 c:\windows\system32\mfc100.dll
+ 2004-04-01 22:44 . 2012-05-21 21:10 3614368 c:\windows\system32\FNTCACHE.DAT
+ 2012-05-20 23:42 . 2012-05-20 23:42 3105280 c:\windows\Installer\2b46a8.msi
+ 2011-07-11 08:43 . 2011-07-11 08:43 11641344 c:\windows\Installer\75d9e.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-01 3905920]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-28 88363]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2009-06-26 04:52 68592 -c--a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-07 12:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\tixati\\tixati.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/09/2010 3:52 PM 721904]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/07/2011 4:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [13/07/2011 9:55 AM 67664]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [11/09/2010 3:51 PM 85760]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 11:38 AM 116608]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12/07/2010 3:33 AM 30432]
R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2/04/2004 2:12 AM 152576]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/11/2010 11:39 AM 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29/02/2012 7:50 AM 158856]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/11/2010 11:39 AM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-16 c:\windows\Tasks\expressburnShakeIcon.job
- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2011-03-23 06:57]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 23:38]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 23:38]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1918235205-1724217292-322963331-1003.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-24 21:39]
.
2012-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2596039655-1110919557-3213181978-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-24 21:39]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2596039655-1110919557-3213181978-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-24 21:39]
.
2012-05-22 c:\windows\Tasks\User_Feed_Synchronization-{0D08D22A-D2EC-49FA-8583-9999B4002DC0}.job
- c:\windows\system32\msfeedssync.exe [2009-03-07 16:31]
.
2012-04-02 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2012-04-01 05:36]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.trademe.co.nz/
uDefault_Search_URL = hxxp://www.google.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_NZ&c=Q304&bd=pavilion&pf=desktop
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 10.1.1.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-EPSON Stylus CX3500 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9BL.EXE
MSConfigStartUp-EPSON Stylus CX3500 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE
AddRemove-Spyware Terminator_is1 - c:\program files\Spyware Terminator\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-05-22 18:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PCDRSRVC]
"ImagePath"="system32\drivers\PCDRSRVC.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(932)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3928)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\igfxpph.dll
c:\windows\system32\hccutils.DLL
c:\windows\system32\igfxres.dll
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\igfxdev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\AGRSMMSG.exe
c:\progra~1\Microsoft ActiveSync\rapimgr.exe
c:\windows\SoftwareDistribution\Download\Install\NDP20SP2-KB2572073-x86.exe
c:\1540017b0bee09accfff07e45226\HotFixInstaller.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\MsiExec.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
.
**************************************************************************
.
Completion time: 2012-05-22 18:36:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-22 06:36
.
Pre-Run: 13,608,660,992 bytes free
Post-Run: 13,875,191,808 bytes free
.
- - End Of File - - 522C7EAE51212AEB0ED589F6B6DE4452
MBAM
Malwarebytes Anti-Malware 1.61.0.1400
Database version: v2012.05.22.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: YOUR-FK3WZJTN19 [administrator]
23/05/2012 11:53:29 AM
mbam-log-2012-05-23 (11-53-29).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 209334
Time elapsed: 14 minute(s), 54 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
NO threats found in the ESET scan, wasn't able to retrieve a log either. Have installed Avira as well and the comp seems to be in tip-top shape!
Malwarebytes : Free anti-malware, anti-virus and spyware removal download
- 05-23-2012 05:20 PM #9Member Spyware Fighter
- Join Date
- Jun 2010
- Location
- Bement,Ill USA
- Posts
- 1,132
- Points
- 104
Hello, xtrakt.
Congratulations! You now appear clean!
Are things running okay? Do you have any more questions?
Uninstall Combofix
- Make sure that Combofix.exe that you downloaded is on your Desktop but Do not run it!
o *If it is not on your Desktop, the below will not work. - Click on
then Run.... - Now copy & paste the green bolded text in the run-box and click OK.
ComboFix /Uninstall
<Notice the space between the "x" and "/".> <--- It needs to be there
Windows Vista users: Press the Windows Key + R to bring the Run... Command and then from there you can add in the Combofix /Uninstall
- Please advise if this step is missed for any reason as it performs some important actions:
"This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
It also makes a clean Restore Point and flashes all the old restore points in order to prevent possible reinfection from an old one through system restore".
System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.
We Need to Clean Up Our Mess
- Download OTC by OldTimer and save it to your desktop.
- Double click
icon to start the program. If you are using Vista, please right-click and choose run as administrator - Then Click the big
button. - You will get a prompt saying "Being Cleanup Process". Please select Yes.
- Restart your computer when prompted.
One of the most common questions found when cleaning malware is "how did my machine get infected?"
There are a variety of reasons, but the most common ones are that you are not practicing Safe Internet, you are not running the proper security software or that your computer's security settings are set too low.
Below I have outlined a series of categories that outline how you can increase the security of your computer to help reduce the chance of being infected again in the future.
Do not use P2P programs
Peer-to-peer or file-sharing programs (such as uTorrent, Limewire and Bitorrent) are probably the primary route of infection nowadays. These programs allow file sharing between users as the name(s) suggest. It is almost impossible to know whether the file you’re downloading through P2P programs is safe.
It is therefore possible to be infected by downloading infected files via peer-to-peer programs and so I recommend that you do not use these programs. Should you wish to use them, they must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."
In addition, P2P programs facilitate cyber crime and help distribute pirated software, movies and other illegal material.
Practice Safe Internet
Another one of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will.
Below are a list of simple precautions to take to keep your computer clean and running securely:- If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
- If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
- If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know who is themselves infected with malware which is trying to infect everyone in their address book. A key thing to look out for here is: does the email sound as though it’s from the person you know? Often, the email may simply have a web link or a “Run this file to make your PC run fast” message in it.
- If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of pop-ups, or Foistware, you should read this article: Foistware, And how to avoid it.
There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. Removal instructions for a lot of these "rogues" can be found here. - Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you, or will download a file to your PC without your knowledge. You can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake. DO NOT click on these windows, instead close them by finding the open window on your Taskbar, right click and chose close.
- Do not visit pornographic websites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do, as this can often form part of their funding.
- When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link you should message back to the person asking if it is legit.
- Stay away from Warez and Crack sites! As with Peer-2-Peer programs, in addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
- Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download files from a site, and are not sure if they are legitimate, you can use tools such as BitDefender Traffic Light, Norton Safe Web, or McAfee SiteAdvisor to look up info on the site and stay protected against malicious sites. Please be sure to only choose and install one of those tool bars.
- DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.
Sometimes even legitimate programs will try to bundle extra, unwanted, software with the program you want - this is done to raise money for the program. Be sure to untick any boxes which may indicate that other programs will be downloaded.
Keep Windows up-to-date
Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure.
- Windows XP users
You should visit Windows Update to check for the latest updates to your system. The latest service pack (SP3) can be obtained directly from Microsoft here. - Windows Vista users
You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP2) can be obtained directly from Microsoft here. - Windows 7 users
You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP1) can be obtained directly from Microsoft here
Keep your browser secure
Most modern browsers have come on in leaps and bounds with their inbuilt, default security. The best way to keep your browser secure nowadays is simply to keep it up-to-date.
The latest versions of the three common browsers can be found below:
Use an AntiVirus Software
It is very important that your computer has an up-to-date anti-virus software on it which has a real-time agent running. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources, a couple of free Anti-Virus programs you may be interested in are Microsoft Security Essentials and Avast.
It is imperative that you update your Antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.
Use a Firewall
I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.
All versions of Windows starting from XP have an in-built firewall. With Windows XP this firewall will protect you from incoming traffic (i.e. hackers). Starting with Windows Vista, the firewall was beefed up to also protect you against outgoing traffic (i.e. malicious programs installed on your machine should be blocked from sending data, such as your bank details and passwords, out).
In addition, if you connect to the internet via a router, this will normally have a firewall in-built.
Some people will recommend installing a different firewall (instead of the Windows’ built one), this is personal choice, but the message is to definitely have one! For a tutorial on Firewalls and a listing of some available ones see this link: Understanding and Using Firewalls
Install an Anti-Malware program
Recommended, and free, Anti-Malware programs are Malwarebytes Anti-Malware and SuperAntiSpyware.
You should regularly (perhaps once a week) scan your computer with an Anti-Malware program just as you would with an antivirus software.
Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is very important to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities (such as Adobe Reader and Java). You can check these by visiting Secunia Software Inspector.
Follow this list and your potential for being infected again will reduce dramatically." Extinguishing Malware from the world"
The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-
- 05-29-2012 03:32 AM #10Member
- Join Date
- Feb 2010
- Posts
- 68
- Points
- 1
Thanks a million EVERYONE!
