Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help. Website won't stop popping up in my tabs. Is it a virus?


  • This topic is locked This topic is locked
31 replies to this topic

#1 Yoko123

Yoko123

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 21 October 2012 - 10:18 PM

Hi there. On Friday, all of a sudden, this website started popping up in my tabs. There's nothing on the page, it only says "problem loading page, server not found" and it's been popping up more frequently now. Sometimes 5 tabs would be opened at a time with that website. I'm getting sick of it and increasingly worried.

Here are some screenshots.
http://imageftw.com/uploads/20121021/Ugh.PNG
http://imageftw.com/uploads/20121021/Ugh%60.PNG

Sometimes that error would occur but most of the time it's just the website. I already scanned my computer with Malwarebytes but nothing has come up. Please help me. What do I do to get rid of this?

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 134,620 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:23 AM

Posted 21 October 2012 - 11:47 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Yoko123

Yoko123
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 22 October 2012 - 12:32 AM

Thank you for the warm welcome and thank you for taking on my problem!

Security check report:
Results of screen317's Security Check version 0.99.53
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java™ 6 Update 29
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader X 10.1.2 Adobe Reader out of Date!
Mozilla Firefox (16.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 25% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

DDS Report: DDS
DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Owner at 22:27:40 on 2012-10-21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.287 [GMT -7:00]
.
.
============== Running Processes ================
.
C:\Program Files\WTouch\WTouchService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ca.search.yahoo.com?type=937811&fr=spigot-yhp-ie
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: @c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Itibiti.exe] c:\program files\itibiti soft phone\Itibiti.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PhotoJoy] c:\program files\photojoy\bin\PhotoJoy.exe /c
uRun: [Akamai NetSession Interface] "c:\documents and settings\owner\local settings\application data\akamai\netsession_win.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{BDA70448-5CDE-47D8-955E-0B9EE75CE3B4} : DHCPNameServer = 192.168.0.1
Filter: text/html - {46e2300b-f759-45d8-abdf-b81981cafeb4} -
Handler: KuGoo - <Clsid value has no data>
Handler: KuGoo3 - <Clsid value has no data>
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\mjayoxdk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2966884&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - ExtSQL: 2012-08-30 19:42; jid0-0PGffAcVvhUBieFYkRVVc5w6lIU@jetpack; c:\documents and settings\owner\application data\mozilla\firefox\profiles\mjayoxdk.default\extensions\[email protected]
FF - ExtSQL: 2012-09-10 22:13; {27182e60-b5f3-411c-b545-b44205977502}; c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\SearchHelperExtension
FF - ExtSQL: 2012-09-10 22:13; {3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}; c:\program files\microsoft\search enhancement pack\default manager\DMExtension
FF - ExtSQL: !HIDDEN! 2011-02-07 03:09; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-2-27 14776]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2012-8-18 54760]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2012-8-20 4497704]
R2 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2012-8-20 113448]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2010-9-2 226304]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-3 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-9-19 250808]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-3 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-7 115168]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2012-8-20 16168]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=c:\windows\notepad.exe %1
FileExt: .chm: chm.file="hh.exe" %1
.
=============== Created Last 30 ================
.
2012-10-15 14:51:22 -------- d-----w- c:\documents and settings\owner\application data\WTablet
2012-10-15 14:51:20 -------- d-----w- c:\documents and settings\owner\application data\WTouch
2012-10-07 02:22:35 -------- d-----w- c:\documents and settings\all users\application data\YTD Video Downloader
.
==================== Find3M ====================
.
2012-10-10 05:43:19 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-10 05:43:18 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-30 02:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-21 11:40:43 819984776 ----a-w- c:\program files\U_SFInstaller.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HTS541080G9SA00 rev.MB4OC65D -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x865374D0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8653d7d0]; MOV EAX, [0x8653d84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86566AB8]
3 CLASSPNP[0xF761EFD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000007e[0x86552C60]
5 ACPI[0xF7495620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x865A4030]
\Driver\atapi[0x86555848] -> IRP_MJ_CREATE -> 0x865374D0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8653731B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 22:28:45.95 ===============

DDS Report: Attach
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/1/2010 8:44:16 AM
System Uptime: 10/21/2012 5:07:28 PM (5 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Genuine Intel® CPU T2050 @ 1.60GHz | N/A | 1596/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 1.134 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_8086&DEV_27A2&SUBSYS_8212104D&REV_03\3&B1BFB68&0&10
Manufacturer:
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_8086&DEV_27A2&SUBSYS_8212104D&REV_03\3&B1BFB68&0&10
Service:
.
Class GUID:
Description: Modem Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2C06&SUBSYS_104D1700&REV_1000\4&17C5AFAF&0&0102
Manufacturer:
Name: Modem Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2C06&SUBSYS_104D1700&REV_1000\4&17C5AFAF&0&0102
Service:
.
Class GUID:
Description: Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4351&SUBSYS_8212104D&REV_13\4&192AC53F&0&00E0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4351&SUBSYS_8212104D&REV_13\4&192AC53F&0&00E0
Service:
.
==== System Restore Points ===================
.
RP264: 10/5/2012 4:35:45 PM - Removed Microsoft Office Home and Student 2010
RP265: 10/6/2012 6:45:53 PM - System Checkpoint
RP266: 10/7/2012 6:58:58 PM - System Checkpoint
RP267: 10/8/2012 8:08:20 PM - System Checkpoint
RP268: 10/10/2012 9:59:48 PM - System Checkpoint
RP269: 10/11/2012 11:19:36 PM - System Checkpoint
RP270: 10/13/2012 7:06:50 PM - System Checkpoint
RP271: 10/15/2012 5:37:56 PM - System Checkpoint
RP272: 10/16/2012 6:31:02 PM - System Checkpoint
RP273: 10/17/2012 6:35:49 PM - System Checkpoint
RP274: 10/18/2012 9:32:07 PM - System Checkpoint
RP275: 10/19/2012 10:31:16 PM - System Checkpoint
RP276: 10/20/2012 10:34:38 PM - Removed YTD Toolbar v6.5.
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.5
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bamboo
Bing ???
Bing Bar Platform
Bonjour
Combined Community Codec Pack 2011-11-11
Digital Media Converter 4.0
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB951830)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB971314)
Hotfix for Windows XP (KB981793)
HP Officejet 6600 Basic Device Software
HP Officejet 6600 Help
HP Officejet 6600 Product Improvement Study
HP Update
I.R.I.S. OCR
ImgBurn
Intel® PROSet/Wireless Software
Itibiti RTC
iTunes
Java Auto Updater
Java™ 6 Update 29
Junk Mail filter update
Malwarebytes Anti-Malware version 1.65.1.1000
mCore
mDriver
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
mMHouse
Mozilla Firefox 16.0.1 (x86 en-US)
Mozilla Maintenance Service
mPfMgr
mProSafe
MSVCRT
MSVCRT Redists
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
mWlsSafe
mXML
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982316)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SmartSound Common Data
SmartSound Quicktracks 5
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955704)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 8.0 CRT (x86) WinSXS MSM
Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
Visual C++ 8.0 MFC (x86) WinSXS MSM
Visual C++ 8.0 MFC.Policy (x86) WinSXS MSM
VLC media player 1.1.11
WebFldrs XP
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Encoder 9 Series
Windows Presentation Foundation
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR 4.01 (32-bit)
XML Paper Specification Shared Components Pack 1.0
YTD Video Downloader 3.9.3
.
==== Event Viewer Messages From Past Week ========
.
10/20/2012 7:21:44 PM, error: Dhcp [1002] - The IP address lease 192.168.0.198 for the Network Card with network address 0018DE45ED13 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
10/15/2012 7:50:23 AM, error: DCOM [10000] - Unable to start a DCOM Server: {C2BFE331-6739-4270-86C9-493D9A04CD38}. The error: "%2" Happened while starting this command: C:\WINDOWS\system32\igfxsrvc.exe -Embedding
10/15/2012 7:50:23 AM, error: DCOM [10000] - Unable to start a DCOM Server: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}. The error: "%2" Happened while starting this command: C:\WINDOWS\system32\igfxsrvc.exe -Embedding
10/14/2012 10:30:37 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0018DE45ED13. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 134,620 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:23 AM

Posted 22 October 2012 - 01:05 AM

Hello


These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Yoko123

Yoko123
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 22 October 2012 - 01:16 AM

# AdwCleaner v2.005 - Logfile created 10/21/2012 at 23:08:19
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - 2B2E6818793041F
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\DOCUME~1\Owner\LOCALS~1\Temp\Uninstall.exe
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mjayoxdk.default\searchplugins\Askcom.xml
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mjayoxdk.default\searchplugins\Conduit.xml
Folder Deleted : C:\DOCUME~1\Owner\LOCALS~1\Temp\AskSearch
Folder Deleted : C:\DOCUME~1\Owner\LOCALS~1\Temp\boost_interprocess
Folder Deleted : C:\Documents and Settings\Owner\Application Data\SogouExplorer
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2304157
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2966884
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\ImInstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mjayoxdk.default\prefs.js

Deleted : user_pref("CT2966884.ValidationData_Toolbar", 0);
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultthis.engineName", "PhotoJoy Bar Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2966884&Sea[...]
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("myqna.searchquotes", "Y");

Profile name : default
File : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\zauek1jb.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3734 octets] - [21/10/2012 23:08:19]

########## EOF - C:\AdwCleaner[S1].txt - [3794 octets] ##########


RogueKiller report coming in a moment.

#6 Yoko123

Yoko123
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 22 October 2012 - 01:20 AM

RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Remove -- Date : 10/21/2012 23:19:05

Bad processes : 0

Registry Entries : 2
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[FILEASSO] HKLM\[...]\command : ("C:\DOCUME~1\Owner\LOCALS~1\Temp\0.9780850393938265.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") -> REPLACED ("C:\Program Files\Internet Explorer\iexplore.exe")

Particular Files / Folders:

Driver : [LOADED]
IRP[DriverStartIo] : atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x8651431B)

Infection : Rans.Gendarm|Root.MBR

HOSTS File:
--> C:\WINDOWS\system32\drivers\etc\hosts



MBR Check:

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 9c195e9b6ae3f1afaf9638a60ca433e1
[BSP] 2d66076d7ddeeff3f821051c634a8b68 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] bf72519451f8dabde5d933a4399eddb0
[BSP] 524b741c504763ac91345bca869a5b08 : TDL4 MBR Code!
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 134,620 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:23 AM

Posted 22 October 2012 - 03:57 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Yoko123

Yoko123
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 22 October 2012 - 06:59 PM

ComboFix 12-10-22.02 - Owner 10/22/2012 16:18:59.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.656 [GMT -7:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\FB99D06F5C.sys
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Owner\Application Data\Local
c:\documents and settings\Owner\Application Data\Local\Temp\DDM\Settings\0.ddi
c:\documents and settings\Owner\Application Data\Local\Temp\DDM\Settings\0578456ecb6039a.avi(2).ddr
c:\documents and settings\Owner\Application Data\Local\Temp\DDM\Settings\0578456ecb6039a.avi.ddr
c:\documents and settings\Owner\Application Data\Local\Temp\DDM\Settings\1.ddi
c:\documents and settings\Owner\Application Data\Local\Temp\DDM\Settings\2.ddi
c:\documents and settings\Owner\Application Data\Local\Temp\DDM\Settings\ithc9cajhz2j5.avi.ddr
c:\documents and settings\Owner\Application Data\Local\Temp\DDM\Settings\settings.ddi
c:\documents and settings\Owner\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\0578456ecb6039a.avi(2).ddp
c:\documents and settings\Owner\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\0578456ecb6039a.avi.ddp
c:\documents and settings\Owner\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\ithc9cajhz2j5.avi.ddp
c:\documents and settings\Owner\Application Data\WTouch
c:\documents and settings\Owner\Application Data\WTouch\WTouch.xml
c:\documents and settings\Owner\Local Settings\Application Data\ajm.exe
c:\documents and settings\Owner\Local Settings\Application Data\fuh.exe
c:\documents and settings\Owner\Local Settings\Application Data\pvs.exe
c:\documents and settings\Owner\Local Settings\Application Data\sey.exe
c:\program files\Common Files\Tencent\Paycenter
c:\program files\Common Files\Tencent\Paycenter\qqcert.dll
c:\program files\Common Files\Tencent\Paycenter\qqedit.dll
c:\program files\StormII
c:\program files\StormII\{A0BC61FC-A950-8C30-8F0A-D8C818AE664D}\AddressBar.dll
c:\program files\TENCENT\SSPlus\SData.dat
c:\program files\TENCENT\SSPlus\stdtbh.dat
.
.
((((((((((((((((((((((((( Files Created from 2012-09-22 to 2012-10-22 )))))))))))))))))))))))))))))))
.
.
2012-10-16 22:27 . 2012-10-16 22:27 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2012-10-15 14:51 . 2012-10-22 22:53 -------- d-----w- c:\documents and settings\Owner\Application Data\WTablet
2012-10-07 02:22 . 2012-10-07 02:22 -------- d-----w- c:\documents and settings\All Users\Application Data\YTD Video Downloader
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 05:43 . 2012-09-20 06:40 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-10 05:43 . 2011-12-17 04:15 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-30 02:54 . 2011-04-03 18:31 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-21 11:40 . 2011-04-21 11:40 819984776 ----a-w- c:\program files\U_SFInstaller.exe
2012-10-12 23:48 . 2012-10-12 23:48 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-03 39408]
"Akamai NetSession Interface"="c:\documents and settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-08-11 4440896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-09-03 12:50 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Tencent\\QQDownload\\110\\Tencentdl.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1055:TCP"= 1055:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2/27/2011 12:22 AM 14776]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [8/20/2012 9:45 PM 4497704]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [8/20/2012 9:47 PM 113448]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [9/2/2010 1:52 AM 226304]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/3/2010 5:50 AM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [9/19/2012 11:40 PM 250808]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/3/2010 5:50 AM 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6/7/2012 3:22 PM 115168]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [8/20/2012 9:46 PM 16168]
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-20 05:43]
.
2012-10-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 00:57]
.
2012-10-08 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Officejet 6600\Bin\HPCustPartic.exe [2011-09-09 22:53]
.
2012-10-22 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Officejet 6600\Bin\HPCustPartic.exe [2011-09-09 22:53]
.
2012-10-22 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Officejet 6600\Bin\HPCustPartic.exe [2011-09-09 22:53]
.
2012-10-19 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Officejet 6600\Bin\HPCustPartic.exe [2011-09-09 22:53]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-03 12:50]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-03 12:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ca.search.yahoo.com?type=937811&fr=spigot-yhp-ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\mjayoxdk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-08-30 19:42; jid0-0PGffAcVvhUBieFYkRVVc5w6lIU@jetpack; c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\mjayoxdk.default\extensions\[email protected]
FF - ExtSQL: 2012-09-10 22:13; {27182e60-b5f3-411c-b545-b44205977502}; c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF - ExtSQL: 2012-09-10 22:13; {3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}; c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF - ExtSQL: !HIDDEN! 2011-02-07 03:09; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
------- File Associations -------
.
txtfile=c:\windows\notepad.exe %1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
HKCU-Run-Itibiti.exe - c:\program files\Itibiti Soft Phone\Itibiti.exe
HKCU-Run-PhotoJoy - c:\program files\PhotoJoy\bin\PhotoJoy.exe
HKLM-Run-DivX Download Manager - c:\program files\DivX\DivX Plus Web Player\DDmService.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-22 16:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HTS541080G9SA00 rev.MB4OC65D -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8652331B
user & kernel MBR OK
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(768)
c:\windows\system32\WININET.dll
.
Completion time: 2012-10-22 16:54:58
ComboFix-quarantined-files.txt 2012-10-22 23:54
.
Pre-Run: 1,141,489,664 bytes free
Post-Run: 7,471,525,888 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 3609983D6C411AA0E979FB85EE0C320A

There weren't any problems with running ComboFix, it was just slow.
And right now the computer seems to be working fine! The website hasn't been popping up yet!

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 134,620 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:23 AM

Posted 22 October 2012 - 11:42 PM

Greetings Yoko123

It looks like there may be something still in there so I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Yoko123

Yoko123
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 23 October 2012 - 12:10 AM

22:03:06.0406 3328 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
22:03:07.0109 3328 ============================================================
22:03:07.0109 3328 Current date / time: 2012/10/22 22:03:07.0109
22:03:07.0109 3328 SystemInfo:
22:03:07.0109 3328
22:03:07.0109 3328 OS Version: 5.1.2600 ServicePack: 3.0
22:03:07.0109 3328 Product type: Workstation
22:03:07.0109 3328 ComputerName: 2B2E6818793041F
22:03:07.0109 3328 UserName: Owner
22:03:07.0109 3328 Windows directory: C:\WINDOWS
22:03:07.0109 3328 System windows directory: C:\WINDOWS
22:03:07.0109 3328 Processor architecture: Intel x86
22:03:07.0109 3328 Number of processors: 2
22:03:07.0109 3328 Page size: 0x1000
22:03:07.0109 3328 Boot type: Normal boot
22:03:07.0109 3328 ============================================================
22:03:09.0890 3328 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:03:09.0890 3328 ============================================================
22:03:09.0890 3328 \Device\Harddisk0\DR0:
22:03:09.0906 3328 MBR partitions:
22:03:09.0906 3328 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
22:03:09.0906 3328 ============================================================
22:03:09.0968 3328 C: <-> \Device\Harddisk0\DR0\Partition1
22:03:09.0968 3328 ============================================================
22:03:09.0968 3328 Initialize success
22:03:09.0968 3328 ============================================================
22:03:55.0578 5284 ============================================================
22:03:55.0578 5284 Scan started
22:03:55.0578 5284 Mode: Manual;
22:03:55.0578 5284 ============================================================
22:03:55.0937 5284 ================ Scan system memory ========================
22:03:55.0953 5284 System memory - ok
22:03:55.0953 5284 ================ Scan services =============================
22:03:56.0109 5284 Abiosdsk - ok
22:03:56.0125 5284 abp480n5 - ok
22:03:56.0187 5284 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:03:56.0187 5284 ACPI - ok
22:03:56.0218 5284 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
22:03:56.0218 5284 ACPIEC - ok
22:03:56.0343 5284 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:03:56.0343 5284 AdobeFlashPlayerUpdateSvc - ok
22:03:56.0359 5284 adpu160m - ok
22:03:56.0406 5284 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
22:03:56.0406 5284 aec - ok
22:03:56.0468 5284 [ 15E655BAA989444F56787EF558823643 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
22:03:56.0468 5284 AegisP - ok
22:03:56.0515 5284 [ 7618D5218F2A614672EC61A80D854A37 ] AFD C:\WINDOWS\System32\drivers\afd.sys
22:03:56.0515 5284 AFD - ok
22:03:56.0531 5284 Aha154x - ok
22:03:56.0562 5284 aic78u2 - ok
22:03:56.0593 5284 aic78xx - ok
22:03:56.0640 5284 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
22:03:56.0640 5284 Alerter - ok
22:03:56.0671 5284 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
22:03:56.0671 5284 ALG - ok
22:03:56.0687 5284 AliIde - ok
22:03:56.0718 5284 amsint - ok
22:03:56.0875 5284 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:03:56.0875 5284 Apple Mobile Device - ok
22:03:56.0921 5284 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
22:03:56.0921 5284 AppMgmt - ok
22:03:56.0984 5284 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:03:56.0984 5284 Arp1394 - ok
22:03:57.0000 5284 asc - ok
22:03:57.0015 5284 asc3350p - ok
22:03:57.0046 5284 asc3550 - ok
22:03:57.0187 5284 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:03:57.0265 5284 aspnet_state - ok
22:03:57.0312 5284 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:03:57.0328 5284 AsyncMac - ok
22:03:57.0359 5284 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
22:03:57.0359 5284 atapi - ok
22:03:57.0375 5284 Atdisk - ok
22:03:57.0421 5284 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:03:57.0421 5284 Atmarpc - ok
22:03:57.0484 5284 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
22:03:57.0484 5284 AudioSrv - ok
22:03:57.0531 5284 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
22:03:57.0531 5284 audstub - ok
22:03:57.0593 5284 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
22:03:57.0593 5284 Beep - ok
22:03:57.0640 5284 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
22:03:57.0640 5284 BITS - ok
22:03:57.0734 5284 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:03:57.0750 5284 Bonjour Service - ok
22:03:57.0765 5284 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
22:03:57.0781 5284 Browser - ok
22:03:57.0921 5284 catchme - ok
22:03:57.0968 5284 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
22:03:57.0968 5284 cbidf2k - ok
22:03:57.0984 5284 cd20xrnt - ok
22:03:58.0031 5284 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
22:03:58.0031 5284 Cdaudio - ok
22:03:58.0078 5284 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
22:03:58.0078 5284 Cdfs - ok
22:03:58.0109 5284 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:03:58.0125 5284 Cdrom - ok
22:03:58.0125 5284 Changer - ok
22:03:58.0203 5284 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
22:03:58.0203 5284 CiSvc - ok
22:03:58.0218 5284 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
22:03:58.0218 5284 ClipSrv - ok
22:03:58.0296 5284 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:03:58.0375 5284 clr_optimization_v2.0.50727_32 - ok
22:03:58.0406 5284 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:03:58.0406 5284 CmBatt - ok
22:03:58.0421 5284 CmdIde - ok
22:03:58.0453 5284 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:03:58.0453 5284 Compbatt - ok
22:03:58.0468 5284 COMSysApp - ok
22:03:58.0531 5284 Cpqarray - ok
22:03:58.0593 5284 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
22:03:58.0593 5284 CryptSvc - ok
22:03:58.0609 5284 dac2w2k - ok
22:03:58.0625 5284 dac960nt - ok
22:03:58.0718 5284 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
22:03:58.0718 5284 DcomLaunch - ok
22:03:58.0781 5284 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
22:03:58.0781 5284 Dhcp - ok
22:03:58.0812 5284 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
22:03:58.0812 5284 Disk - ok
22:03:58.0828 5284 dmadmin - ok
22:03:58.0921 5284 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
22:03:58.0937 5284 dmboot - ok
22:03:58.0953 5284 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
22:03:58.0953 5284 dmio - ok
22:03:59.0000 5284 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
22:03:59.0000 5284 dmload - ok
22:03:59.0046 5284 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
22:03:59.0046 5284 dmserver - ok
22:03:59.0062 5284 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
22:03:59.0062 5284 DMusic - ok
22:03:59.0093 5284 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
22:03:59.0093 5284 Dnscache - ok
22:03:59.0171 5284 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
22:03:59.0171 5284 Dot3svc - ok
22:03:59.0187 5284 dpti2o - ok
22:03:59.0234 5284 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
22:03:59.0234 5284 drmkaud - ok
22:03:59.0296 5284 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
22:03:59.0296 5284 EapHost - ok
22:03:59.0406 5284 [ 27434C42A13C11F92CA45840B720D671 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
22:03:59.0421 5284 ehRecvr - ok
22:03:59.0437 5284 [ 16910F8B482919BB6035ED053B691692 ] ehSched C:\WINDOWS\eHome\ehSched.exe
22:03:59.0437 5284 ehSched - ok
22:03:59.0468 5284 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
22:03:59.0468 5284 ERSvc - ok
22:03:59.0531 5284 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
22:03:59.0531 5284 Eventlog - ok
22:03:59.0562 5284 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
22:03:59.0578 5284 EventSystem - ok
22:03:59.0671 5284 [ 2B1284C4EC97CC204F8430F5CCC2992F ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
22:03:59.0671 5284 EvtEng - ok
22:03:59.0718 5284 [ 3EF58F2EAE3AECAB45D682152DB2F67D ] exFat C:\WINDOWS\system32\drivers\exFat.sys
22:03:59.0734 5284 exFat - ok
22:03:59.0765 5284 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
22:03:59.0781 5284 Fastfat - ok
22:03:59.0812 5284 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:03:59.0828 5284 FastUserSwitchingCompatibility - ok
22:03:59.0859 5284 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
22:03:59.0859 5284 Fdc - ok
22:03:59.0890 5284 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
22:03:59.0890 5284 Fips - ok
22:03:59.0921 5284 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
22:03:59.0921 5284 Flpydisk - ok
22:03:59.0968 5284 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
22:03:59.0968 5284 FltMgr - ok
22:04:00.0046 5284 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:04:00.0046 5284 FontCache3.0.0.0 - ok
22:04:00.0109 5284 [ E0087225B137E57239FF40F8AE82059B ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
22:04:00.0109 5284 fssfltr - ok
22:04:00.0234 5284 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
22:04:00.0250 5284 fsssvc - ok
22:04:00.0312 5284 [ C865B83411D7347627A4BEEC22543FB1 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:04:00.0328 5284 Fs_Rec - ok
22:04:00.0359 5284 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:04:00.0359 5284 Ftdisk - ok
22:04:00.0390 5284 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:04:00.0390 5284 GEARAspiWDM - ok
22:04:00.0421 5284 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:04:00.0421 5284 Gpc - ok
22:04:00.0500 5284 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
22:04:00.0500 5284 gupdate - ok
22:04:00.0515 5284 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
22:04:00.0515 5284 gupdatem - ok
22:04:00.0578 5284 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:04:00.0593 5284 gusvc - ok
22:04:00.0640 5284 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:04:00.0656 5284 HDAudBus - ok
22:04:00.0703 5284 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:04:00.0703 5284 helpsvc - ok
22:04:00.0750 5284 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
22:04:00.0765 5284 HidServ - ok
22:04:00.0781 5284 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:04:00.0781 5284 hidusb - ok
22:04:00.0812 5284 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
22:04:00.0828 5284 hkmsvc - ok
22:04:00.0843 5284 hpn - ok
22:04:00.0843 5284 HSFHWAZL - ok
22:04:00.0843 5284 HSF_DPV - ok
22:04:00.0890 5284 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
22:04:00.0906 5284 HTTP - ok
22:04:00.0906 5284 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
22:04:00.0937 5284 HTTPFilter - ok
22:04:00.0937 5284 i2omgmt - ok
22:04:00.0937 5284 i2omp - ok
22:04:00.0953 5284 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:04:00.0953 5284 i8042prt - ok
22:04:01.0046 5284 [ 0F0194C4B635C10C3F785E4FEE52D641 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
22:04:01.0078 5284 ialm - ok
22:04:01.0187 5284 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:04:01.0203 5284 idsvc - ok
22:04:01.0234 5284 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
22:04:01.0234 5284 Imapi - ok
22:04:01.0296 5284 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
22:04:01.0343 5284 ImapiService - ok
22:04:01.0343 5284 ini910u - ok
22:04:01.0671 5284 [ AB2FE0FAA519880BD16E4A0792D633D2 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:04:01.0750 5284 IntcAzAudAddService - ok
22:04:01.0765 5284 IntelIde - ok
22:04:01.0796 5284 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:04:01.0796 5284 intelppm - ok
22:04:01.0828 5284 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
22:04:01.0828 5284 Ip6Fw - ok
22:04:01.0859 5284 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:04:01.0859 5284 IpFilterDriver - ok
22:04:01.0875 5284 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:04:01.0875 5284 IpInIp - ok
22:04:01.0906 5284 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:04:01.0906 5284 IpNat - ok
22:04:01.0984 5284 [ 9033D67B7112D23EDED6789BACDED128 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:04:02.0000 5284 iPod Service - ok
22:04:02.0015 5284 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:04:02.0015 5284 IPSec - ok
22:04:02.0031 5284 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
22:04:02.0031 5284 IRENUM - ok
22:04:02.0046 5284 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:04:02.0046 5284 isapnp - ok
22:04:02.0156 5284 [ 381B25DC8E958D905B33130D500BBF29 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
22:04:02.0156 5284 JavaQuickStarterService - ok
22:04:02.0171 5284 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:04:02.0171 5284 Kbdclass - ok
22:04:02.0187 5284 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:04:02.0187 5284 kbdhid - ok
22:04:02.0265 5284 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
22:04:02.0265 5284 kmixer - ok
22:04:02.0296 5284 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
22:04:02.0296 5284 KSecDD - ok
22:04:02.0375 5284 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
22:04:02.0390 5284 lanmanserver - ok
22:04:02.0421 5284 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:04:02.0437 5284 lanmanworkstation - ok
22:04:02.0437 5284 lbrtfdc - ok
22:04:02.0546 5284 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
22:04:02.0546 5284 LmHosts - ok
22:04:02.0546 5284 mdmxsdk - ok
22:04:02.0562 5284 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
22:04:02.0562 5284 Messenger - ok
22:04:02.0593 5284 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
22:04:02.0593 5284 MHN - ok
22:04:02.0625 5284 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
22:04:02.0625 5284 MHNDRV - ok
22:04:02.0656 5284 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
22:04:02.0671 5284 mnmdd - ok
22:04:02.0703 5284 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
22:04:02.0703 5284 mnmsrvc - ok
22:04:02.0734 5284 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
22:04:02.0734 5284 Modem - ok
22:04:02.0765 5284 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:04:02.0765 5284 Mouclass - ok
22:04:02.0765 5284 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:04:02.0765 5284 mouhid - ok
22:04:02.0796 5284 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
22:04:02.0796 5284 MountMgr - ok
22:04:02.0859 5284 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:04:02.0875 5284 MozillaMaintenance - ok
22:04:02.0875 5284 mraid35x - ok
22:04:02.0890 5284 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:04:02.0906 5284 MRxDAV - ok
22:04:02.0953 5284 [ 0EA4D8ED179B75F8AFA7998BA22285CA ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:04:02.0968 5284 MRxSmb - ok
22:04:02.0968 5284 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
22:04:02.0968 5284 MSDTC - ok
22:04:02.0984 5284 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
22:04:02.0984 5284 Msfs - ok
22:04:03.0000 5284 MSIServer - ok
22:04:03.0015 5284 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:04:03.0015 5284 MSKSSRV - ok
22:04:03.0031 5284 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:04:03.0031 5284 MSPCLOCK - ok
22:04:03.0062 5284 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:04:03.0062 5284 mssmbios - ok
22:04:03.0078 5284 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
22:04:03.0078 5284 Mup - ok
22:04:03.0140 5284 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
22:04:03.0156 5284 napagent - ok
22:04:03.0171 5284 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
22:04:03.0171 5284 NDIS - ok
22:04:03.0203 5284 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:04:03.0203 5284 NdisTapi - ok
22:04:03.0218 5284 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:04:03.0218 5284 Ndisuio - ok
22:04:03.0234 5284 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:04:03.0234 5284 NdisWan - ok
22:04:03.0296 5284 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
22:04:03.0296 5284 NDProxy - ok
22:04:03.0421 5284 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
22:04:03.0421 5284 NetBIOS - ok
22:04:03.0453 5284 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
22:04:03.0453 5284 NetBT - ok
22:04:03.0515 5284 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
22:04:03.0515 5284 NetDDE - ok
22:04:03.0531 5284 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
22:04:03.0531 5284 NetDDEdsdm - ok
22:04:03.0562 5284 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
22:04:03.0578 5284 Netlogon - ok
22:04:03.0593 5284 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
22:04:03.0593 5284 Netman - ok
22:04:03.0656 5284 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:04:03.0656 5284 NetTcpPortSharing - ok
22:04:03.0765 5284 [ F886500C285AF271FDD33BF8BA7B32EF ] NETw3x32 C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
22:04:03.0796 5284 NETw3x32 - ok
22:04:03.0812 5284 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:04:03.0812 5284 NIC1394 - ok
22:04:03.0859 5284 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
22:04:03.0859 5284 Nla - ok
22:04:03.0906 5284 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
22:04:03.0906 5284 Npfs - ok
22:04:03.0921 5284 npggsvc - ok
22:04:03.0937 5284 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
22:04:03.0953 5284 Ntfs - ok
22:04:03.0968 5284 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
22:04:03.0968 5284 NtLmSsp - ok
22:04:04.0015 5284 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
22:04:04.0031 5284 NtmsSvc - ok
22:04:04.0078 5284 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
22:04:04.0078 5284 NuidFltr - ok
22:04:04.0109 5284 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
22:04:04.0109 5284 Null - ok
22:04:04.0140 5284 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:04:04.0140 5284 NwlnkFlt - ok
22:04:04.0156 5284 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:04:04.0156 5284 NwlnkFwd - ok
22:04:04.0156 5284 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:04:04.0156 5284 ohci1394 - ok
22:04:04.0187 5284 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
22:04:04.0203 5284 Parport - ok
22:04:04.0203 5284 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
22:04:04.0203 5284 PartMgr - ok
22:04:04.0250 5284 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
22:04:04.0250 5284 ParVdm - ok
22:04:04.0296 5284 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
22:04:04.0296 5284 PCI - ok
22:04:04.0312 5284 PCIDump - ok
22:04:04.0328 5284 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
22:04:04.0328 5284 PCIIde - ok
22:04:04.0328 5284 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
22:04:04.0328 5284 Pcmcia - ok
22:04:04.0343 5284 PDCOMP - ok
22:04:04.0343 5284 PDFRAME - ok
22:04:04.0359 5284 PDRELI - ok
22:04:04.0359 5284 PDRFRAME - ok
22:04:04.0359 5284 perc2 - ok
22:04:04.0359 5284 perc2hib - ok
22:04:04.0406 5284 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
22:04:04.0406 5284 PlugPlay - ok
22:04:04.0406 5284 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
22:04:04.0406 5284 PolicyAgent - ok
22:04:04.0421 5284 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:04:04.0421 5284 PptpMiniport - ok
22:04:04.0437 5284 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:04:04.0437 5284 ProtectedStorage - ok
22:04:04.0437 5284 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
22:04:04.0453 5284 PSched - ok
22:04:04.0453 5284 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:04:04.0453 5284 Ptilink - ok
22:04:04.0500 5284 [ 40F2031BD9148D3194353EA7DEC97A07 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:04:04.0500 5284 PxHelp20 - ok
22:04:04.0500 5284 ql1080 - ok
22:04:04.0500 5284 Ql10wnt - ok
22:04:04.0500 5284 ql12160 - ok
22:04:04.0515 5284 ql1240 - ok
22:04:04.0515 5284 ql1280 - ok
22:04:04.0515 5284 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:04:04.0515 5284 RasAcd - ok
22:04:04.0546 5284 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
22:04:04.0546 5284 RasAuto - ok
22:04:04.0562 5284 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:04:04.0562 5284 Rasl2tp - ok
22:04:04.0609 5284 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
22:04:04.0625 5284 RasMan - ok
22:04:04.0640 5284 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:04:04.0640 5284 RasPppoe - ok
22:04:04.0656 5284 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
22:04:04.0656 5284 Raspti - ok
22:04:04.0671 5284 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:04:04.0671 5284 Rdbss - ok
22:04:04.0687 5284 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:04:04.0687 5284 RDPCDD - ok
22:04:04.0703 5284 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:04:04.0703 5284 rdpdr - ok
22:04:04.0750 5284 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
22:04:04.0750 5284 RDPWD - ok
22:04:04.0781 5284 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
22:04:04.0781 5284 RDSessMgr - ok
22:04:04.0796 5284 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
22:04:04.0796 5284 redbook - ok
22:04:04.0843 5284 [ C35EC743558ED20FBC99C47616F9415E ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
22:04:04.0859 5284 RegSrvc - ok
22:04:04.0890 5284 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
22:04:04.0890 5284 RemoteAccess - ok
22:04:04.0921 5284 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
22:04:04.0937 5284 RemoteRegistry - ok
22:04:04.0953 5284 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
22:04:04.0953 5284 RpcLocator - ok
22:04:04.0984 5284 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
22:04:04.0984 5284 RpcSs - ok
22:04:05.0046 5284 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
22:04:05.0046 5284 RSVP - ok
22:04:05.0093 5284 [ D72566C2E6A9EE9BA5B0D1F855AF74CF ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
22:04:05.0125 5284 S24EventMonitor - ok
22:04:05.0140 5284 [ D4661148E44816B6501BE8F4466D65B0 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
22:04:05.0140 5284 s24trans - ok
22:04:05.0156 5284 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
22:04:05.0156 5284 SamSs - ok
22:04:05.0171 5284 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
22:04:05.0171 5284 SCardSvr - ok
22:04:05.0203 5284 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
22:04:05.0218 5284 Schedule - ok
22:04:05.0453 5284 [ 331E7BDE228914574FC9AE6CD520DAFA ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
22:04:05.0453 5284 SeaPort - ok
22:04:05.0484 5284 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:04:05.0484 5284 Secdrv - ok
22:04:05.0531 5284 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
22:04:05.0546 5284 seclogon - ok
22:04:05.0546 5284 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
22:04:05.0546 5284 SENS - ok
22:04:05.0546 5284 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
22:04:05.0562 5284 Serial - ok
22:04:05.0578 5284 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
22:04:05.0578 5284 Sfloppy - ok
22:04:05.0640 5284 [ A43F36201F68C96DA6CB7B1B0B788C60 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
22:04:05.0656 5284 SharedAccess - ok
22:04:05.0671 5284 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:04:05.0671 5284 ShellHWDetection - ok
22:04:05.0671 5284 Simbad - ok
22:04:05.0718 5284 [ 14BB60A4F1C5291217A05D5728C403E6 ] SmartDefragDriver C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
22:04:05.0718 5284 SmartDefragDriver - ok
22:04:05.0750 5284 [ 1A992C8136C015453E82041C35B299DA ] SNC C:\WINDOWS\system32\DRIVERS\SonyNC.sys
22:04:05.0750 5284 SNC - ok
22:04:05.0750 5284 Sparrow - ok
22:04:05.0765 5284 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
22:04:05.0765 5284 splitter - ok
22:04:05.0812 5284 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
22:04:05.0812 5284 Spooler - ok
22:04:05.0828 5284 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
22:04:05.0828 5284 sr - ok
22:04:05.0843 5284 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
22:04:05.0859 5284 srservice - ok
22:04:05.0890 5284 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
22:04:05.0906 5284 Srv - ok
22:04:05.0937 5284 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
22:04:05.0937 5284 SSDPSRV - ok
22:04:05.0984 5284 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
22:04:05.0984 5284 StillCam - ok
22:04:06.0000 5284 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
22:04:06.0015 5284 stisvc - ok
22:04:06.0046 5284 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
22:04:06.0046 5284 swenum - ok
22:04:06.0062 5284 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
22:04:06.0062 5284 swmidi - ok
22:04:06.0062 5284 SwPrv - ok
22:04:06.0078 5284 symc810 - ok
22:04:06.0078 5284 symc8xx - ok
22:04:06.0078 5284 sym_hi - ok
22:04:06.0093 5284 sym_u3 - ok
22:04:06.0109 5284 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
22:04:06.0109 5284 sysaudio - ok
22:04:06.0140 5284 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
22:04:06.0156 5284 SysmonLog - ok
22:04:06.0500 5284 [ 099AEE120CAC4A43CE307A828998392F ] TabletServicePen C:\WINDOWS\system32\Pen_Tablet.exe
22:04:06.0609 5284 TabletServicePen - ok
22:04:06.0640 5284 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
22:04:06.0656 5284 TapiSrv - ok
22:04:06.0703 5284 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:04:06.0703 5284 Tcpip - ok
22:04:06.0750 5284 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
22:04:06.0750 5284 TDPIPE - ok
22:04:06.0765 5284 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
22:04:06.0765 5284 TDTCP - ok
22:04:06.0796 5284 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
22:04:06.0796 5284 TermDD - ok
22:04:06.0828 5284 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
22:04:06.0828 5284 TermService - ok
22:04:06.0859 5284 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
22:04:06.0859 5284 Themes - ok
22:04:06.0921 5284 [ 26587CE8E6C6F16B8B4E7E2C16FA00BF ] ti21sony C:\WINDOWS\system32\drivers\ti21sony.sys
22:04:06.0937 5284 ti21sony - ok
22:04:06.0984 5284 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
22:04:06.0984 5284 TlntSvr - ok
22:04:07.0031 5284 TosIde - ok
22:04:07.0078 5284 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
22:04:07.0093 5284 TrkWks - ok
22:04:07.0125 5284 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
22:04:07.0140 5284 Udfs - ok
22:04:07.0171 5284 ultra - ok
22:04:07.0250 5284 [ 1977313E362C8732C1AF4D1BCB9C06B7 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
22:04:07.0265 5284 UMWdf - ok
22:04:07.0406 5284 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
22:04:07.0406 5284 Update - ok
22:04:07.0468 5284 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
22:04:07.0484 5284 upnphost - ok
22:04:07.0484 5284 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
22:04:07.0484 5284 UPS - ok
22:04:07.0546 5284 [ D4FB6ECC60A428564BA8768B0E23C0FC ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
22:04:07.0546 5284 USBAAPL - ok
22:04:07.0625 5284 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:04:07.0625 5284 usbccgp - ok
22:04:07.0640 5284 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:04:07.0640 5284 usbehci - ok
22:04:07.0687 5284 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:04:07.0703 5284 usbhub - ok
22:04:07.0734 5284 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:04:07.0734 5284 usbscan - ok
22:04:07.0750 5284 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:04:07.0750 5284 usbstor - ok
22:04:07.0765 5284 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:04:07.0765 5284 usbuhci - ok
22:04:07.0781 5284 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
22:04:07.0781 5284 VgaSave - ok
22:04:07.0781 5284 ViaIde - ok
22:04:07.0812 5284 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
22:04:07.0812 5284 VolSnap - ok
22:04:07.0828 5284 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
22:04:07.0843 5284 VSS - ok
22:04:07.0875 5284 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
22:04:07.0875 5284 W32Time - ok
22:04:07.0921 5284 [ 8724531219AE3F9E3729012B61DCE527 ] wacmoumonitor C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
22:04:07.0921 5284 wacmoumonitor - ok
22:04:07.0968 5284 [ 427A8BC96F16C40DF81C2D2F4EDD32DD ] wacommousefilter C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
22:04:07.0968 5284 wacommousefilter - ok
22:04:07.0984 5284 [ 51D580F30D1A1F2EA4965AF6ABC2BCB2 ] wacomvhid C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
22:04:07.0984 5284 wacomvhid - ok
22:04:08.0015 5284 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:04:08.0015 5284 Wanarp - ok
22:04:08.0078 5284 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
22:04:08.0093 5284 Wdf01000 - ok
22:04:08.0093 5284 WDICA - ok
22:04:08.0125 5284 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
22:04:08.0125 5284 wdmaud - ok
22:04:08.0156 5284 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
22:04:08.0171 5284 WebClient - ok
22:04:08.0171 5284 winachsf - ok
22:04:08.0250 5284 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
22:04:08.0250 5284 winmgmt - ok
22:04:08.0328 5284 [ 6EAA72FD9EF993EC1FA9A06DE65105DA ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
22:04:08.0359 5284 WmdmPmSN - ok
22:04:08.0531 5284 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
22:04:08.0578 5284 Wmi - ok
22:04:08.0625 5284 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:04:08.0640 5284 WmiApSrv - ok
22:04:08.0703 5284 [ D87EA9F191DF6731818FFD93659BADF4 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
22:04:08.0703 5284 WpdUsb - ok
22:04:08.0781 5284 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:04:08.0781 5284 WS2IFSL - ok
22:04:08.0828 5284 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
22:04:08.0828 5284 wscsvc - ok
22:04:08.0906 5284 [ 77A3988CF9B5848BCBC9FB6A79508A56 ] WTouchService C:\Program Files\WTouch\WTouchService.exe
22:04:08.0906 5284 WTouchService - ok
22:04:08.0953 5284 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
22:04:09.0015 5284 wuauserv - ok
22:04:09.0093 5284 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
22:04:09.0093 5284 WZCSVC - ok
22:04:09.0125 5284 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
22:04:09.0140 5284 xmlprov - ok
22:04:09.0187 5284 [ 228D0403F0210D6D67A9ACF907597EFE ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys
22:04:09.0203 5284 yukonwxp - ok
22:04:09.0203 5284 ================ Scan global ===============================
22:04:09.0234 5284 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
22:04:09.0296 5284 [ 42B5427FAC23BF6F1F31E466B7FEB084 ] C:\WINDOWS\system32\winsrv.dll
22:04:09.0343 5284 [ 42B5427FAC23BF6F1F31E466B7FEB084 ] C:\WINDOWS\system32\winsrv.dll
22:04:09.0390 5284 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
22:04:09.0390 5284 [Global] - ok
22:04:09.0390 5284 ================ Scan MBR ==================================
22:04:09.0390 5284 [ 2839639FA37B8353E792A2A30A12CED3 ] \Device\Harddisk0\DR0
22:04:09.0390 5284 Suspicious mbr (Forged): \Device\Harddisk0\DR0
22:04:09.0437 5284 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
22:04:09.0437 5284 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
22:04:09.0437 5284 ================ Scan VBR ==================================
22:04:09.0437 5284 [ BB6F753E3C1EBBA2925874AD482170BD ] \Device\Harddisk0\DR0\Partition1
22:04:09.0453 5284 \Device\Harddisk0\DR0\Partition1 - ok
22:04:09.0453 5284 ============================================================
22:04:09.0453 5284 Scan finished
22:04:09.0453 5284 ============================================================
22:04:09.0468 5280 Detected object count: 1
22:04:09.0468 5280 Actual detected object count: 1
22:04:24.0187 5280 \Device\Harddisk0\DR0\# - copied to quarantine
22:04:24.0187 5280 \Device\Harddisk0\DR0 - copied to quarantine
22:04:24.0234 5280 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
22:04:24.0250 5280 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
22:04:24.0265 5280 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
22:04:24.0265 5280 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
22:04:24.0265 5280 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
22:04:24.0437 5280 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
22:04:24.0453 5280 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
22:04:24.0453 5280 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
22:04:24.0468 5280 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
22:04:24.0484 5280 \Device\Harddisk0\DR0\TDLFS\jcoenk - copied to quarantine
22:04:24.0515 5280 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
22:04:24.0515 5280 \Device\Harddisk0\DR0 - ok
22:04:24.0609 5280 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
22:04:50.0171 4168 Deinitialize success

#11 Yoko123

Yoko123
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 23 October 2012 - 12:55 AM

The aswMBR scan is taking a while.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 134,620 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:23 AM

Posted 23 October 2012 - 01:09 AM

no problem I will check it when it is ready



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Yoko123

Yoko123
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 23 October 2012 - 01:20 AM

I'm not sure if it's frozen or something because the scan has been scanning something for about 10 minutes now and it's not doing anything. Should I redo the scan?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 134,620 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:23 AM

Posted 23 October 2012 - 01:28 AM

wait 10 more min


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Yoko123

Yoko123
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 23 October 2012 - 01:41 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-22 22:11:44
-----------------------------
22:11:44.796 OS Version: Windows 5.1.2600 Service Pack 3
22:11:44.796 Number of processors: 2 586 0xE08
22:11:44.796 ComputerName: 2B2E6818793041F UserName: Owner
22:11:48.968 Initialize success
22:19:41.812 AVAST engine defs: 12102201
22:20:22.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
22:20:22.718 Disk 0 Vendor: HTS541080G9SA00 MB4OC65D Size: 76319MB BusType: 3
22:20:22.734 Disk 1 \Device\Harddisk1\DR2 -> \Device\00000088
22:20:22.750 Disk 1 Vendor: ( Size: 76319MB BusType: 0
22:20:22.765 Disk 2 \Device\Harddisk2\DR3 -> \Device\00000089
22:20:22.781 Disk 2 Vendor: ( Size: 76319MB BusType: 0
22:20:22.812 Disk 0 MBR read successfully
22:20:22.828 Disk 0 MBR scan
22:20:22.890 Disk 0 Windows XP default MBR code
22:20:22.906 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
22:20:22.921 Disk 0 scanning sectors +156280320
22:20:23.062 Disk 0 scanning C:\WINDOWS\system32\drivers
22:20:33.625 Service scanning
22:20:53.562 Modules scanning
22:20:59.812 Disk 0 trace - called modules:
22:20:59.890 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:20:59.937 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86544ab8]
22:20:59.984 3 CLASSPNP.SYS[f761efd7] -> nt!IofCallDriver -> \Device\0000007f[0x865a42f0]
22:21:00.031 5 ACPI.sys[f7467620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x865a3030]
22:21:03.671 AVAST engine scan C:\WINDOWS
22:21:29.546 AVAST engine scan C:\WINDOWS\system32
22:26:24.453 AVAST engine scan C:\WINDOWS\system32\drivers
22:27:06.156 AVAST engine scan C:\Documents and Settings\Owner
23:37:48.234 AVAST engine scan C:\Documents and Settings\All Users
23:39:30.406 Scan finished successfully
23:40:33.375 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
23:40:33.390 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users