Jump to content


 

Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows update, MS security essentials, and possible browser redirects

Started by Zalmus , Jul 09 2012 01:59 PM

  • This topic is locked This topic is locked
20 replies to this topic

#1 Zalmus

Zalmus

    New Member

  • Members
  • Pip
  • 10 posts

Posted 09 July 2012 - 01:59 PM

So I noticed my computer was having some redirect issues using Firefox and searching through google. I am running windows xp service pack 3.

I then attempted to use Microsoft Security Essentials which disappeared when i tried to mouse over the tray icon. I tried to restart MS security essentials, once it opens up it is in red status:PC at risk. If i click on start now it gives me the error "Couldn't start the security essentials service. error code 0x80070424"

I then used malwarebytes and it found trojan.happili, supposedly quarantined but I found it later on while in safemode using malwarebytes again.

I also ran HitmanPro which found a sirefec.fc, hitmanpro claims to have removed it.

I have used the microsoft support to restart the windows update, from this link (http://support.microsoft.com/kb/971058) the windows fixit to reset it will not run, so there is no windows update listed still in services.msc

If i try to go update.microsoft.com I am redirected to http://support.microsoft.com/kb/2497281 and cannot update.

In addition if i try to click on windows firewall from the control panel it says "Due to an unidentified problem, windows cannot display Windows Firewall settings." and does not run.

My attempts at fixing this are not working and any help would be appreciated.

Edited by Zalmus, 09 July 2012 - 02:02 PM.

 

  • BC Ads
  • BleepingComputer.com

#2 HelpBot

HelpBot

    Bleepin' Binary Bot

  • Bots
  • PipPipPipPipPipPip
  • 7,089 posts
  • Gender:Male

Posted 14 July 2012 - 02:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/459955 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Zalmus

Zalmus

    New Member

  • Members
  • Pip
  • 10 posts

Posted 14 July 2012 - 08:35 PM

I am still having issues with Microsoft security essentials and windows firewall not able to load. neither runs properly and i cannot start them. Here is my dds log & GMER log.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_32
Run by Patrick at 17:56:12 on 2012-07-14
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341783135421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{D4C2568D-4410-4B7E-A510-BB40DA7EE028} : DhcpNameServer = 75.75.76.76 75.75.75.75
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\patrick\application data\mozilla\firefox\profiles\9i4p4rhv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-07-09 17:51:59 27424 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-07-09 04:19:23 -------- d-----w- c:\documents and settings\patrick\local settings\application data\Secunia PSI
2012-07-09 04:18:52 -------- d-----w- c:\program files\Secunia
2012-07-09 04:17:26 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4f6ecaa8-a1b6-424f-89d1-62c879e18f54}\mpengine.dll
2012-07-09 04:15:40 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-09 03:41:46 -------- d-----w- c:\program files\HitmanPro
2012-07-08 21:47:17 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2012-07-08 21:37:09 -------- d-----w- c:\documents and settings\patrick\application data\ElevatedDiagnostics
.
==================== Find3M ====================
.
2012-07-07 19:25:08 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-07 19:25:08 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-04 21:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 16:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 16:23:08 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-11 16:23:07 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-11 16:23:07 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 17:57:33.46 ===============


here's is the GMER log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-14 21:34:39
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HD103SJ rev.1AJ10004
Running: vprvmqfc.exe; Driver: C:\DOCUME~1\Patrick\LOCALS~1\Temp\pwlyapob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6ADF3A0, 0x8A1A15, 0xE8000020]
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB69D3F80]
? C:\DOCUME~1\Patrick\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[2492] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0115FA35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2492] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 014007C5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2492] kernel32.dll!MapViewOfFile 7C80B9A5 5 Bytes JMP 0140079E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2492] GDI32.dll!CreateDIBSection 77F19E19 5 Bytes JMP 01400728 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Sftfsxp.sys (Microsoft Application Virtualization File System/Microsoft Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Patrick\Local Settings\Application Data\Mozilla\Firefox\Profiles\9i4p4rhv.default\Cache\2\03\DF37Bd01 0 bytes
File C:\Documents and Settings\Patrick\Local Settings\Application Data\Mozilla\Firefox\Profiles\9i4p4rhv.default\Cache\2\03\DF37Bm01 0 bytes
File C:\Documents and Settings\Patrick\Local Settings\Application Data\Mozilla\Firefox\Profiles\9i4p4rhv.default\Cache\2\0C\B1196m01 0 bytes

---- EOF - GMER 1.0.15 ----

Attached Files


#4 gringo_pr

gringo_pr

    Bleepin Gringo

  • Malware Response Team
  • PipPipPipPipPipPip
  • 121,082 posts
  • Gender:Male
  • Location:Puerto rico

Posted 14 July 2012 - 09:15 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

#5 Zalmus

Zalmus

    New Member

  • Members
  • Pip
  • 10 posts

Posted 14 July 2012 - 11:21 PM

Here is the security check result, when the program started and it says to press any key continue after pressing a key an error named "AutoIt Error" came up in the error it said "Line -1: Error: Variable must be of type "object". I hit ok and it seems to run fine here is the result. Will run combofix in a moment.

Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Microsoft Security Essentials
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 32
Java version out of Date!
Adobe Flash Player 11.3.300.262
Adobe Reader X (10.1.3)
Mozilla Firefox (13.0.1)
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 10%
````````````````````End of Log``````````````````````

#6 gringo_pr

gringo_pr

    Bleepin Gringo

  • Malware Response Team
  • PipPipPipPipPipPip
  • 121,082 posts
  • Gender:Male
  • Location:Puerto rico

Posted 14 July 2012 - 11:27 PM

ok I will be around when it is ready



gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

#7 Zalmus

Zalmus

    New Member

  • Members
  • Pip
  • 10 posts

Posted 14 July 2012 - 11:46 PM

Combox fix ran without a problem, as an update I still cannot load windows firewall or start microsoft security essentials and here is the log.

ComboFix 12-07-14.01 - Patrick 07/15/2012 0:29.1.2 - x86
Running from: c:\documents and settings\Patrick\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\system32\dllcache\dlimport.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-15 to 2012-07-15 )))))))))))))))))))))))))))))))
.
.
2012-07-09 17:51 . 2012-07-09 17:51 27424 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-07-09 04:49 . 2012-07-09 04:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2012-07-09 04:48 . 2012-07-09 04:48 -------- d-----w- c:\program files\ImgBurn
2012-07-09 04:19 . 2012-07-09 04:19 -------- d-----w- c:\documents and settings\Patrick\Local Settings\Application Data\Secunia PSI
2012-07-09 04:18 . 2012-07-09 04:18 -------- d-----w- c:\program files\Secunia
2012-07-09 04:17 . 2012-06-18 07:14 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4F6ECAA8-A1B6-424F-89D1-62C879E18F54}\mpengine.dll
2012-07-09 04:15 . 2012-07-09 04:15 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-09 03:41 . 2012-07-09 17:44 -------- d-----w- c:\program files\HitmanPro
2012-07-08 22:19 . 2012-07-08 22:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2012-07-08 21:47 . 2012-07-09 04:11 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-07-08 21:37 . 2012-07-08 21:37 -------- d-----w- c:\documents and settings\Patrick\Application Data\ElevatedDiagnostics
2012-07-07 20:19 . 2012-07-07 20:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-07 19:25 . 2012-04-14 05:39 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-07 19:25 . 2011-05-18 02:12 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-04 21:35 . 2012-05-11 15:07 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:19 . 2009-08-07 00:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2009-08-07 00:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2009-08-07 00:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2009-08-07 00:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2006-02-28 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2009-08-07 00:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18 . 2012-05-11 15:07 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2012-05-11 15:07 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 16:25 . 2012-05-11 05:59 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-31 13:22 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2006-02-28 12:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 16:23 . 2010-11-30 02:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-11 16:23 . 2012-05-11 16:23 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-11 16:23 . 2010-11-30 02:19 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-11 14:42 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2006-02-28 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2010-11-24 23:20 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-16 21:12 . 2012-04-03 16:54 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Intuit Data Protect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk
backup=c:\windows\pss\Intuit Data Protect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
backup=c:\windows\pss\QuickBooks_Standard_21.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-04-04 05:53 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2011-11-08 10:10 3295320 ----a-w- c:\documents and settings\Patrick\Local Settings\Application Data\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 11:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2011-06-14 12:18 1527128 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 22:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeachtreePrefetcher.exe]
2011-10-25 17:27 29512 ----a-r- c:\progra~1\Sage\PEACHT~1\PeachtreePrefetcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2012-05-18 05:05 9478320 ----a-w- c:\documents and settings\Patrick\Application Data\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2012-05-18 05:05 932528 ----a-w- c:\documents and settings\Patrick\Application Data\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-05-31 00:20 1242448 ----a-w- c:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zboard]
2009-06-04 23:56 57344 ----a-w- c:\program files\Ideazon\ZEngine\Zboard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"QBVSS"=2 (0x2)
"QBCFMonitorService"=2 (0x2)
"QBFCService"=3 (0x3)
"Peachtree SmartPosting 2011"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=3 (0x3)
"osppsvc"=3 (0x3)
"ose"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
.
R1 fxqmtuan;fxqmtuan;c:\windows\system32\drivers\fxqmtuan.sys [x]
R1 puyubunl;puyubunl;c:\windows\system32\drivers\puyubunl.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 hitmanpro36;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [x]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R4 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R4 Peachtree SmartPosting 2011;Peachtree SmartPosting 2011;c:\program files\Sage\Peachtree\SmartPostingService2011.exe [x]
R4 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [x]
S2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files\Pervasive Software\PSQL\bin\w3dbsmgr.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfsxp.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplayxp.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirxp.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolxp.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-28 20:02]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-28 20:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\documents and settings\Patrick\Application Data\Mozilla\Firefox\Profiles\9i4p4rhv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-08423615.sys
SafeBoot-Wdf01000.sys
SafeBoot-MsMpSvc
MSConfigStartUp-Adobe - c:\documents and settings\Patrick\Local Settings\Application Data\Akamai\Adobe\lcgfrabf.dll
MSConfigStartUp-avast5 - c:\program files\Alwil Software\Avast5\avastUI.exe
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-15 00:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1957994488-764733703-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:3e,b4,2d,03,b1,c8,3b,06,4c,44,1e,12,46,dc,3d,47,cf,47,a3,e0,b4,
cc,3d,f1,e7,14,2d,cc,13,da,9c,67,88,dc,88,ef,11,a0,ed,a7,cc,fa,26,de,84,65,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
Completion time: 2012-07-15 00:42:01
ComboFix-quarantined-files.txt 2012-07-15 04:41
.
Pre-Run: 762,594,553,856 bytes free
Post-Run: 764,348,809,216 bytes free
.
- - End Of File - - EB2D3A15E6C6A9D7B10393525F133819

#8 gringo_pr

gringo_pr

    Bleepin Gringo

  • Malware Response Team
  • PipPipPipPipPipPip
  • 121,082 posts
  • Gender:Male
  • Location:Puerto rico

Posted 14 July 2012 - 11:47 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

#9 Zalmus

Zalmus

    New Member

  • Members
  • Pip
  • 10 posts

Posted 15 July 2012 - 12:30 AM

Here are the logs you requested, they ran fine.


00:51:01.0718 1232 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
00:51:02.0031 1232 ============================================================
00:51:02.0031 1232 Current date / time: 2012/07/15 00:51:02.0031
00:51:02.0031 1232 SystemInfo:
00:51:02.0031 1232
00:51:02.0031 1232 OS Version: 5.1.2600 ServicePack: 3.0
00:51:02.0031 1232 Product type: Workstation
00:51:02.0031 1232 ComputerName: PATRICKS
00:51:02.0031 1232 UserName: Patrick
00:51:02.0031 1232 Windows directory: C:\WINDOWS
00:51:02.0031 1232 System windows directory: C:\WINDOWS
00:51:02.0046 1232 Processor architecture: Intel x86
00:51:02.0046 1232 Number of processors: 2
00:51:02.0046 1232 Page size: 0x1000
00:51:02.0046 1232 Boot type: Normal boot
00:51:02.0046 1232 ============================================================
00:51:03.0859 1232 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:51:03.0859 1232 ============================================================
00:51:03.0859 1232 \Device\Harddisk0\DR0:
00:51:03.0859 1232 MBR partitions:
00:51:03.0859 1232 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74701AC1
00:51:03.0859 1232 ============================================================
00:51:03.0890 1232 C: <-> \Device\Harddisk0\DR0\Partition0
00:51:03.0890 1232 ============================================================
00:51:03.0890 1232 Initialize success
00:51:03.0890 1232 ============================================================
00:51:11.0671 3448 ============================================================
00:51:11.0671 3448 Scan started
00:51:11.0671 3448 Mode: Manual;
00:51:11.0671 3448 ============================================================
00:51:12.0218 3448 Abiosdsk - ok
00:51:12.0218 3448 abp480n5 - ok
00:51:12.0265 3448 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:51:12.0265 3448 ACPI - ok
00:51:12.0296 3448 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:51:12.0296 3448 ACPIEC - ok
00:51:12.0312 3448 adpu160m - ok
00:51:12.0328 3448 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:51:12.0328 3448 aec - ok
00:51:12.0375 3448 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
00:51:12.0375 3448 AFD - ok
00:51:12.0375 3448 Aha154x - ok
00:51:12.0390 3448 aic78u2 - ok
00:51:12.0390 3448 aic78xx - ok
00:51:12.0421 3448 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
00:51:12.0421 3448 Alerter - ok
00:51:12.0437 3448 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
00:51:12.0437 3448 ALG - ok
00:51:12.0453 3448 AliIde - ok
00:51:12.0468 3448 Alpham1 (acd2f2df292b6cc28f58095bba63a068) C:\WINDOWS\system32\DRIVERS\Alpham1.sys
00:51:12.0468 3448 Alpham1 - ok
00:51:12.0500 3448 Alpham2 (f4fafb2e74b83a156408b1b02302799e) C:\WINDOWS\system32\DRIVERS\Alpham2.sys
00:51:12.0500 3448 Alpham2 - ok
00:51:12.0500 3448 amsint - ok
00:51:12.0609 3448 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:51:12.0609 3448 Apple Mobile Device - ok
00:51:12.0625 3448 AppMgmt - ok
00:51:12.0625 3448 asc - ok
00:51:12.0625 3448 asc3350p - ok
00:51:12.0640 3448 asc3550 - ok
00:51:12.0718 3448 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
00:51:12.0718 3448 aspnet_state - ok
00:51:12.0718 3448 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:51:12.0718 3448 AsyncMac - ok
00:51:12.0734 3448 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:51:12.0734 3448 atapi - ok
00:51:12.0734 3448 Atdisk - ok
00:51:12.0750 3448 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:51:12.0750 3448 Atmarpc - ok
00:51:12.0765 3448 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
00:51:12.0765 3448 AudioSrv - ok
00:51:12.0812 3448 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:51:12.0812 3448 audstub - ok
00:51:12.0843 3448 b57w2k (2acf06176b9d011567d7f25b83ddd066) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
00:51:12.0859 3448 b57w2k - ok
00:51:12.0890 3448 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:51:12.0890 3448 Beep - ok
00:51:12.0921 3448 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
00:51:12.0921 3448 BITS - ok
00:51:12.0937 3448 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
00:51:12.0937 3448 Browser - ok
00:51:13.0046 3448 catchme - ok
00:51:13.0046 3448 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:51:13.0046 3448 cbidf2k - ok
00:51:13.0046 3448 cd20xrnt - ok
00:51:13.0078 3448 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:51:13.0078 3448 Cdaudio - ok
00:51:13.0078 3448 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:51:13.0078 3448 Cdfs - ok
00:51:13.0109 3448 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:51:13.0109 3448 Cdrom - ok
00:51:13.0125 3448 Changer - ok
00:51:13.0125 3448 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
00:51:13.0125 3448 CiSvc - ok
00:51:13.0125 3448 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
00:51:13.0140 3448 ClipSrv - ok
00:51:13.0156 3448 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:51:13.0156 3448 clr_optimization_v2.0.50727_32 - ok
00:51:13.0171 3448 CmdIde - ok
00:51:13.0171 3448 COMSysApp - ok
00:51:13.0187 3448 Cpqarray - ok
00:51:13.0187 3448 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\WINDOWS\system32\drivers\cpuz135_x32.sys
00:51:13.0187 3448 cpuz135 - ok
00:51:13.0203 3448 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
00:51:13.0203 3448 CryptSvc - ok
00:51:13.0250 3448 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
00:51:13.0265 3448 cvhsvc - ok
00:51:13.0265 3448 dac2w2k - ok
00:51:13.0265 3448 dac960nt - ok
00:51:13.0343 3448 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
00:51:13.0343 3448 DcomLaunch - ok
00:51:13.0359 3448 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
00:51:13.0359 3448 Dhcp - ok
00:51:13.0359 3448 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:51:13.0359 3448 Disk - ok
00:51:13.0375 3448 dmadmin - ok
00:51:13.0406 3448 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
00:51:13.0406 3448 dmboot - ok
00:51:13.0421 3448 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
00:51:13.0421 3448 dmio - ok
00:51:13.0421 3448 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:51:13.0421 3448 dmload - ok
00:51:13.0453 3448 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
00:51:13.0453 3448 dmserver - ok
00:51:13.0484 3448 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:51:13.0484 3448 DMusic - ok
00:51:13.0500 3448 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
00:51:13.0500 3448 Dnscache - ok
00:51:13.0546 3448 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
00:51:13.0562 3448 Dot3svc - ok
00:51:13.0562 3448 dpti2o - ok
00:51:13.0562 3448 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:51:13.0562 3448 drmkaud - ok
00:51:13.0578 3448 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
00:51:13.0578 3448 EapHost - ok
00:51:13.0578 3448 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
00:51:13.0578 3448 ERSvc - ok
00:51:13.0609 3448 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
00:51:13.0609 3448 Eventlog - ok
00:51:13.0640 3448 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
00:51:13.0640 3448 EventSystem - ok
00:51:13.0656 3448 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:51:13.0656 3448 Fastfat - ok
00:51:13.0687 3448 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:51:13.0687 3448 FastUserSwitchingCompatibility - ok
00:51:13.0703 3448 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
00:51:13.0703 3448 Fdc - ok
00:51:13.0718 3448 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
00:51:13.0718 3448 Fips - ok
00:51:13.0718 3448 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
00:51:13.0718 3448 Flpydisk - ok
00:51:13.0750 3448 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
00:51:13.0750 3448 FltMgr - ok
00:51:13.0859 3448 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
00:51:13.0859 3448 FontCache3.0.0.0 - ok
00:51:13.0875 3448 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:51:13.0875 3448 Fs_Rec - ok
00:51:13.0875 3448 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:51:13.0875 3448 Ftdisk - ok
00:51:13.0890 3448 fxqmtuan - ok
00:51:13.0921 3448 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
00:51:13.0921 3448 GEARAspiWDM - ok
00:51:13.0953 3448 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:51:13.0953 3448 Gpc - ok
00:51:14.0031 3448 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
00:51:14.0031 3448 gupdate - ok
00:51:14.0046 3448 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
00:51:14.0046 3448 gupdatem - ok
00:51:14.0093 3448 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:51:14.0093 3448 helpsvc - ok
00:51:14.0109 3448 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
00:51:14.0109 3448 HidServ - ok
00:51:14.0140 3448 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:51:14.0140 3448 HidUsb - ok
00:51:14.0171 3448 hitmanpro36 (47eece68857817f39c8c6f33a7e5e76c) C:\WINDOWS\system32\drivers\hitmanpro36.sys
00:51:14.0171 3448 hitmanpro36 - ok
00:51:14.0171 3448 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
00:51:14.0171 3448 hkmsvc - ok
00:51:14.0171 3448 hpn - ok
00:51:14.0218 3448 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:51:14.0218 3448 HTTP - ok
00:51:14.0218 3448 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
00:51:14.0218 3448 HTTPFilter - ok
00:51:14.0234 3448 i2omgmt - ok
00:51:14.0234 3448 i2omp - ok
00:51:14.0250 3448 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:51:14.0250 3448 i8042prt - ok
00:51:14.0312 3448 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
00:51:14.0312 3448 IDriverT - ok
00:51:14.0359 3448 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:51:14.0359 3448 idsvc - ok
00:51:14.0375 3448 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:51:14.0375 3448 Imapi - ok
00:51:14.0406 3448 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
00:51:14.0406 3448 ImapiService - ok
00:51:14.0406 3448 ini910u - ok
00:51:14.0437 3448 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
00:51:14.0437 3448 IntelIde - ok
00:51:14.0468 3448 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:51:14.0468 3448 intelppm - ok
00:51:14.0484 3448 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
00:51:14.0484 3448 Ip6Fw - ok
00:51:14.0515 3448 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:51:14.0515 3448 IpFilterDriver - ok
00:51:14.0515 3448 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:51:14.0515 3448 IpInIp - ok
00:51:14.0546 3448 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:51:14.0546 3448 IpNat - ok
00:51:14.0609 3448 iPod Service (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe
00:51:14.0625 3448 iPod Service - ok
00:51:14.0625 3448 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:51:14.0625 3448 IPSec - ok
00:51:14.0625 3448 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:51:14.0625 3448 IRENUM - ok
00:51:14.0656 3448 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:51:14.0656 3448 isapnp - ok
00:51:14.0765 3448 JavaQuickStarterService (a38441ed570f190cc041a7be49488fa7) C:\Program Files\Java\jre6\bin\jqs.exe
00:51:14.0765 3448 JavaQuickStarterService - ok
00:51:14.0781 3448 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:51:14.0781 3448 Kbdclass - ok
00:51:14.0781 3448 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:51:14.0781 3448 kbdhid - ok
00:51:14.0812 3448 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:51:14.0812 3448 kmixer - ok
00:51:14.0828 3448 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:51:14.0828 3448 KSecDD - ok
00:51:14.0843 3448 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
00:51:14.0843 3448 lanmanserver - ok
00:51:14.0875 3448 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
00:51:14.0875 3448 lanmanworkstation - ok
00:51:14.0890 3448 Lavasoft Ad-Aware Service - ok
00:51:14.0921 3448 Lavasoft Kernexplorer - ok
00:51:14.0921 3448 lbrtfdc - ok
00:51:14.0968 3448 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
00:51:14.0968 3448 LmHosts - ok
00:51:15.0015 3448 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
00:51:15.0015 3448 Messenger - ok
00:51:15.0062 3448 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:51:15.0062 3448 mnmdd - ok
00:51:15.0109 3448 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
00:51:15.0109 3448 mnmsrvc - ok
00:51:15.0109 3448 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
00:51:15.0109 3448 Modem - ok
00:51:15.0109 3448 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:51:15.0109 3448 Mouclass - ok
00:51:15.0156 3448 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:51:15.0156 3448 mouhid - ok
00:51:15.0171 3448 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:51:15.0171 3448 MountMgr - ok
00:51:15.0218 3448 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
00:51:15.0234 3448 MozillaMaintenance - ok
00:51:15.0250 3448 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
00:51:15.0250 3448 MpFilter - ok
00:51:15.0265 3448 mraid35x - ok
00:51:15.0281 3448 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:51:15.0281 3448 MRxDAV - ok
00:51:15.0343 3448 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:51:15.0343 3448 MRxSmb - ok
00:51:15.0359 3448 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
00:51:15.0359 3448 MSDTC - ok
00:51:15.0359 3448 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:51:15.0359 3448 Msfs - ok
00:51:15.0359 3448 MSIServer - ok
00:51:15.0375 3448 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:51:15.0375 3448 MSKSSRV - ok
00:51:15.0375 3448 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:51:15.0375 3448 MSPCLOCK - ok
00:51:15.0390 3448 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:51:15.0390 3448 MSPQM - ok
00:51:15.0390 3448 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:51:15.0390 3448 mssmbios - ok
00:51:15.0421 3448 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:51:15.0421 3448 Mup - ok
00:51:15.0453 3448 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
00:51:15.0453 3448 napagent - ok
00:51:15.0468 3448 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:51:15.0468 3448 NDIS - ok
00:51:15.0500 3448 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:51:15.0500 3448 NdisTapi - ok
00:51:15.0515 3448 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:51:15.0515 3448 Ndisuio - ok
00:51:15.0515 3448 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:51:15.0531 3448 NdisWan - ok
00:51:15.0546 3448 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:51:15.0546 3448 NDProxy - ok
00:51:15.0546 3448 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:51:15.0546 3448 NetBIOS - ok
00:51:15.0578 3448 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:51:15.0578 3448 NetBT - ok
00:51:15.0609 3448 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
00:51:15.0609 3448 NetDDE - ok
00:51:15.0625 3448 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
00:51:15.0625 3448 NetDDEdsdm - ok
00:51:15.0640 3448 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:51:15.0640 3448 Netlogon - ok
00:51:15.0671 3448 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
00:51:15.0671 3448 Netman - ok
00:51:15.0781 3448 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:51:15.0796 3448 NetTcpPortSharing - ok
00:51:15.0828 3448 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
00:51:15.0828 3448 Nla - ok
00:51:15.0921 3448 NMSAccess (7aea4df1ca68fd45dd4bbe1f0243ce7f) C:\Program Files\CDBurnerXP\NMSAccessU.exe
00:51:15.0937 3448 NMSAccess - ok
00:51:15.0937 3448 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:51:15.0937 3448 Npfs - ok
00:51:15.0968 3448 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:51:15.0968 3448 Ntfs - ok
00:51:15.0968 3448 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:51:15.0968 3448 NtLmSsp - ok
00:51:16.0015 3448 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
00:51:16.0031 3448 NtmsSvc - ok
00:51:16.0062 3448 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:51:16.0062 3448 Null - ok
00:51:16.0453 3448 nv (6733e80a193fc36f41c24142b0c45c0e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:51:16.0531 3448 nv - ok
00:51:16.0625 3448 NVSvc (2e6ed9fe65a9b3ec606603ed0f33dd7d) C:\WINDOWS\system32\nvsvc32.exe
00:51:16.0625 3448 NVSvc - ok
00:51:16.0718 3448 nvUpdatusService (3c09cc7992a8adecd1fddfd5d8e69bae) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
00:51:16.0734 3448 nvUpdatusService - ok
00:51:16.0796 3448 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:51:16.0796 3448 NwlnkFlt - ok
00:51:16.0796 3448 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:51:16.0796 3448 NwlnkFwd - ok
00:51:16.0843 3448 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:51:16.0859 3448 ose - ok
00:51:17.0015 3448 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:51:17.0046 3448 osppsvc - ok
00:51:17.0078 3448 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
00:51:17.0078 3448 Parport - ok
00:51:17.0109 3448 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:51:17.0109 3448 PartMgr - ok
00:51:17.0109 3448 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
00:51:17.0109 3448 ParVdm - ok
00:51:17.0125 3448 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
00:51:17.0125 3448 PCI - ok
00:51:17.0125 3448 PCIDump - ok
00:51:17.0156 3448 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
00:51:17.0156 3448 PCIIde - ok
00:51:17.0156 3448 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:51:17.0156 3448 Pcmcia - ok
00:51:17.0171 3448 PDCOMP - ok
00:51:17.0171 3448 PDFRAME - ok
00:51:17.0171 3448 PDRELI - ok
00:51:17.0187 3448 PDRFRAME - ok
00:51:17.0218 3448 Peachtree SmartPosting 2011 (1ac0f275c583c3323fc36865914774b3) C:\Program Files\Sage\Peachtree\SmartPostingService2011.exe
00:51:17.0218 3448 Peachtree SmartPosting 2011 - ok
00:51:17.0218 3448 perc2 - ok
00:51:17.0218 3448 perc2hib - ok
00:51:17.0265 3448 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
00:51:17.0265 3448 PlugPlay - ok
00:51:17.0296 3448 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:51:17.0296 3448 PolicyAgent - ok
00:51:17.0312 3448 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:51:17.0312 3448 PptpMiniport - ok
00:51:17.0312 3448 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:51:17.0312 3448 ProtectedStorage - ok
00:51:17.0312 3448 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:51:17.0328 3448 PSched - ok
00:51:17.0359 3448 psqlWGE (2bbfa874b938a9435b82a538ddacb546) C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
00:51:17.0359 3448 psqlWGE - ok
00:51:17.0390 3448 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:51:17.0390 3448 Ptilink - ok
00:51:17.0390 3448 puyubunl - ok
00:51:17.0406 3448 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
00:51:17.0406 3448 PxHelp20 - ok
00:51:17.0484 3448 QBCFMonitorService (c6df3ff18d6acb913c78c865dded17d3) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
00:51:17.0484 3448 QBCFMonitorService - ok
00:51:17.0515 3448 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
00:51:17.0515 3448 QBFCService - ok
00:51:17.0593 3448 QBVSS (78afb70dbe365bd6140e6740792ac3ea) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
00:51:17.0593 3448 QBVSS - ok
00:51:17.0625 3448 ql1080 - ok
00:51:17.0625 3448 Ql10wnt - ok
00:51:17.0625 3448 ql12160 - ok
00:51:17.0640 3448 ql1240 - ok
00:51:17.0640 3448 ql1280 - ok
00:51:17.0671 3448 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:51:17.0671 3448 RasAcd - ok
00:51:17.0703 3448 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
00:51:17.0703 3448 RasAuto - ok
00:51:17.0734 3448 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:51:17.0734 3448 Rasl2tp - ok
00:51:17.0781 3448 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
00:51:17.0781 3448 RasMan - ok
00:51:17.0796 3448 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:51:17.0796 3448 RasPppoe - ok
00:51:17.0796 3448 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:51:17.0796 3448 Raspti - ok
00:51:17.0828 3448 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:51:17.0828 3448 Rdbss - ok
00:51:17.0828 3448 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:51:17.0828 3448 RDPCDD - ok
00:51:17.0890 3448 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
00:51:17.0890 3448 RDPWD - ok
00:51:17.0906 3448 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
00:51:17.0906 3448 RDSessMgr - ok
00:51:17.0921 3448 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:51:17.0921 3448 redbook - ok
00:51:17.0953 3448 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
00:51:17.0953 3448 RemoteAccess - ok
00:51:17.0953 3448 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
00:51:17.0953 3448 RpcLocator - ok
00:51:18.0015 3448 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
00:51:18.0015 3448 RpcSs - ok
00:51:18.0031 3448 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
00:51:18.0046 3448 RSVP - ok
00:51:18.0046 3448 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:51:18.0046 3448 SamSs - ok
00:51:18.0046 3448 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
00:51:18.0062 3448 SCardSvr - ok
00:51:18.0093 3448 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
00:51:18.0093 3448 Schedule - ok
00:51:18.0125 3448 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:51:18.0125 3448 Secdrv - ok
00:51:18.0156 3448 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
00:51:18.0156 3448 seclogon - ok
00:51:18.0218 3448 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
00:51:18.0218 3448 senfilt - ok
00:51:18.0234 3448 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
00:51:18.0234 3448 SENS - ok
00:51:18.0234 3448 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
00:51:18.0234 3448 serenum - ok
00:51:18.0250 3448 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
00:51:18.0250 3448 Serial - ok
00:51:18.0265 3448 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:51:18.0265 3448 Sfloppy - ok
00:51:18.0328 3448 Sftfs (0692e5bf83b1f10102ba9bd240110b4e) C:\WINDOWS\system32\DRIVERS\Sftfsxp.sys
00:51:18.0328 3448 Sftfs - ok
00:51:18.0468 3448 sftlist (cb73bc422c07fb611f194da18d1e7f36) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
00:51:18.0468 3448 sftlist - ok
00:51:18.0531 3448 Sftplay (07bec1b450fd93dfce7341d41d422ab1) C:\WINDOWS\system32\DRIVERS\Sftplayxp.sys
00:51:18.0531 3448 Sftplay - ok
00:51:18.0546 3448 Sftredir (3e65185232697f2190bd618ad050034a) C:\WINDOWS\system32\DRIVERS\Sftredirxp.sys
00:51:18.0546 3448 Sftredir - ok
00:51:18.0546 3448 Sftvol (f372506bc97f14a41fb81bbe3223906b) C:\WINDOWS\system32\DRIVERS\Sftvolxp.sys
00:51:18.0546 3448 Sftvol - ok
00:51:18.0562 3448 sftvsa (a5812f0281ca5081bf696626f9bf324d) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
00:51:18.0562 3448 sftvsa - ok
00:51:18.0625 3448 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
00:51:18.0625 3448 SharedAccess - ok
00:51:18.0671 3448 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:51:18.0671 3448 ShellHWDetection - ok
00:51:18.0671 3448 Simbad - ok
00:51:18.0687 3448 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
00:51:18.0703 3448 smwdm - ok
00:51:18.0703 3448 Sparrow - ok
00:51:18.0718 3448 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:51:18.0718 3448 splitter - ok
00:51:18.0734 3448 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
00:51:18.0750 3448 Spooler - ok
00:51:18.0750 3448 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
00:51:18.0750 3448 sr - ok
00:51:18.0781 3448 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
00:51:18.0781 3448 srservice - ok
00:51:18.0843 3448 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:51:18.0843 3448 Srv - ok
00:51:18.0859 3448 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
00:51:18.0859 3448 SSDPSRV - ok
00:51:18.0890 3448 StarOpen (e57b778208c783d8debab320c16a1b82) C:\WINDOWS\system32\drivers\StarOpen.sys
00:51:18.0890 3448 StarOpen - ok
00:51:18.0906 3448 Steam Client Service - ok
00:51:18.0953 3448 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
00:51:18.0953 3448 stisvc - ok
00:51:18.0968 3448 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:51:18.0968 3448 swenum - ok
00:51:18.0968 3448 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:51:18.0968 3448 swmidi - ok
00:51:18.0984 3448 SwPrv - ok
00:51:18.0984 3448 symc810 - ok
00:51:19.0000 3448 symc8xx - ok
00:51:19.0000 3448 sym_hi - ok
00:51:19.0000 3448 sym_u3 - ok
00:51:19.0015 3448 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:51:19.0015 3448 sysaudio - ok
00:51:19.0031 3448 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
00:51:19.0046 3448 SysmonLog - ok
00:51:19.0093 3448 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
00:51:19.0093 3448 TapiSrv - ok
00:51:19.0156 3448 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:51:19.0156 3448 Tcpip - ok
00:51:19.0187 3448 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:51:19.0187 3448 TDPIPE - ok
00:51:19.0187 3448 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:51:19.0187 3448 TDTCP - ok
00:51:19.0203 3448 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:51:19.0203 3448 TermDD - ok
00:51:19.0234 3448 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
00:51:19.0234 3448 TermService - ok
00:51:19.0250 3448 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:51:19.0250 3448 Themes - ok
00:51:19.0250 3448 TosIde - ok
00:51:19.0265 3448 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
00:51:19.0265 3448 TrkWks - ok
00:51:19.0296 3448 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:51:19.0296 3448 Udfs - ok
00:51:19.0296 3448 ultra - ok
00:51:19.0343 3448 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:51:19.0343 3448 Update - ok
00:51:19.0375 3448 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
00:51:19.0375 3448 upnphost - ok
00:51:19.0375 3448 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
00:51:19.0390 3448 UPS - ok
00:51:19.0406 3448 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
00:51:19.0406 3448 USBAAPL - ok
00:51:19.0437 3448 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:51:19.0437 3448 usbccgp - ok
00:51:19.0453 3448 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:51:19.0453 3448 usbehci - ok
00:51:19.0468 3448 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:51:19.0468 3448 usbhub - ok
00:51:19.0500 3448 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:51:19.0500 3448 usbprint - ok
00:51:19.0531 3448 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:51:19.0531 3448 usbscan - ok
00:51:19.0546 3448 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:51:19.0546 3448 USBSTOR - ok
00:51:19.0578 3448 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:51:19.0578 3448 usbuhci - ok
00:51:19.0578 3448 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:51:19.0578 3448 VgaSave - ok
00:51:19.0593 3448 ViaIde - ok
00:51:19.0593 3448 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
00:51:19.0593 3448 VolSnap - ok
00:51:19.0609 3448 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
00:51:19.0609 3448 VSS - ok
00:51:19.0625 3448 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
00:51:19.0625 3448 W32Time - ok
00:51:19.0640 3448 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:51:19.0640 3448 Wanarp - ok
00:51:19.0687 3448 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
00:51:19.0687 3448 Wdf01000 - ok
00:51:19.0703 3448 WDICA - ok
00:51:19.0718 3448 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:51:19.0734 3448 wdmaud - ok
00:51:19.0781 3448 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
00:51:19.0781 3448 WebClient - ok
00:51:19.0859 3448 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
00:51:19.0875 3448 winmgmt - ok
00:51:19.0906 3448 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
00:51:19.0906 3448 WmdmPmSN - ok
00:51:19.0953 3448 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
00:51:19.0953 3448 WmiApSrv - ok
00:51:19.0984 3448 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
00:51:19.0984 3448 WS2IFSL - ok
00:51:20.0015 3448 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
00:51:20.0031 3448 wscsvc - ok
00:51:20.0031 3448 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
00:51:20.0031 3448 wuauserv - ok
00:51:20.0093 3448 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
00:51:20.0093 3448 WZCSVC - ok
00:51:20.0125 3448 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
00:51:20.0125 3448 xmlprov - ok
00:51:20.0140 3448 xusb21 (a640c90b007762939507c28a021be3b3) C:\WINDOWS\system32\DRIVERS\xusb21.sys
00:51:20.0140 3448 xusb21 - ok
00:51:20.0156 3448 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
00:51:20.0500 3448 \Device\Harddisk0\DR0 - ok
00:51:20.0500 3448 Boot (0x1200) (d419bfdb8e0be8d922f2ece94f9fc925) \Device\Harddisk0\DR0\Partition0
00:51:20.0500 3448 \Device\Harddisk0\DR0\Partition0 - ok
00:51:20.0500 3448 ============================================================
00:51:20.0500 3448 Scan finished
00:51:20.0500 3448 ============================================================
00:51:20.0515 3812 Detected object count: 0
00:51:20.0515 3812 Actual detected object count: 0




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-15 00:52:07
-----------------------------
00:52:07.468 OS Version: Windows 5.1.2600 Service Pack 3
00:52:07.468 Number of processors: 2 586 0x304
00:52:07.468 ComputerName: PATRICKS UserName: Patrick
00:52:08.656 Initialize success
00:54:38.468 AVAST engine defs: 12071402
00:54:53.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
00:54:53.578 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10004 Size: 953869MB BusType: 3
00:54:53.593 Disk 0 MBR read successfully
00:54:53.593 Disk 0 MBR scan
00:54:53.593 Disk 0 Windows XP default MBR code
00:54:53.593 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953859 MB offset 63
00:54:53.593 Disk 0 scanning sectors +1953504000
00:54:53.671 Disk 0 scanning C:\WINDOWS\system32\drivers
00:55:00.562 Service scanning
00:55:11.546 Modules scanning
00:55:33.765 Disk 0 trace - called modules:
00:55:33.796 ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
00:55:33.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89b90ab8]
00:55:33.796 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89c02b00]
00:55:34.828 AVAST engine scan C:\WINDOWS
00:55:45.000 AVAST engine scan C:\WINDOWS\system32
00:58:39.218 AVAST engine scan C:\WINDOWS\system32\drivers
00:59:29.406 AVAST engine scan C:\Documents and Settings\Patrick
01:02:05.140 File: C:\Documents and Settings\Patrick\Application Data\Sun\Java\Deployment\cache\6.0\27\5d9fa61b-75eea1a8 **INFECTED** Win32:Rootkit-gen [Rtk]
01:20:57.890 AVAST engine scan C:\Documents and Settings\All Users
01:26:38.640 Scan finished successfully
01:29:37.531 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Patrick\Desktop\MBR.dat"
01:29:37.531 The log file has been saved successfully to "C:\Documents and Settings\Patrick\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo

  • Malware Response Team
  • PipPipPipPipPipPip
  • 121,082 posts
  • Gender:Male
  • Location:Puerto rico

Posted 15 July 2012 - 12:40 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
C:\Documents and Settings\Patrick\Application Data\Sun\Java\Deployment\cache\6.0\27

Driver::
fxqmtuan
puyubunl

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

#11 Zalmus

Zalmus

    New Member

  • Members
  • Pip
  • 10 posts

Posted 15 July 2012 - 01:04 AM

Combofix ran fine and I now can start windows firewall. However I have a windows security alert in the task bar to turn on virus protection and I still get the error when I try to start Microsoft Security Essentials "couldn't start the security essentials service" error code 0x80070424. Log is below.

ComboFix 12-07-14.01 - Patrick 07/15/2012 1:48.2.2 - x86
Running from: c:\documents and settings\Patrick\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Patrick\Desktop\CFScript.txt
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_fxqmtuan
-------\Service_puyubunl
.
.
((((((((((((((((((((((((( Files Created from 2012-06-15 to 2012-07-15 )))))))))))))))))))))))))))))))
.
.
2012-07-09 17:51 . 2012-07-09 17:51 27424 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-07-09 04:49 . 2012-07-09 04:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2012-07-09 04:48 . 2012-07-09 04:48 -------- d-----w- c:\program files\ImgBurn
2012-07-09 04:19 . 2012-07-09 04:19 -------- d-----w- c:\documents and settings\Patrick\Local Settings\Application Data\Secunia PSI
2012-07-09 04:18 . 2012-07-09 04:18 -------- d-----w- c:\program files\Secunia
2012-07-09 04:17 . 2012-06-18 07:14 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4F6ECAA8-A1B6-424F-89D1-62C879E18F54}\mpengine.dll
2012-07-09 04:15 . 2012-07-09 04:15 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-09 03:41 . 2012-07-09 17:44 -------- d-----w- c:\program files\HitmanPro
2012-07-08 22:19 . 2012-07-08 22:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2012-07-08 21:47 . 2012-07-09 04:11 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-07-08 21:37 . 2012-07-08 21:37 -------- d-----w- c:\documents and settings\Patrick\Application Data\ElevatedDiagnostics
2012-07-07 20:19 . 2012-07-07 20:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-07 19:25 . 2012-04-14 05:39 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-07 19:25 . 2011-05-18 02:12 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-04 21:35 . 2012-05-11 15:07 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:19 . 2009-08-07 00:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2009-08-07 00:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2009-08-07 00:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2009-08-07 00:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2006-02-28 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2009-08-07 00:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18 . 2012-05-11 15:07 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2012-05-11 15:07 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 16:25 . 2012-05-11 05:59 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-31 13:22 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2006-02-28 12:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 16:23 . 2010-11-30 02:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-11 16:23 . 2012-05-11 16:23 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-11 16:23 . 2010-11-30 02:19 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-11 14:42 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2006-02-28 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2010-11-24 23:20 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-16 21:12 . 2012-04-03 16:54 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-15_04.38.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-15 05:55 . 2012-07-15 05:55 2901 c:\windows\system32\config\systemprofile\Application Data\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-07-15 04:22 . 2012-07-15 04:22 2901 c:\windows\system32\config\systemprofile\Application Data\SoftGrid Client\Icon Cache\icon_ex.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Intuit Data Protect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk
backup=c:\windows\pss\Intuit Data Protect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
backup=c:\windows\pss\QuickBooks_Standard_21.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-04-04 05:53 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2011-11-08 10:10 3295320 ----a-w- c:\documents and settings\Patrick\Local Settings\Application Data\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 11:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2011-06-14 12:18 1527128 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 22:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeachtreePrefetcher.exe]
2011-10-25 17:27 29512 ----a-r- c:\progra~1\Sage\PEACHT~1\PeachtreePrefetcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2012-05-18 05:05 9478320 ----a-w- c:\documents and settings\Patrick\Application Data\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2012-05-18 05:05 932528 ----a-w- c:\documents and settings\Patrick\Application Data\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-05-31 00:20 1242448 ----a-w- c:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zboard]
2009-06-04 23:56 57344 ----a-w- c:\program files\Ideazon\ZEngine\Zboard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"QBVSS"=2 (0x2)
"QBCFMonitorService"=2 (0x2)
"QBFCService"=3 (0x3)
"Peachtree SmartPosting 2011"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=3 (0x3)
"osppsvc"=3 (0x3)
"ose"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [1/26/2011 8:31 PM 21992]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [1/4/2012 2:22 PM 822624]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [9/6/2011 3:09 AM 2255464]
R2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files\Pervasive Software\PSQL\bin\w3dbsmgr.exe [6/6/2008 2:03 PM 435496]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [10/1/2011 8:30 AM 508776]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [12/2/2009 11:23 PM 584680]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [12/2/2009 11:23 PM 209512]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [12/2/2009 11:23 PM 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [12/2/2009 11:23 PM 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [10/1/2011 8:30 AM 219496]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/28/2012 4:03 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/28/2012 4:03 PM 136176]
S3 hitmanpro36;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [7/9/2012 1:51 PM 27424]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/2/2012 9:15 PM 113120]
S4 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]
S4 Peachtree SmartPosting 2011;Peachtree SmartPosting 2011;c:\program files\Sage\Peachtree\SmartPostingService2011.exe [4/10/2010 3:32 PM 43848]
S4 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [6/30/2011 1:25 PM 1248256]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-28 20:02]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-28 20:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\documents and settings\Patrick\Application Data\Mozilla\Firefox\Profiles\9i4p4rhv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-15 01:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1957994488-764733703-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:3e,b4,2d,03,b1,c8,3b,06,4c,44,1e,12,46,dc,3d,47,cf,47,a3,e0,b4,
cc,3d,f1,e7,14,2d,cc,13,da,9c,67,88,dc,88,ef,11,a0,ed,a7,cc,fa,26,de,84,65,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(996)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RunDLL32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-07-15 02:00:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-15 06:00
ComboFix2.txt 2012-07-15 04:42
.
Pre-Run: 764,223,078,400 bytes free
Post-Run: 764,263,546,880 bytes free
.
- - End Of File - - 7B94245596FBF57561C71EF62A0ED1FC

#12 gringo_pr

gringo_pr

    Bleepin Gringo

  • Malware Response Team
  • PipPipPipPipPipPip
  • 121,082 posts
  • Gender:Male
  • Location:Puerto rico

Posted 15 July 2012 - 01:08 AM

Greetings


now I want you to uninstall MSE and restart the computer then reinstall it and see if it starts working



gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

#13 Zalmus

Zalmus

    New Member

  • Members
  • Pip
  • 10 posts

Posted 15 July 2012 - 01:18 AM

I have reinstalled mse and it works! Thank you for your help I have no other problems right now.

#14 gringo_pr

gringo_pr

    Bleepin Gringo

  • Malware Response Team
  • PipPipPipPipPipPip
  • 121,082 posts
  • Gender:Male
  • Location:Puerto rico

Posted 15 July 2012 - 01:26 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 32 [/list]

  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

#15 Zalmus

Zalmus

    New Member

  • Members
  • Pip
  • 10 posts

Posted 15 July 2012 - 02:09 AM

All steps were completed. Only thing i noticed was with Revo uninstaller there was also a "Java 6 Update 20" should I remove this as well? logs are below, computer seems fine still now.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.15.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Patrick :: PATRICKS [administrator]

7/15/2012 2:56:48 AM
mbam-log-2012-07-15 (02-56-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222728
Time elapsed: 6 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:06:46 AM, on 7/15/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Patrick\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341783135421
O18 - Protocol: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Pervasive PSQL Workgroup Engine (psqlWGE) - Pervasive Software Inc. - C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 6239 bytes
Back to Virus, Trojan, Spyware, and Malware Removal Logs


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Logs
  4. Privacy Policy
  5. Rules ·