Jump to content


 

Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer infected with virus

Started by zooter , May 11 2012 11:05 AM

  • This topic is locked This topic is locked
123 replies to this topic

#1 zooter

zooter

    Forum Regular

  • Members
  • PipPipPip
  • 242 posts

Posted 11 May 2012 - 11:05 AM

My computer is moving very slow when I try to open or close the browser. I have noticed that my yahoo email has been spoofed. Also the little shortcut to my browsers that used to be in the bottom menu tray arent there anymore.
here are the dds logs. It wont allow to me to attach them because it says theyre too large so Im pasting them in
hope thats ok.
DDS
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by M at 8:58:47 on 2012-05-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.100 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://XXX.com/
uSearch Bar =
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and

settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [DataLayer] c:\progra~1\common~1\pcsuite\datala~1\DATALA~1.EXE
mRun: [MSKDetectorExe] c:\progra~1\mcafee\spamki~1\MSKDetct.exe /startup
mRun: [DLCFCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCFtime.dll,_RunDLLEntry@16
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - {7DD73374-7187-4103-8F29-622AA25E7C40} - c:\program

files\mcafee\spamkiller\mcapfbho.dll
Trusted Zone: linkshare.com\www
Trusted Zone: linksynergy.com\www
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} -

hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{75D862A1-5B6E-4602-AEAC-E9228C0E697B} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\m iudice\application data\mozilla\firefox\profiles\ng9kayko.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://mail.solsticeweb.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application

data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application

data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\m iudice\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2011-7-12 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-5-4 116608]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 intelusb3;Intel USB3 Device Service;c:\windows\system32\svchost.exe -k intelusbs3 [2005-8-16 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update

Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-7 257696]
S3 CamdDriverV32;CamdDriverV32;c:\windows\system32\drivers\CamdDriverV32.sys [2008-7-24 508544]
S3 CamdVideo32;CamdVideo32;c:\windows\system32\drivers\CamdVideo32.sys [2008-7-24 3768]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-5-4 40776]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-3-5 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-3-5 40552]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe

[2012-4-25 129976]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2012-05-11 15:37:57 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft

antimalware\definition updates\{12c5be57-a4d2-473c-b7bc-61a1fcc52107}\offreg.dll
2012-05-10 23:02:26 -------- d-----w- C:\Candlebox
2012-05-10 15:18:34 6734704 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft

antimalware\definition updates\{12c5be57-a4d2-473c-b7bc-61a1fcc52107}\mpengine.dll
2012-05-08 18:12:11 6734704 ------w- c:\documents and settings\all users\application data\microsoft\microsoft

antimalware\definition updates\backup\mpengine.dll
2012-05-04 17:58:32 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-05-03 23:21:19 -------- d-----w- C:\lujen
2012-04-25 17:07:49 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-25 17:06:22 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-04-25 17:06:21 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-04-24 18:17:50 -------- d-----w- c:\program files\Citrix
2012-04-24 04:56:46 -------- d-----w- c:\documents and settings\m iudice\My Downloads
2012-04-24 04:55:48 -------- d-----w- c:\documents and settings\m iudice\application

data\FreeTorrentDownloader
2012-04-15 19:24:42 -------- d-----w- c:\documents and settings\m iudice\local settings\application

data\Western Digital
2012-04-12 20:54:06 -------- d-----w- c:\program files\Coupons
.
==================== Find3M ====================
.
2012-05-05 00:17:15 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 00:17:14 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-10 16:17:45 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-10 16:17:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-21 03:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 9:01:39.00 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/30/2006 5:45:29 PM
System Uptime: 5/11/2012 8:00:09 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 0WJ770
Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 51 GiB total, 10.886 GiB free.
D: is FIXED (NTFS) - 19 GiB total, 3.731 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP133: 4/1/2012 11:46:28 AM - Software Distribution Service 3.0
RP134: 4/2/2012 11:47:31 AM - System Checkpoint
RP135: 4/3/2012 9:48:02 AM - Software Distribution Service 3.0
RP136: 4/4/2012 10:05:56 AM - Software Distribution Service 3.0
RP137: 4/5/2012 9:56:11 AM - Software Distribution Service 3.0
RP138: 4/6/2012 9:56:18 AM - Software Distribution Service 3.0
RP139: 4/7/2012 11:30:08 AM - Software Distribution Service 3.0
RP140: 4/8/2012 1:56:20 AM - Software Distribution Service 3.0
RP141: 4/8/2012 11:15:23 AM - Software Distribution Service 3.0
RP142: 4/9/2012 3:25:18 PM - System Checkpoint
RP143: 4/10/2012 8:52:37 AM - Software Distribution Service 3.0
RP144: 4/10/2012 9:14:09 AM - Removed Java™ 6 Update 26
RP145: 4/10/2012 9:16:18 AM - Installed Java™ 6 Update 31
RP146: 4/11/2012 9:55:14 AM - Software Distribution Service 3.0
RP147: 4/11/2012 12:10:03 PM - Software Distribution Service 3.0
RP148: 4/12/2012 5:32:37 PM - System Checkpoint
RP149: 4/13/2012 9:28:26 AM - Software Distribution Service 3.0
RP150: 4/14/2012 9:53:49 AM - System Checkpoint
RP151: 4/14/2012 4:51:32 PM - Software Distribution Service 3.0
RP152: 4/15/2012 2:10:46 AM - Software Distribution Service 3.0
RP153: 4/16/2012 8:29:41 AM - Software Distribution Service 3.0
RP154: 4/17/2012 4:45:28 PM - System Checkpoint
RP155: 4/18/2012 9:43:24 AM - Software Distribution Service 3.0
RP156: 4/19/2012 1:35:28 PM - System Checkpoint
RP157: 4/20/2012 10:19:09 AM - Software Distribution Service 3.0
RP158: 4/21/2012 10:13:53 AM - Software Distribution Service 3.0
RP159: 4/22/2012 1:33:01 PM - Software Distribution Service 3.0
RP160: 4/23/2012 3:21:38 PM - System Checkpoint
RP161: 4/24/2012 10:58:39 AM - Software Distribution Service 3.0
RP162: 4/25/2012 4:20:01 PM - System Checkpoint
RP163: 4/26/2012 10:12:33 AM - Software Distribution Service 3.0
RP164: 4/27/2012 10:59:15 AM - System Checkpoint
RP165: 4/28/2012 7:55:06 AM - Software Distribution Service 3.0
RP166: 4/29/2012 2:25:41 AM - Software Distribution Service 3.0
RP167: 4/29/2012 7:55:11 AM - Software Distribution Service 3.0
RP168: 4/30/2012 9:10:19 AM - Software Distribution Service 3.0
RP169: 4/30/2012 10:06:23 PM - Software Distribution Service 3.0
RP170: 5/2/2012 9:38:21 AM - Software Distribution Service 3.0
RP171: 5/3/2012 10:31:02 AM - Software Distribution Service 3.0
RP172: 5/4/2012 7:28:17 PM - System Checkpoint
RP173: 5/5/2012 11:37:39 AM - Software Distribution Service 3.0
RP174: 5/5/2012 1:45:17 PM - Removed Apple Mobile Device Support
RP175: 5/5/2012 1:50:59 PM - Removed Apple Software Update
RP176: 5/6/2012 1:09:27 PM - Software Distribution Service 3.0
RP177: 5/7/2012 5:47:58 PM - System Checkpoint
RP178: 5/8/2012 11:11:10 AM - Software Distribution Service 3.0
RP179: 5/9/2012 5:48:01 PM - System Checkpoint
RP180: 5/10/2012 8:18:11 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Flash Video MX Pro version 4.6.1.0
725plc32
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Master Collection
Adobe CSI CS4
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS4
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS3
Adobe Extension Manager CS4
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Media Live Encoder 3.1
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Reader 9.5.1
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
AOLIcon
Apple Application Support
Bonjour
Camera Driver
CCleaner
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Connect
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Writer 2.6
Dell CinePlayer
Dell Color Printer 725
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Support Center
Dell System Restore
DellSupport
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
EducateU
ELIcon
ESPNMotion
Games, Music, & Photos Launcher
Google Earth
High Definition Audio Driver Package - KB835221
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
Intuit SiteBuilder
Java Auto Updater
Java™ 6 Update 31
kuler
Learn2 Player (Uninstall Only)
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Macromedia Fireworks MX 2004
Macromedia FreeHand MXa
Malwarebytes Anti-Malware version 1.61.0.1400
MCU
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.01
Microsoft IntelliType Pro 6.01
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Professional
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# 2.0 Redistributable Package
Modem Helper
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nokia PC Suite
Notepad++
OpenMG Secure Module 4.6.01
PC Connectivity Solution
PDF Settings
Photodex Presenter
PL-2303 USB-to-Serial
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Rhapsody Player Engine
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SanDisk TransferMate
Sansa Updater
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
SonicStage 4.2
SpywareBlaster 4.2
StuffIt Express
StuffIt Standard
Suite Shared Configuration CS4
SUPERAntiSpyware
SWiSH Max3
SWiSHmax
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WampServer 2.0
WebFldrs XP
Winamp
Winamp Detector Plug-in
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
WinZip
WordPerfect Office 12
Yahoo! Messenger
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
5/5/2012 9:22:44 PM, error: Service Control Manager [7000] - The dlcf_device service failed to start due to the

following error: The service did not respond to the start or control request in a timely fashion.
5/5/2012 9:22:44 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service dlcf_device with

arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441060}
5/5/2012 9:22:43 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the dlcf_device

service to connect.
5/4/2012 9:06:09 AM, error: Service Control Manager [7023] - The Intel USB3 Device Service service terminated with the

following error: The specified module could not be found.
5/4/2012 10:43:53 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
.
==== End Of File ===========================

 

  • BC Ads
  • BleepingComputer.com

#2 zooter

zooter

    Forum Regular

  • Members
  • PipPipPip
  • 242 posts

Posted 11 May 2012 - 12:12 PM

Ive tried to run the GMER 3 times now but it keeps closing on me. The 3rd try it was going for about 30 mins when it suddenly completely shut down my machine and gave me this blue screen saying an error was detected or something and it had to shut down the system. I ran it a 4th time and it went for 4 hours, when it finished it would not allow me to save down the log and then the system shutdown again.
I tried running it 1 more time and the 5th time it ran for about 30mins and then stopped and this time I was able to save down a log. Im pasting it in also because it wont allow me to attach it
please help
thank you

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-11 16:43:52
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e HDS728080PLA380 rev.PF2OA63A
Running: v4ewrm2n.exe; Driver: C:\DOCUME~1\MIUDIC~1\LOCALS~1\Temp\pwldapog.sys


---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat F74DBD20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdpkkyxud@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdpkkyxud@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdpkkyxud@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdpkkyxud@imagepath \systemroot\system32\drivers\SKYNETovvrjlqj.sys
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdpkkyxud\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdpkkyxud\main@aid 10096
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdpkkyxud\main@sid 0
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdpkkyxud\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdpkkyxud\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdpkkyxud\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdpkkyxud\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdpkkyxud\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdpkkyxud\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETovvrjlqj.sys
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdpkkyxud\modules@SKYNETcmd.dll \systemroot\system32\SKYNETkltpkylr.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdpkkyxud\modules@SKYNETlog.dat \systemroot\system32\SKYNETtwipjncd.dat
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdpkkyxud\modules@SKYNETwsp.dll \systemroot\system32\SKYNETpypeqwbd.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdpkkyxud\modules@SKYNET.dat \systemroot\system32\SKYNETvibnyklv.dat
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkylmlklrov@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkylmlklrov@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkylmlklrov@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkylmlklrov@imagepath \systemroot\system32\drivers\gasfkyhxvvrimr.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkylmlklrov\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkylmlklrov\main@aid 20162
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkylmlklrov\main@sid 0
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkylmlklrov\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkylmlklrov\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkylmlklrov\main\delete@C:\DOCUME~1\MIUDIC~1\LOCALS~1\Temp\gasfkydttlxribcj.tmp
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkylmlklrov\main\delete@C:\DOCUME~1\MIUDIC~1\LOCALS~1\Temp\gasfkywipqsbnmjq.tmp
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkylmlklrov\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkylmlklrov\main\injector@* gasfkywsp8.dll
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkylmlklrov\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkylmlklrov\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkylmlklrov\modules@gasfkyrk.sys \systemroot\system32\drivers\gasfkyhxvvrimr.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkylmlklrov\modules@gasfkycmd.dll \systemroot\system32\gasfkyjvbjkniq.dll
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkylmlklrov\modules@gasfkylog.dat \systemroot\system32\gasfkykkwputoq.dat
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkylmlklrov\modules@gasfkywsp.dll \systemroot\system32\gasfkyxyfmhtki.dll
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkylmlklrov\modules@gasfky.dat \systemroot\system32\gasfkypprvdytn.dat
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkylmlklrov\modules@gasfkywsp8.dll \systemroot\system32\gasfkydtcwyroy.dll

---- EOF - GMER 1.0.15 ----

Edited by zooter, 11 May 2012 - 06:48 PM.

#3 CatByte

CatByte

    bleepin' tiger

  • Malware Response Team
  • PipPipPipPipPipPip
  • 13,466 posts
  • Gender:Not Telling
  • Location:Canada

Posted 11 May 2012 - 07:36 PM

Hi

Please do the following:

Download Combofix from either of the links below. You must rename it to iexplore before saving it.
Save it to your desktop. Change the save as file type to "all files"

**Note: In the event you already have Combofix, delete it, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  • If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

Link 1
Link 2

-----------------------------------------------------------


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------

  • NOTE: If ComboFix asks to install the Recovery Console, please ALLOW it to do so.

    -----------------------------------------------------------

  • Double click on the renamed ComboFix.exe & follow the prompts. When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.


-----------------------------------------------------------


The help you receive here is free. If you wish to show your appreciation, then you may Posted Image
Microsoft MVP - 2010, 2011, 2012

#4 zooter

zooter

    Forum Regular

  • Members
  • PipPipPip
  • 242 posts

Posted 12 May 2012 - 01:03 AM

Hello and thank you for the reply
Here is the log from combofix

ComboFix 12-05-12.01 - M 05/11/2012 22:00:08.17.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.217 [GMT -7:00]
Running from: c:\documents and settings\M\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\M\Start Menu\Programs\AV Protection 2011
c:\documents and settings\M\Start Menu\Programs\AV Protection 2011\AV Protection 2011.lnk
c:\windows\system32\_000014_.tmp.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-12 to 2012-05-12 )))))))))))))))))))))))))))))))
.
.
2012-05-12 04:46 . 2012-05-12 04:50 -------- d-----w- C:\d4c0f64c69b98aece14a09c479
2012-05-11 15:37 . 2012-05-11 15:37 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{12C5BE57-A4D2-473C-B7BC-61A1FCC52107}\offreg.dll
2012-05-10 23:02 . 2012-05-11 05:16 -------- d-----w- C:\Candlebox
2012-05-10 15:18 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{12C5BE57-A4D2-473C-B7BC-61A1FCC52107}\mpengine.dll
2012-05-08 18:12 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-05 19:21 . 2012-05-05 19:21 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2012-05-03 23:21 . 2012-05-07 23:35 -------- d-----w- C:\lujen
2012-04-25 17:07 . 2012-04-25 17:07 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-25 17:06 . 2012-04-25 17:06 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-25 17:06 . 2012-04-25 17:06 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-24 18:17 . 2012-04-30 05:48 -------- d-----w- c:\program files\Citrix
2012-04-24 04:56 . 2012-04-24 04:56 -------- d-----w- c:\documents and settings\M\My Downloads
2012-04-24 04:55 . 2012-04-24 05:43 -------- d-----w- c:\documents and settings\M\Application Data\FreeTorrentDownloader
2012-04-15 19:24 . 2012-04-15 19:24 -------- d-----w- c:\documents and settings\M\Local Settings\Application Data\Western Digital
2012-04-12 20:54 . 2012-04-12 20:54 -------- d-----w- c:\program files\Coupons
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 00:17 . 2012-04-07 18:14 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 00:17 . 2011-05-26 16:59 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-13 07:36 . 2012-05-12 05:39 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{211BEB5E-4587-4033-AB51-7E15F03CB6FF}\mpengine.dll
2012-04-11 13:14 . 2005-08-16 09:18 2148352 ------w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2005-08-16 09:18 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-04 03:59 2026496 ------w- c:\windows\system32\ntkrnlpa.exe
2012-04-10 16:17 . 2012-04-10 16:18 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-10 16:17 . 2010-09-03 17:42 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 22:56 . 2011-07-28 03:18 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-21 03:44 . 2012-03-21 03:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-01 11:01 . 2005-08-16 09:18 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2005-08-16 09:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2005-08-16 09:18 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2005-08-16 09:18 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2005-08-16 09:18 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2005-08-16 09:18 385024 ----a-w- c:\windows\system32\html.iec
2012-04-25 17:06 . 2011-07-28 00:07 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-11-02 472632]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-04 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 1121280]
"DLCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2005-09-08 73728]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-01-19 296056]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-24 24576]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-09-08 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dlcfcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlcfpswx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [7/12/2011 2:55 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [5/4/2011 10:54 AM 116608]
S2 intelusb3;Intel USB3 Device Service;c:\windows\System32\svchost.exe -k intelusbs3 [8/16/2005 2:18 AM 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/7/2012 11:14 AM 257696]
S3 CamdDriverV32;CamdDriverV32;c:\windows\system32\drivers\CamdDriverV32.sys [7/24/2008 2:23 PM 508544]
S3 CamdVideo32;CamdVideo32;c:\windows\system32\drivers\CamdVideo32.sys [7/24/2008 2:23 PM 3768]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 10:07 AM 129976]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 5:06 PM 11520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
intelusbs3 REG_MULTI_SZ intelusb3
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 00:17]
.
2012-04-16 c:\windows\Tasks\Backup.job
- c:\windows\system32\ntbackup.exe [2005-08-16 00:12]
.
2012-05-12 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-27 00:03]
.
2012-05-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1933487718-2708253687-587168683-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-30 00:02]
.
2012-05-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1933487718-2708253687-587168683-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-30 00:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mail.xxx.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
Trusted Zone: linkshare.com\www
Trusted Zone: linksynergy.com\www
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\M xxxxxx\Application Data\Mozilla\Firefox\Profiles\ng9kayko.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://mail.xxx.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-=ntusbw32 - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-11 22:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(660)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1908)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
c:\program files\PC Connectivity Solution\ServiceLayer.exe
.
**************************************************************************
.
Completion time: 2012-05-11 22:50:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-12 05:50
ComboFix2.txt 2011-11-24 19:59
.
Pre-Run: 11,083,698,176 bytes free
Post-Run: 11,521,736,704 bytes free
.
- - End Of File - - 7E0601CB615AEAF25CF3E011D594C4B7

Edited by zooter, 12 May 2012 - 01:03 AM.

#5 CatByte

CatByte

    bleepin' tiger

  • Malware Response Team
  • PipPipPipPipPipPip
  • 13,466 posts
  • Gender:Not Telling
  • Location:Canada

Posted 12 May 2012 - 08:00 AM

Hi,

Did you create this folder yourself?

C:\lujen


Please do the following:


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System is found then ensure Delete is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

The help you receive here is free. If you wish to show your appreciation, then you may Posted Image
Microsoft MVP - 2010, 2011, 2012

#6 zooter

zooter

    Forum Regular

  • Members
  • PipPipPip
  • 242 posts

Posted 12 May 2012 - 10:35 AM

Hello yes I did create that one. Is there something bad in there that shouldnt be?
ok
here is the log
08:36:49.0875 3548 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
08:36:50.0406 3548 ============================================================
08:36:50.0406 3548 Current date / time: 2012/05/12 08:36:50.0406
08:36:50.0406 3548 SystemInfo:
08:36:50.0406 3548
08:36:50.0406 3548 OS Version: 5.1.2600 ServicePack: 3.0
08:36:50.0406 3548 Product type: Workstation
08:36:50.0406 3548 ComputerName: xxxxxx
08:36:50.0406 3548 UserName: M xxxxxx
08:36:50.0406 3548 Windows directory: C:\WINDOWS
08:36:50.0406 3548 System windows directory: C:\WINDOWS
08:36:50.0406 3548 Processor architecture: Intel x86
08:36:50.0406 3548 Number of processors: 2
08:36:50.0406 3548 Page size: 0x1000
08:36:50.0406 3548 Boot type: Normal boot
08:36:50.0406 3548 ============================================================
08:36:57.0015 3548 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:36:57.0062 3548 ============================================================
08:36:57.0062 3548 \Device\Harddisk0\DR0:
08:36:57.0062 3548 MBR partitions:
08:36:57.0062 3548 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x666B5DD
08:36:57.0062 3548 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x667EFA2, BlocksNum 0x2536D3D
08:36:57.0062 3548 ============================================================
08:36:57.0156 3548 C: <-> \Device\Harddisk0\DR0\Partition0
08:36:57.0218 3548 D: <-> \Device\Harddisk0\DR0\Partition1
08:36:57.0296 3548 ============================================================
08:36:57.0296 3548 Initialize success
08:36:57.0296 3548 ============================================================
08:37:41.0984 2788 ============================================================
08:37:41.0984 2788 Scan started
08:37:41.0984 2788 Mode: Manual; TDLFS;
08:37:41.0984 2788 ============================================================
08:37:42.0765 2788 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
08:37:42.0796 2788 !SASCORE - ok
08:37:43.0125 2788 Abiosdsk - ok
08:37:43.0187 2788 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
08:37:43.0187 2788 abp480n5 - ok
08:37:43.0281 2788 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:37:43.0328 2788 ACPI - ok
08:37:43.0359 2788 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:37:43.0359 2788 ACPIEC - ok
08:37:43.0500 2788 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:37:43.0578 2788 AdobeFlashPlayerUpdateSvc - ok
08:37:43.0625 2788 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
08:37:43.0640 2788 adpu160m - ok
08:37:43.0718 2788 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:37:43.0796 2788 aec - ok
08:37:43.0875 2788 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:37:43.0937 2788 AFD - ok
08:37:44.0046 2788 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
08:37:44.0125 2788 agp440 - ok
08:37:44.0234 2788 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
08:37:44.0250 2788 agpCPQ - ok
08:37:44.0359 2788 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
08:37:44.0359 2788 Aha154x - ok
08:37:44.0390 2788 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
08:37:44.0390 2788 aic78u2 - ok
08:37:44.0421 2788 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
08:37:44.0421 2788 aic78xx - ok
08:37:44.0468 2788 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
08:37:44.0468 2788 Alerter - ok
08:37:44.0515 2788 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
08:37:44.0531 2788 ALG - ok
08:37:44.0531 2788 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
08:37:44.0531 2788 AliIde - ok
08:37:44.0578 2788 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
08:37:44.0593 2788 alim1541 - ok
08:37:44.0609 2788 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
08:37:44.0625 2788 amdagp - ok
08:37:44.0656 2788 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
08:37:44.0656 2788 amsint - ok
08:37:44.0734 2788 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
08:37:44.0781 2788 AppMgmt - ok
08:37:44.0812 2788 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
08:37:44.0828 2788 asc - ok
08:37:44.0875 2788 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
08:37:44.0890 2788 asc3350p - ok
08:37:44.0890 2788 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
08:37:44.0890 2788 asc3550 - ok
08:37:45.0046 2788 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:37:45.0140 2788 aspnet_state - ok
08:37:45.0187 2788 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:37:45.0187 2788 AsyncMac - ok
08:37:45.0265 2788 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:37:45.0265 2788 atapi - ok
08:37:45.0265 2788 Atdisk - ok
08:37:45.0312 2788 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:37:45.0359 2788 Atmarpc - ok
08:37:45.0406 2788 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
08:37:45.0421 2788 AudioSrv - ok
08:37:45.0468 2788 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:37:45.0468 2788 audstub - ok
08:37:45.0484 2788 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:37:45.0484 2788 Beep - ok
08:37:45.0671 2788 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
08:37:45.0843 2788 BITS - ok
08:37:46.0078 2788 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
08:37:46.0171 2788 Bonjour Service - ok
08:37:46.0234 2788 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
08:37:46.0250 2788 Browser - ok
08:37:46.0265 2788 bvrp_pci - ok
08:37:46.0500 2788 CamdDriverV32 (eb6e7f3f1f5ed65c3afdc0ea9cd24a72) C:\WINDOWS\system32\drivers\CamdDriverV32.sys
08:37:46.0656 2788 CamdDriverV32 - ok
08:37:46.0687 2788 CamdVideo32 (cdd8b9ba186874f11618ff4b835fad75) C:\WINDOWS\system32\DRIVERS\CamdVideo32.sys
08:37:46.0687 2788 CamdVideo32 - ok
08:37:46.0687 2788 catchme - ok
08:37:46.0734 2788 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
08:37:46.0750 2788 cbidf - ok
08:37:46.0750 2788 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:37:46.0750 2788 cbidf2k - ok
08:37:46.0796 2788 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:37:46.0796 2788 CCDECODE - ok
08:37:46.0828 2788 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
08:37:46.0828 2788 cd20xrnt - ok
08:37:46.0859 2788 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:37:46.0875 2788 Cdaudio - ok
08:37:46.0921 2788 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:37:46.0937 2788 Cdfs - ok
08:37:46.0968 2788 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:37:46.0984 2788 Cdrom - ok
08:37:47.0000 2788 Changer - ok
08:37:47.0031 2788 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
08:37:47.0031 2788 CiSvc - ok
08:37:47.0046 2788 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
08:37:47.0062 2788 ClipSrv - ok
08:37:47.0218 2788 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:37:47.0421 2788 clr_optimization_v2.0.50727_32 - ok
08:37:47.0453 2788 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
08:37:47.0453 2788 CmdIde - ok
08:37:47.0468 2788 COMSysApp - ok
08:37:47.0484 2788 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
08:37:47.0484 2788 Cpqarray - ok
08:37:47.0531 2788 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
08:37:47.0562 2788 CryptSvc - ok
08:37:47.0593 2788 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
08:37:47.0609 2788 dac2w2k - ok
08:37:47.0656 2788 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
08:37:47.0656 2788 dac960nt - ok
08:37:47.0812 2788 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
08:37:47.0921 2788 DcomLaunch - ok
08:37:47.0984 2788 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
08:37:48.0015 2788 Dhcp - ok
08:37:48.0046 2788 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:37:48.0062 2788 Disk - ok
08:37:48.0125 2788 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
08:37:48.0140 2788 DLABOIOM - ok
08:37:48.0140 2788 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
08:37:48.0140 2788 DLACDBHM - ok
08:37:48.0156 2788 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
08:37:48.0156 2788 DLADResN - ok
08:37:48.0187 2788 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
08:37:48.0218 2788 DLAIFS_M - ok
08:37:48.0234 2788 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
08:37:48.0234 2788 DLAOPIOM - ok
08:37:48.0250 2788 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
08:37:48.0250 2788 DLAPoolM - ok
08:37:48.0265 2788 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
08:37:48.0265 2788 DLARTL_N - ok
08:37:48.0312 2788 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
08:37:48.0343 2788 DLAUDFAM - ok
08:37:48.0375 2788 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
08:37:48.0390 2788 DLAUDF_M - ok
08:37:48.0390 2788 dlcf_device - ok
08:37:48.0406 2788 dmadmin - ok
08:37:48.0671 2788 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:37:48.0890 2788 dmboot - ok
08:37:48.0953 2788 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:37:49.0000 2788 dmio - ok
08:37:49.0031 2788 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:37:49.0046 2788 dmload - ok
08:37:49.0093 2788 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
08:37:49.0109 2788 dmserver - ok
08:37:49.0125 2788 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:37:49.0140 2788 DMusic - ok
08:37:49.0187 2788 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
08:37:49.0203 2788 Dnscache - ok
08:37:49.0281 2788 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
08:37:49.0312 2788 Dot3svc - ok
08:37:49.0343 2788 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
08:37:49.0343 2788 dpti2o - ok
08:37:49.0390 2788 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:37:49.0390 2788 drmkaud - ok
08:37:49.0453 2788 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
08:37:49.0484 2788 DRVMCDB - ok
08:37:49.0500 2788 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
08:37:49.0515 2788 DRVNDDM - ok
08:37:49.0656 2788 DSBrokerService (fe80901578e7e3da70299a5aeb2b7fbd) C:\Program Files\DellSupport\brkrsvc.exe
08:37:49.0671 2788 DSBrokerService - ok
08:37:49.0734 2788 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
08:37:49.0734 2788 DSproct - ok
08:37:49.0750 2788 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
08:37:49.0750 2788 dsunidrv - ok
08:37:49.0859 2788 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
08:37:49.0890 2788 E100B - ok
08:37:49.0937 2788 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
08:37:49.0953 2788 EapHost - ok
08:37:50.0093 2788 ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe
08:37:50.0171 2788 ehRecvr - ok
08:37:50.0203 2788 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
08:37:50.0234 2788 ehSched - ok
08:37:50.0281 2788 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
08:37:50.0281 2788 ERSvc - ok
08:37:50.0328 2788 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:37:50.0359 2788 Eventlog - ok
08:37:50.0484 2788 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
08:37:50.0546 2788 EventSystem - ok
08:37:50.0609 2788 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:37:50.0640 2788 Fastfat - ok
08:37:50.0718 2788 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:37:50.0781 2788 FastUserSwitchingCompatibility - ok
08:37:50.0906 2788 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
08:37:50.0968 2788 Fax - ok
08:37:51.0015 2788 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
08:37:51.0015 2788 Fdc - ok
08:37:51.0078 2788 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:37:51.0093 2788 Fips - ok
08:37:51.0390 2788 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:37:51.0578 2788 FLEXnet Licensing Service - ok
08:37:51.0609 2788 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:37:51.0609 2788 Flpydisk - ok
08:37:51.0687 2788 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
08:37:51.0718 2788 FltMgr - ok
08:37:51.0843 2788 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:37:51.0859 2788 FontCache3.0.0.0 - ok
08:37:51.0906 2788 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:37:51.0906 2788 Fs_Rec - ok
08:37:51.0968 2788 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:37:52.0000 2788 Ftdisk - ok
08:37:52.0031 2788 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:37:52.0062 2788 Gpc - ok
08:37:52.0109 2788 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:37:52.0156 2788 HDAudBus - ok
08:37:52.0312 2788 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:37:52.0328 2788 helpsvc - ok
08:37:52.0390 2788 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
08:37:52.0406 2788 HidServ - ok
08:37:52.0484 2788 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:37:52.0484 2788 HidUsb - ok
08:37:52.0796 2788 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
08:37:52.0828 2788 hkmsvc - ok
08:37:52.0921 2788 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
08:37:52.0937 2788 hpn - ok
08:37:53.0218 2788 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
08:37:53.0312 2788 HSFHWBS2 - ok
08:37:54.0015 2788 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
08:37:54.0562 2788 HSF_DP - ok
08:37:55.0046 2788 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:37:55.0250 2788 HTTP - ok
08:37:55.0296 2788 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
08:37:55.0312 2788 HTTPFilter - ok
08:37:55.0359 2788 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
08:37:55.0375 2788 i2omgmt - ok
08:37:55.0453 2788 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
08:37:55.0453 2788 i2omp - ok
08:37:55.0500 2788 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:37:55.0515 2788 i8042prt - ok
08:38:05.0843 2788 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
08:38:06.0218 2788 ialm - ok
08:38:06.0359 2788 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
08:38:06.0375 2788 IDriverT - ok
08:38:06.0906 2788 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:38:07.0234 2788 idsvc - ok
08:38:07.0468 2788 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:38:07.0484 2788 Imapi - ok
08:38:07.0562 2788 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
08:38:07.0609 2788 ImapiService - ok
08:38:07.0640 2788 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
08:38:07.0656 2788 ini910u - ok
08:38:07.0671 2788 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
08:38:07.0671 2788 IntelIde - ok
08:38:07.0703 2788 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:38:07.0703 2788 intelppm - ok
08:38:07.0718 2788 intelusb3 - ok
08:38:07.0750 2788 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
08:38:07.0765 2788 Ip6Fw - ok
08:38:07.0781 2788 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:38:07.0796 2788 IpFilterDriver - ok
08:38:07.0812 2788 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:38:07.0828 2788 IpInIp - ok
08:38:07.0890 2788 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:38:07.0937 2788 IpNat - ok
08:38:08.0156 2788 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:38:08.0234 2788 IPSec - ok
08:38:08.0312 2788 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:38:08.0328 2788 IRENUM - ok
08:38:08.0406 2788 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:38:08.0421 2788 isapnp - ok
08:38:08.0687 2788 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
08:38:08.0718 2788 JavaQuickStarterService - ok
08:38:08.0750 2788 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:38:08.0765 2788 Kbdclass - ok
08:38:08.0781 2788 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:38:08.0796 2788 kbdhid - ok
08:38:08.0859 2788 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:38:08.0906 2788 kmixer - ok
08:38:08.0953 2788 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:38:08.0984 2788 KSecDD - ok
08:38:09.0046 2788 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
08:38:09.0078 2788 lanmanserver - ok
08:38:09.0140 2788 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
08:38:09.0187 2788 lanmanworkstation - ok
08:38:09.0187 2788 lbrtfdc - ok
08:38:09.0203 2788 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
08:38:09.0218 2788 LmHosts - ok
08:38:09.0265 2788 Macromedia Licensing Service (d5ba9b816afef5292fe13c9a6267b6ab) C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
08:38:09.0281 2788 Macromedia Licensing Service - ok
08:38:09.0390 2788 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
08:38:09.0421 2788 McrdSvc - ok
08:38:09.0453 2788 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
08:38:09.0453 2788 mdmxsdk - ok
08:38:09.0562 2788 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
08:38:09.0578 2788 Messenger - ok
08:38:09.0640 2788 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
08:38:09.0640 2788 mferkdk - ok
08:38:09.0687 2788 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
08:38:09.0703 2788 mfesmfk - ok
08:38:09.0750 2788 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
08:38:09.0765 2788 MHN - ok
08:38:09.0781 2788 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
08:38:09.0781 2788 MHNDRV - ok
08:38:09.0812 2788 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:38:09.0812 2788 mnmdd - ok
08:38:09.0859 2788 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
08:38:09.0875 2788 mnmsrvc - ok
08:38:09.0906 2788 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:38:09.0921 2788 Modem - ok
08:38:09.0953 2788 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
08:38:09.0953 2788 MODEMCSA - ok
08:38:09.0968 2788 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:38:09.0984 2788 Mouclass - ok
08:38:10.0015 2788 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:38:10.0015 2788 mouhid - ok
08:38:10.0046 2788 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:38:10.0046 2788 MountMgr - ok
08:38:10.0125 2788 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:38:10.0171 2788 MozillaMaintenance - ok
08:38:10.0250 2788 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
08:38:10.0312 2788 MpFilter - ok
08:38:10.0390 2788 MR97310_USB_DUAL_CAMERA (1aae79a4176a957bf2bb679812f04655) C:\WINDOWS\system32\DRIVERS\mr97310c.sys
08:38:10.0453 2788 MR97310_USB_DUAL_CAMERA - ok
08:38:10.0500 2788 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
08:38:10.0515 2788 mraid35x - ok
08:38:10.0609 2788 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:38:10.0656 2788 MRxDAV - ok
08:38:10.0812 2788 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:38:10.0937 2788 MRxSmb - ok
08:38:11.0015 2788 MSCSPTISRV (3421b35e19f63c0e6bb326aaf59e4634) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
08:38:11.0046 2788 MSCSPTISRV - ok
08:38:11.0078 2788 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
08:38:11.0078 2788 MSDTC - ok
08:38:11.0093 2788 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:38:11.0109 2788 Msfs - ok
08:38:11.0109 2788 MSIServer - ok
08:38:11.0515 2788 MskService (c9ea2dd66e3afeb9094ec73ebe9e16d9) C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
08:38:11.0781 2788 MskService - ok
08:38:11.0843 2788 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:38:11.0843 2788 MSKSSRV - ok
08:38:11.0890 2788 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
08:38:11.0890 2788 MsMpSvc - ok
08:38:11.0906 2788 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:38:11.0906 2788 MSPCLOCK - ok
08:38:11.0937 2788 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:38:11.0937 2788 MSPQM - ok
08:38:11.0968 2788 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:38:11.0984 2788 mssmbios - ok
08:38:12.0000 2788 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
08:38:12.0015 2788 MSTEE - ok
08:38:12.0062 2788 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:38:12.0093 2788 Mup - ok
08:38:12.0171 2788 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
08:38:12.0203 2788 NABTSFEC - ok
08:38:12.0328 2788 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
08:38:12.0406 2788 napagent - ok
08:38:12.0500 2788 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:38:12.0546 2788 NDIS - ok
08:38:12.0578 2788 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
08:38:12.0593 2788 NdisIP - ok
08:38:12.0625 2788 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:38:12.0625 2788 NdisTapi - ok
08:38:12.0640 2788 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:38:12.0656 2788 Ndisuio - ok
08:38:12.0687 2788 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:38:12.0718 2788 NdisWan - ok
08:38:12.0765 2788 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:38:12.0781 2788 NDProxy - ok
08:38:12.0796 2788 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:38:12.0828 2788 NetBIOS - ok
08:38:12.0890 2788 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:38:12.0937 2788 NetBT - ok
08:38:13.0015 2788 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:38:13.0046 2788 NetDDE - ok
08:38:13.0046 2788 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:38:13.0046 2788 NetDDEdsdm - ok
08:38:13.0093 2788 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:38:13.0093 2788 Netlogon - ok
08:38:13.0156 2788 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
08:38:13.0218 2788 Netman - ok
08:38:13.0375 2788 NetSvc (9da26b773bd04b867a8e9f427cd048fc) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
08:38:13.0406 2788 NetSvc - ok
08:38:13.0546 2788 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:38:13.0593 2788 NetTcpPortSharing - ok
08:38:13.0687 2788 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
08:38:13.0765 2788 Nla - ok
08:38:13.0812 2788 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:38:13.0828 2788 Npfs - ok
08:38:14.0031 2788 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:38:14.0203 2788 Ntfs - ok
08:38:14.0250 2788 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:38:14.0250 2788 NtLmSsp - ok
08:38:14.0406 2788 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
08:38:14.0531 2788 NtmsSvc - ok
08:38:14.0578 2788 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:38:14.0578 2788 Null - ok
08:38:15.0000 2788 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:38:15.0359 2788 nv - ok
08:38:15.0421 2788 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:38:15.0421 2788 NwlnkFlt - ok
08:38:15.0437 2788 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:38:15.0453 2788 NwlnkFwd - ok
08:38:15.0593 2788 PACSPTISVR (3a5dcd91483821e4cf3cf294dab6e56b) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
08:38:15.0609 2788 PACSPTISVR - ok
08:38:15.0687 2788 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
08:38:15.0703 2788 Parport - ok
08:38:15.0734 2788 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:38:15.0750 2788 PartMgr - ok
08:38:15.0781 2788 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:38:15.0781 2788 ParVdm - ok
08:38:15.0828 2788 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:38:15.0859 2788 PCI - ok
08:38:15.0859 2788 PCIDump - ok
08:38:15.0859 2788 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:38:15.0875 2788 PCIIde - ok
08:38:15.0921 2788 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:38:15.0953 2788 Pcmcia - ok
08:38:15.0968 2788 PDCOMP - ok
08:38:15.0968 2788 PDFRAME - ok
08:38:15.0968 2788 PDRELI - ok
08:38:15.0984 2788 PDRFRAME - ok
08:38:16.0000 2788 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
08:38:16.0000 2788 perc2 - ok
08:38:16.0046 2788 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
08:38:16.0062 2788 perc2hib - ok
08:38:16.0140 2788 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:38:16.0140 2788 PlugPlay - ok
08:38:16.0171 2788 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:38:16.0171 2788 PolicyAgent - ok
08:38:16.0218 2788 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:38:16.0234 2788 PptpMiniport - ok
08:38:16.0250 2788 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:38:16.0250 2788 ProtectedStorage - ok
08:38:16.0281 2788 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:38:16.0296 2788 PSched - ok
08:38:16.0343 2788 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:38:16.0343 2788 Ptilink - ok
08:38:16.0390 2788 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:38:16.0406 2788 PxHelp20 - ok
08:38:16.0453 2788 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
08:38:16.0484 2788 ql1080 - ok
08:38:16.0515 2788 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
08:38:16.0531 2788 Ql10wnt - ok
08:38:16.0625 2788 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
08:38:16.0640 2788 ql12160 - ok
08:38:16.0671 2788 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
08:38:16.0687 2788 ql1240 - ok
08:38:16.0718 2788 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
08:38:16.0718 2788 ql1280 - ok
08:38:16.0750 2788 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:38:16.0750 2788 RasAcd - ok
08:38:16.0812 2788 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
08:38:16.0843 2788 RasAuto - ok
08:38:16.0875 2788 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:38:16.0890 2788 Rasl2tp - ok
08:38:16.0984 2788 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
08:38:17.0031 2788 RasMan - ok
08:38:17.0046 2788 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:38:17.0062 2788 RasPppoe - ok
08:38:17.0078 2788 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:38:17.0093 2788 Raspti - ok
08:38:17.0156 2788 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:38:17.0203 2788 Rdbss - ok
08:38:17.0218 2788 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:38:17.0218 2788 RDPCDD - ok
08:38:17.0281 2788 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:38:17.0343 2788 rdpdr - ok
08:38:17.0437 2788 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
08:38:17.0484 2788 RDPWD - ok
08:38:17.0625 2788 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
08:38:17.0671 2788 RDSessMgr - ok
08:38:17.0718 2788 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:38:17.0734 2788 redbook - ok
08:38:17.0796 2788 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
08:38:17.0812 2788 RemoteAccess - ok
08:38:17.0859 2788 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
08:38:17.0890 2788 RemoteRegistry - ok
08:38:17.0937 2788 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
08:38:17.0953 2788 RpcLocator - ok
08:38:18.0109 2788 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
08:38:18.0109 2788 RpcSs - ok
08:38:18.0187 2788 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
08:38:18.0218 2788 RSVP - ok
08:38:18.0250 2788 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:38:18.0250 2788 SamSs - ok
08:38:18.0406 2788 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
08:38:18.0406 2788 SASDIFSV - ok
08:38:18.0484 2788 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
08:38:18.0500 2788 SASKUTIL - ok
08:38:18.0546 2788 SbcpHid (30d94039a729571146eb9d736ec1aadd) C:\WINDOWS\system32\Drivers\SbcpHid.sys
08:38:18.0562 2788 SbcpHid - ok
08:38:18.0625 2788 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
08:38:18.0656 2788 SCardSvr - ok
08:38:18.0734 2788 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
08:38:18.0796 2788 Schedule - ok
08:38:18.0828 2788 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:38:18.0843 2788 Secdrv - ok
08:38:18.0875 2788 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
08:38:18.0875 2788 seclogon - ok
08:38:18.0906 2788 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
08:38:18.0921 2788 SENS - ok
08:38:18.0968 2788 Ser2pl (2ec41a96d0dc98bd119bf325e0b9f392) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
08:38:18.0968 2788 Ser2pl - ok
08:38:19.0031 2788 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
08:38:19.0031 2788 serenum - ok
08:38:19.0078 2788 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
08:38:19.0093 2788 Serial - ok
08:38:19.0203 2788 ServiceLayer (4d4061cd5789f0742733fb5d8d9988a8) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
08:38:19.0265 2788 ServiceLayer - ok
08:38:19.0281 2788 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:38:19.0296 2788 Sfloppy - ok
08:38:19.0421 2788 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
08:38:19.0531 2788 SharedAccess - ok
08:38:19.0609 2788 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:38:19.0609 2788 ShellHWDetection - ok
08:38:19.0625 2788 Simbad - ok
08:38:19.0703 2788 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
08:38:19.0750 2788 sisagp - ok
08:38:19.0828 2788 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
08:38:19.0828 2788 SLIP - ok
08:38:19.0875 2788 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
08:38:19.0875 2788 SONYPVU1 - ok
08:38:19.0890 2788 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
08:38:19.0906 2788 Sparrow - ok
08:38:19.0921 2788 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:38:19.0921 2788 splitter - ok
08:38:19.0984 2788 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
08:38:20.0000 2788 Spooler - ok
08:38:20.0078 2788 SPTISRV (09eedfd8e748dcfd742ec37638c99a59) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
08:38:20.0093 2788 SPTISRV - ok
08:38:20.0156 2788 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:38:20.0171 2788 sr - ok
08:38:20.0265 2788 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
08:38:20.0312 2788 srservice - ok
08:38:20.0437 2788 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:38:20.0546 2788 Srv - ok
08:38:20.0609 2788 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
08:38:20.0640 2788 SSDPSRV - ok
08:38:20.0687 2788 SSScsiSV (f5e903dc33898d1c8a15626bd1964de3) C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
08:38:20.0703 2788 SSScsiSV - ok
08:38:21.0062 2788 STHDA (0aa91bbe468b3f46072091f18003ecaa) C:\WINDOWS\system32\drivers\sthda.sys
08:38:21.0359 2788 STHDA - ok
08:38:21.0531 2788 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
08:38:21.0656 2788 stisvc - ok
08:38:21.0781 2788 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
08:38:21.0796 2788 streamip - ok
08:38:21.0859 2788 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:38:21.0859 2788 swenum - ok
08:38:21.0921 2788 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:38:21.0937 2788 swmidi - ok
08:38:21.0968 2788 SwPrv - ok
08:38:22.0015 2788 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
08:38:22.0015 2788 symc810 - ok
08:38:22.0031 2788 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
08:38:22.0031 2788 symc8xx - ok
08:38:22.0046 2788 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
08:38:22.0062 2788 sym_hi - ok
08:38:22.0078 2788 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
08:38:22.0093 2788 sym_u3 - ok
08:38:22.0125 2788 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:38:22.0156 2788 sysaudio - ok
08:38:22.0203 2788 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
08:38:22.0234 2788 SysmonLog - ok
08:38:22.0328 2788 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
08:38:22.0406 2788 TapiSrv - ok
08:38:22.0546 2788 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:38:22.0640 2788 Tcpip - ok
08:38:22.0687 2788 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:38:22.0703 2788 TDPIPE - ok
08:38:22.0718 2788 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:38:22.0718 2788 TDTCP - ok
08:38:22.0765 2788 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:38:22.0781 2788 TermDD - ok
08:38:22.0890 2788 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
08:38:22.0968 2788 TermService - ok
08:38:23.0046 2788 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:38:23.0046 2788 Themes - ok
08:38:23.0093 2788 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
08:38:23.0125 2788 TlntSvr - ok
08:38:23.0156 2788 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
08:38:23.0156 2788 TosIde - ok
08:38:23.0218 2788 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
08:38:23.0250 2788 TrkWks - ok
08:38:23.0296 2788 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:38:23.0343 2788 Udfs - ok
08:38:23.0375 2788 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
08:38:23.0375 2788 ultra - ok
08:38:23.0546 2788 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:38:23.0656 2788 Update - ok
08:38:23.0718 2788 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
08:38:23.0781 2788 upnphost - ok
08:38:23.0796 2788 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
08:38:23.0796 2788 UPS - ok
08:38:23.0828 2788 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:38:23.0843 2788 usbccgp - ok
08:38:23.0859 2788 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:38:23.0875 2788 usbehci - ok
08:38:23.0906 2788 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:38:23.0921 2788 usbhub - ok
08:38:23.0953 2788 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:38:23.0968 2788 usbprint - ok
08:38:24.0000 2788 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:38:24.0000 2788 USBSTOR - ok
08:38:24.0031 2788 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:38:24.0031 2788 usbuhci - ok
08:38:24.0062 2788 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:38:24.0062 2788 VgaSave - ok
08:38:24.0109 2788 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
08:38:24.0125 2788 viaagp - ok
08:38:24.0125 2788 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
08:38:24.0125 2788 ViaIde - ok
08:38:24.0187 2788 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:38:24.0203 2788 VolSnap - ok
08:38:24.0312 2788 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
08:38:24.0390 2788 VSS - ok
08:38:24.0468 2788 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
08:38:24.0515 2788 w32time - ok
08:38:24.0671 2788 wampapache (375640f39f2d613b6fdcf8c2f956205a) c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
08:38:24.0687 2788 wampapache - ok
08:38:24.0750 2788 wampmysqld - ok
08:38:24.0781 2788 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:38:24.0796 2788 Wanarp - ok
08:38:24.0796 2788 wanatw - ok
08:38:24.0828 2788 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
08:38:24.0843 2788 WDC_SAM - ok
08:38:24.0843 2788 WDICA - ok
08:38:24.0906 2788 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:38:24.0937 2788 wdmaud - ok
08:38:24.0984 2788 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
08:38:25.0015 2788 WebClient - ok
08:38:25.0250 2788 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
08:38:25.0453 2788 winachsf - ok
08:38:25.0593 2788 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
08:38:25.0640 2788 winmgmt - ok
08:38:25.0687 2788 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
08:38:25.0703 2788 WmdmPmSN - ok
08:38:25.0921 2788 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
08:38:26.0093 2788 Wmi - ok
08:38:26.0140 2788 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:38:26.0171 2788 WmiApSrv - ok
08:38:26.0921 2788 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
08:38:27.0328 2788 WMPNetworkSvc - ok
08:38:27.0500 2788 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
08:38:27.0546 2788 WpdUsb - ok
08:38:27.0640 2788 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:38:27.0656 2788 WS2IFSL - ok
08:38:27.0828 2788 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
08:38:27.0890 2788 wscsvc - ok
08:38:27.0937 2788 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
08:38:27.0953 2788 WSTCODEC - ok
08:38:27.0984 2788 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
08:38:27.0984 2788 wuauserv - ok
08:38:28.0062 2788 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:38:28.0078 2788 WudfPf - ok
08:38:28.0156 2788 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:38:28.0171 2788 WudfRd - ok
08:38:28.0203 2788 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
08:38:28.0218 2788 WudfSvc - ok
08:38:28.0406 2788 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
08:38:28.0546 2788 WZCSVC - ok
08:38:28.0703 2788 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
08:38:28.0734 2788 xmlprov - ok
08:38:29.0078 2788 YahooAUService (174ecb9a04d1b9b4baa95f050a93d8ac) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
08:38:29.0250 2788 YahooAUService - ok
08:38:29.0281 2788 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
08:38:29.0406 2788 \Device\Harddisk0\DR0 - ok
08:38:29.0437 2788 Boot (0x1200) (9ce426db20431de6fdbeb5f556284148) \Device\Harddisk0\DR0\Partition0
08:38:29.0437 2788 \Device\Harddisk0\DR0\Partition0 - ok
08:38:29.0468 2788 Boot (0x1200) (73469003bce0972dfc8edda707c6b99c) \Device\Harddisk0\DR0\Partition1
08:38:29.0468 2788 \Device\Harddisk0\DR0\Partition1 - ok
08:38:29.0468 2788 ============================================================
08:38:29.0468 2788 Scan finished
08:38:29.0468 2788 ============================================================
08:38:29.0484 2780 Detected object count: 0
08:38:29.0484 2780 Actual detected object count: 0

Edited by zooter, 12 May 2012 - 10:46 AM.

#7 zooter

zooter

    Forum Regular

  • Members
  • PipPipPip
  • 242 posts

Posted 12 May 2012 - 10:47 AM

Am I leaving the firewall off and real time protection off still?
Thanks

#8 CatByte

CatByte

    bleepin' tiger

  • Malware Response Team
  • PipPipPipPipPipPip
  • 13,466 posts
  • Gender:Not Telling
  • Location:Canada

Posted 12 May 2012 - 11:25 AM

you can turn it back on until you do a scan then turn it back off,

there's nothing wrong with the folder as long as it was something that you created yourself, I just didn't recognize it as a "normal" folder.

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

The help you receive here is free. If you wish to show your appreciation, then you may Posted Image
Microsoft MVP - 2010, 2011, 2012

#9 zooter

zooter

    Forum Regular

  • Members
  • PipPipPip
  • 242 posts

Posted 12 May 2012 - 11:58 AM

here is the MBAM log
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.12.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
M xxxxxx :: xxxxxxx [administrator]

5/12/2012 9:35:04 AM
mbam-log-2012-05-12 (09-35-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 241556
Time elapsed: 13 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

I cant get the ESET to run in IE
when i open in firefox it says
You are trying to launch ESET Online Scanner in a different browser than Internet Explorer. Please agree to the download of ESET Smart Installer - an application which installs and launches ESET Online Scanner in a separate window. At the end of the scan, there will be an option to uninstall ESET Online Scanner and all its components.

To download ESET Smart Installer click the link below.

esetsmartinstaller_enu.exe

After successful installation of ESET Smart Installer is ESET Online Scanner launched in a new window.

should I do that?

Edited by zooter, 12 May 2012 - 12:03 PM.

#10 CatByte

CatByte

    bleepin' tiger

  • Malware Response Team
  • PipPipPipPipPipPip
  • 13,466 posts
  • Gender:Not Telling
  • Location:Canada

Posted 12 May 2012 - 02:18 PM

yes, please do

you can uninstall it when it is finished
The help you receive here is free. If you wish to show your appreciation, then you may Posted Image
Microsoft MVP - 2010, 2011, 2012

#11 zooter

zooter

    Forum Regular

  • Members
  • PipPipPip
  • 242 posts

Posted 12 May 2012 - 03:44 PM

ok i ran that scan and it said no threats found
didnt allow me to export anything

#12 CatByte

CatByte

    bleepin' tiger

  • Malware Response Team
  • PipPipPipPipPipPip
  • 13,466 posts
  • Gender:Not Telling
  • Location:Canada

Posted 12 May 2012 - 04:19 PM

Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Posted Image Your Java is out of date.

Uninstall Java version 6 update 31 from add/remove programs (as well as any old versions that may be installed still) and download Java version 7 from here:

http://www.java.com/en/download/inc/windows_upgrade_xpi.jsp

please advise how the computer is running now and if there are any outstanding issues

please re-run GMER, post the resulting log
The help you receive here is free. If you wish to show your appreciation, then you may Posted Image
Microsoft MVP - 2010, 2011, 2012

#13 zooter

zooter

    Forum Regular

  • Members
  • PipPipPip
  • 242 posts

Posted 12 May 2012 - 04:52 PM

should I uninstall the old Acrobat Reader before installing version 10?

#14 CatByte

CatByte

    bleepin' tiger

  • Malware Response Team
  • PipPipPipPipPipPip
  • 13,466 posts
  • Gender:Not Telling
  • Location:Canada

Posted 12 May 2012 - 05:22 PM

Yes, thanks
The help you receive here is free. If you wish to show your appreciation, then you may Posted Image
Microsoft MVP - 2010, 2011, 2012

#15 zooter

zooter

    Forum Regular

  • Members
  • PipPipPip
  • 242 posts

Posted 12 May 2012 - 06:44 PM

ok running the GMER now
Back to Virus, Trojan, Spyware, and Malware Removal Logs


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Logs
  4. Privacy Policy
  5. Rules ·