Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijack


  • This topic is locked This topic is locked
26 replies to this topic

#1 Dacar92

Dacar92

  • Members
  • 220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago
  • Local time:05:18 PM

Posted 05 November 2012 - 10:27 AM

Much thanks to Gringo for helping me on the last issue. Now my kids computer has hijack issues. It is not hijacked all the time, just once in a while. I am not sure what you would want me to post first so I will await further instructions.

Thanks in advance.
What's the point in being grown up if you can't be childish sometimes? -- The Doctor

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:18 PM

Posted 05 November 2012 - 01:08 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Dacar92

Dacar92
  • Topic Starter

  • Members
  • 220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago
  • Local time:05:18 PM

Posted 05 November 2012 - 03:43 PM

Three logs to follow:

Results of screen317's Security Check version 0.99.54
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
ZoneAlarm Antivirus
ZoneAlarm Firewall
ZoneAlarm Internet Security Suite
ZoneAlarm LTD Toolbar
ZoneAlarm Security
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader 7 Adobe Reader out of Date!
Mozilla Firefox (16.0.2)
````````Process Check: objlist.exe by Laurent````````
CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm zatray.exe
CheckPoint ZoneAlarm MailFrontier mantispm.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 21% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Admin at 14:33:51 on 2012-11-05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1378 [GMT -6:00]
.
AV: ZoneAlarm Internet Security Suite Antivirus *Enabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Internet Security Suite Firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\RocketFish\RF5.1\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SetDefaultMIDI] MIDIDef.exe
mRun: [nwiz] nwiz.exe /installquiet
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [CTSysVol] c:\program files\rocketfish\rf5.1\surround mixer\CTSysVol.exe /r
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
dRun: [Mozilla] rundll32.exe "c:\documents and settings\admin\local settings\application data\western digital\mozilla\bnfgxamam.dll",CreateInstance
dRun: [Adobe] rundll32.exe "c:\documents and settings\admin\local settings\application data\apple computer\adobe\kbbdncwvq.dll",CreateInstance
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1331948840640
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{AFE12BE1-3306-4BE0-8A33-BA2B257A48F4} : DHCPNameServer = 192.168.0.1
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\admin\application data\mozilla\firefox\profiles\ca5brwe8.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/|http://www.foxnews.com/
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\windows\npMSDM.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll
FF - ExtSQL: 2012-10-15 22:20; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\checkpoint\zaforcefield\TrustChecker
.
============= SERVICES / DRIVERS ===============
.
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2010-10-14 133208]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-10-14 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-9-21 485808]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-7-25 27056]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-7-25 497320]
R2 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2012-10-9 526640]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2009-7-31 341504]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S2 DVR2INS;ADS Instant DVD 2.0;c:\windows\system32\drivers\dvr2ins.sys [2012-4-22 34792]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 250808]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-21 115168]
.
=============== Created Last 30 ================
.
2012-10-24 21:07:33 -------- d-----w- c:\program files\VS Revo Group
2012-10-15 22:39:34 -------- d-----w- c:\program files\iPod
2012-10-15 22:39:28 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-10-09 16:28:35 -------- d-----w- c:\documents and settings\all users\application data\Blizzard
2012-10-09 15:39:25 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
==================== Find3M ====================
.
2012-10-25 21:24:02 2256 ----a-w- c:\windows\current_settings.bin
2012-10-09 15:39:29 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 15:39:29 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-30 00:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-23 16:17:46 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-09-11 20:38:25 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2012-09-11 20:38:25 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 18:01:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 18:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-21 13:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:09 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 14:35:13.32 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 3/14/2012 10:16:44 PM
System Uptime: 11/5/2012 8:00:26 AM (6 hours ago)
.
Motherboard: ASUSTek Computer Inc. | | P4SD-VX
Processor: Intel® Pentium® 4 CPU 3.00GHz | CPU 1 | 2992/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 160 GiB total, 83.508 GiB free.
D: is FIXED (NTFS) - 138 GiB total, 45.277 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 233 GiB total, 13.5 GiB free.
G: is CDROM ()
H: is CDROM (UDF1.50)
J: is FIXED (NTFS) - 465 GiB total, 71.949 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&35F762C4&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&35F762C4&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP175: 11/5/2012 9:05:34 AM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 7.0
ADS Tech Master Installer V3.0
ADS Tech Master Installer V3.8
ADS Tech V3.8 DVD Xpress DX2 CapWiz
AMD APP SDK Runtime
AMD Catalyst Install Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
Audacity 2.0.2
AutoUpdate
Bonjour
Call of Duty: Modern Warfare 3
Call of Duty: Modern Warfare 3 - Dedicated Server
Call of Duty: Modern Warfare 3 - Multiplayer
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon MP Navigator EX 5.1
Canon MX430 series MP Drivers
Canon MX430 series On-screen Manual
Canon MX430 series User Registration
Canon My Printer
Canon Solution Menu EX
Canon Speed Dial Utility
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization All
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Click to DVD 1.3
Diablo II
Diablo III
DivX
Drag'n Drop CD+DVD
DVgate Plus
Fallout 3
FFmpeg for Audacity on Windows
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
Intel® Extreme Graphics Driver
Intel® PRO Network Adapters and Drivers
iTunes
Java Auto Updater
Java™ 6 Update 31
LADSPA_plugins-win-0.4.15
LAME v3.99.3 (for Windows)
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Malwarebytes Anti-Malware version 1.65.1.1000
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Download Manager
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office File Validation Add-In
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mihov Picture Downloader 1.4 (remove only)
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
MSN Messenger 5.0
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Visualizer Library 1.4.00
NETGEAR WG111v3 wireless USB 2.0 adapter
NVIDIA Windows 2000/XP Display Drivers
Oblivion
Oblivion - Horse Armor Pack
Oblivion - Knights of the Nine
Oblivion - Mehrunes Razor
Oblivion - Orrery
Oblivion - Spell Tomes
Oblivion - Thieves Den
Oblivion - Vile Lair
Oblivion - Wizard's Tower
OpenMG Limited Patch 3.2-03-02-21-08
OpenMG Limited Patch 3.2-03-03-18-01
OpenMG Limited Patch 3.2-03-04-14-02
OpenMG Secure Module 3.2
PictureGear Studio 2.0
PowerDVD
QuickTime
RealOne Player
Revo Uninstaller 1.94
RocketFish 5.1
Roxio Drag-to-Disc
Roxio Easy Media Creator 9 Suite
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Shockwave
SmartSound Quicktracks Plugin
SonicStage 1.6.00
Sony Certificate PCH
Sony Video Shared Library
Steam
Torchlight II
Ulead DVD DiskRecorder 2.1.1
Ulead Straight-to-Disc SDK
Ulead VideoStudio 9.0 SE DVD
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VAIO BrightColor Wallpaper
VAIO Help and Support
VAIO Media 2.6
VAIO Media Integrated Server 2.6
VAIO Media Redistribution 2.6
VAIO Registration
VAIO Support
VAIO Survey Standalone
VAIO System Information
VC 9.0 Runtime
Viewpoint Media Player (Remove Only)
VLC media player 2.0.1
WebFldrs XP
Welcome to VAIO life
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows XP Service Pack 3
Xingtone Ringtone Maker
ZoneAlarm Antivirus
ZoneAlarm Firewall
ZoneAlarm Internet Security Suite
ZoneAlarm LTD Toolbar
ZoneAlarm Security
.
==== Event Viewer Messages From Past Week ========
.
10/29/2012 6:18:12 PM, error: Dhcp [1002] - The IP address lease 192.168.0.5 for the Network Card with network address C03F0E3FA204 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
10/29/2012 1:15:38 PM, error: Service Control Manager [7000] - The ADS Instant DVD 2.0 service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
==== End Of File ===========================
What's the point in being grown up if you can't be childish sometimes? -- The Doctor

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:18 PM

Posted 05 November 2012 - 05:30 PM

Hello


These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Dacar92

Dacar92
  • Topic Starter

  • Members
  • 220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago
  • Local time:05:18 PM

Posted 06 November 2012 - 09:04 AM

2 reports to follow:


# AdwCleaner v2.006 - Logfile created 11/06/2012 at 07:42:20
# Updated 30/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Admin - KIDS
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Admin\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2D360201-FFF5-11D1-8D03-00A0C959BC0A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ca5brwe8.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\PherfBomb\Application Data\Mozilla\Firefox\Profiles\4p14f9vt.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1966 octets] - [06/11/2012 07:42:20]

########## EOF - C:\AdwCleaner[S1].txt - [2026 octets] ##########


RogueKiller V8.2.2 [11/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Admin [Admin rights]
Mode : Scan -- Date : 11/06/2012 08:04:32

Bad processes : 0

Registry Entries : 11
[RUN][SUSP PATH] HKUS\.DEFAULT[...]\Run : Mozilla (rundll32.exe "C:\Documents and Settings\Admin\Local Settings\Application Data\Western Digital\Mozilla\bnfgxamam.dll",CreateInstance) -> FOUND
[RUN][SUSP PATH] HKUS\.DEFAULT[...]\Run : Adobe (rundll32.exe "C:\Documents and Settings\Admin\Local Settings\Application Data\Apple Computer\Adobe\kbbdncwvq.dll",CreateInstance) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-19[...]\Run : Mozilla (rundll32.exe "C:\Documents and Settings\Admin\Local Settings\Application Data\Western Digital\Mozilla\bnfgxamam.dll",CreateInstance) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-19[...]\Run : Adobe (rundll32.exe "C:\Documents and Settings\Admin\Local Settings\Application Data\Apple Computer\Adobe\kbbdncwvq.dll",CreateInstance) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-20[...]\Run : Mozilla (rundll32.exe "C:\Documents and Settings\Admin\Local Settings\Application Data\Western Digital\Mozilla\bnfgxamam.dll",CreateInstance) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-20[...]\Run : Adobe (rundll32.exe "C:\Documents and Settings\Admin\Local Settings\Application Data\Apple Computer\Adobe\kbbdncwvq.dll",CreateInstance) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18[...]\Run : Mozilla (rundll32.exe "C:\Documents and Settings\Admin\Local Settings\Application Data\Western Digital\Mozilla\bnfgxamam.dll",CreateInstance) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18[...]\Run : Adobe (rundll32.exe "C:\Documents and Settings\Admin\Local Settings\Application Data\Apple Computer\Adobe\kbbdncwvq.dll",CreateInstance) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:

Driver : [LOADED]

HOSTS File:
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: WDC WD3200AAJB-00J3A0 +++++
--- User ---
[MBR] 333538f1f62d3cde06d38e12f9670947
[BSP] 5dba248f4fe191ef2c02cb20fdb3516c : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 163842 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 335549655 | Size: 141400 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD2500JB-00REA0 +++++
--- User ---
[MBR] 94aca397224c881be881263df469e339
[BSP] 45251c8fe3b79108f6b37e778f40652a : Standard MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238472 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_11062012_02d0804.txt >>
RKreport[1]_S_11062012_02d0804.txt
What's the point in being grown up if you can't be childish sometimes? -- The Doctor

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:18 PM

Posted 06 November 2012 - 11:29 AM

Hello Dacar92

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Dacar92

Dacar92
  • Topic Starter

  • Members
  • 220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago
  • Local time:05:18 PM

Posted 06 November 2012 - 12:36 PM

Hi Gringo,

The computer seems to be running ok but the hijacking was infrequent so I just need a bit of time to see. I will make sure to use it a lot in the next couple of days. Here is the Combofix log:

ComboFix 12-11-06.03 - Admin 11/06/2012 11:11:34.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.2111 [GMT -6:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-06 to 2012-11-06 )))))))))))))))))))))))))))))))
.
.
2012-10-24 21:07 . 2012-10-24 21:07 -------- d-----w- c:\program files\VS Revo Group
2012-10-15 22:39 . 2012-10-15 22:39 -------- d-----w- c:\program files\iPod
2012-10-15 22:39 . 2012-10-15 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-10-09 16:28 . 2012-10-09 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2012-10-09 15:39 . 2012-10-09 15:39 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 15:39 . 2012-04-04 00:56 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 15:39 . 2012-03-15 22:47 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-30 00:54 . 2012-08-03 20:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-23 16:17 . 2012-09-23 16:17 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-09-11 20:38 . 2012-09-11 20:38 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2012-09-11 20:38 . 2012-09-11 20:38 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2012-08-28 15:14 . 2003-08-14 02:58 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2003-08-14 02:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2003-08-14 02:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2012-03-15 03:55 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2003-08-14 02:58 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 18:01 . 2012-03-17 18:44 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 18:01 . 2012-03-17 18:44 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-21 13:33 . 2002-08-29 01:04 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2002-08-29 01:04 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-27 03:11 . 2012-10-27 03:11 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2002-12-03 49152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2003-07-16 323584]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-06 335872]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-06 98304]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-10-09 73392]
"CTSysVol"="c:\program files\RocketFish\RF5.1\Surround Mixer\CTSysVol.exe" [2007-09-05 57344]
"P17Helper"="P17.dll" [2008-07-16 65536]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2009-12-23 2330624]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=c:\documents and settings\Admin\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-28 02:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2011-07-19 13:23 2567272 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2011-08-04 19:41 1637496 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD_Reminder]
2003-04-18 00:51 53248 ----a-w- c:\windows\SONYSYS\VAIO Recovery\Reminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
2002-08-20 17:29 40960 ----a-w- c:\windows\system32\ezSP_Px.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScannerSelectorEX]
2011-09-27 16:44 439440 ----a-w- c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-10 04:30 421776 ----a-w- d:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-07-16 18:22 4743168 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-03-17 18:54 98304 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-07-31 14:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-08-10 17:10 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-08-22 00:48 1353080 ----a-w- d:\program files\CoD-MW3\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 20:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 05:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
2003-03-17 18:52 1056768 ----a-w- c:\program files\Sony\VAIO Survey\SurveySA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZTgServerSwitch]
2003-06-24 00:32 1409024 ----a-w- c:\program files\support.com\client\bin\tgcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
"d:\\Program Files\\CoD-MW3\\Steam.exe"=
"d:\\Program Files\\CoD-MW3\\SteamApps\\common\\call of duty modern warfare 3\\iw5mp_server.exe"=
"d:\\Program Files\\CoD-MW3\\SteamApps\\common\\call of duty modern warfare 3\\iw5sp.exe"=
"d:\\Program Files\\CoD-MW3\\SteamApps\\common\\call of duty modern warfare 3\\iw5mp.exe"=
"d:\\Program Files\\CoD-MW3\\SteamApps\\common\\Torchlight II\\Torchlight2.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [10/14/2010 4:08 PM 11352]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 1:13 PM 38144]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [7/25/2011 6:57 AM 27056]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [7/25/2011 6:57 AM 497320]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [7/31/2009 3:12 PM 341504]
S2 DVR2INS;ADS Instant DVD 2.0;c:\windows\system32\drivers\dvr2ins.sys [4/22/2012 10:46 AM 34792]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 3:06 PM 11520]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 15:40]
.
2012-03-15 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\System32\OOBE\oobebaln.exe [2003-08-14 10:42]
.
2012-03-15 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\System32\OOBE\oobebaln.exe [2003-08-14 10:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\ca5brwe8.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/|http://www.foxnews.com/
FF - ExtSQL: 2012-10-15 22:20; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\TrustChecker
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-ISW - (no file)
MSConfigStartUp-Adobe - c:\documents and settings\Admin\Local Settings\Application Data\Apple Computer\Adobe\kbbdncwvq.dll
MSConfigStartUp-DMXLauncher - c:\program files\Roxio\Media Experience\DMXLauncher.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-06 11:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\07\01\1e\0f\0f6"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(948)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(1004)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2012-11-06 11:24:45
ComboFix-quarantined-files.txt 2012-11-06 17:24
.
Pre-Run: 89,532,493,824 bytes free
Post-Run: 89,941,458,944 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 1CDB8B0F42565BCC304325A391FA2299
What's the point in being grown up if you can't be childish sometimes? -- The Doctor

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:18 PM

Posted 06 November 2012 - 12:57 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Dacar92

Dacar92
  • Topic Starter

  • Members
  • 220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago
  • Local time:05:18 PM

Posted 06 November 2012 - 01:05 PM

Here is the TDSS KIller log file. Running aswMBR now.

Question, should we scan the 2 external drives on this machine? One of your first instructions was to disconnect them.

Thanks

12:04:31.0078 2620 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:04:31.0437 2620 ============================================================
12:04:31.0437 2620 Current date / time: 2012/11/06 12:04:31.0437
12:04:31.0437 2620 SystemInfo:
12:04:31.0437 2620
12:04:31.0437 2620 OS Version: 5.1.2600 ServicePack: 3.0
12:04:31.0437 2620 Product type: Workstation
12:04:31.0437 2620 ComputerName: KIDS
12:04:31.0437 2620 UserName: Admin
12:04:31.0437 2620 Windows directory: C:\WINDOWS
12:04:31.0437 2620 System windows directory: C:\WINDOWS
12:04:31.0437 2620 Processor architecture: Intel x86
12:04:31.0437 2620 Number of processors: 2
12:04:31.0453 2620 Page size: 0x1000
12:04:31.0453 2620 Boot type: Normal boot
12:04:31.0453 2620 ============================================================
12:04:32.0531 2620 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:04:32.0531 2620 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:04:32.0531 2620 Drive \Device\Harddisk2\DR19 - Size: 0x78800000 (1.88 Gb), SectorSize: 0x200, Cylinders: 0xF5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:04:32.0531 2620 ============================================================
12:04:32.0531 2620 \Device\Harddisk0\DR0:
12:04:32.0531 2620 MBR partitions:
12:04:32.0531 2620 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x14001498
12:04:32.0546 2620 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x14001516, BlocksNum 0x1142C1AB
12:04:32.0546 2620 \Device\Harddisk1\DR1:
12:04:32.0546 2620 MBR partitions:
12:04:32.0546 2620 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
12:04:32.0546 2620 \Device\Harddisk2\DR19:
12:04:32.0546 2620 MBR partitions:
12:04:32.0546 2620 ============================================================
12:04:32.0593 2620 C: <-> \Device\Harddisk0\DR0\Partition1
12:04:32.0609 2620 D: <-> \Device\Harddisk0\DR0\Partition2
12:04:32.0656 2620 F: <-> \Device\Harddisk1\DR1\Partition1
12:04:32.0656 2620 ============================================================
12:04:32.0656 2620 Initialize success
12:04:32.0656 2620 ============================================================
12:05:33.0390 2336 ============================================================
12:05:33.0390 2336 Scan started
12:05:33.0390 2336 Mode: Manual;
12:05:33.0390 2336 ============================================================
12:05:33.0890 2336 ================ Scan system memory ========================
12:05:33.0906 2336 System memory - ok
12:05:33.0906 2336 ================ Scan services =============================
12:05:34.0046 2336 Abiosdsk - ok
12:05:34.0046 2336 abp480n5 - ok
12:05:34.0093 2336 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:05:34.0093 2336 ACPI - ok
12:05:34.0125 2336 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
12:05:34.0125 2336 ACPIEC - ok
12:05:34.0203 2336 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:05:34.0203 2336 AdobeFlashPlayerUpdateSvc - ok
12:05:34.0218 2336 adpu160m - ok
12:05:34.0265 2336 [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
12:05:34.0265 2336 aeaudio - ok
12:05:34.0281 2336 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:05:34.0281 2336 aec - ok
12:05:34.0328 2336 [ 023867B6606FBABCDD52E089C4A507DA ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
12:05:34.0328 2336 AegisP - ok
12:05:34.0359 2336 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:05:34.0359 2336 AFD - ok
12:05:34.0375 2336 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
12:05:34.0390 2336 agp440 - ok
12:05:34.0390 2336 Aha154x - ok
12:05:34.0406 2336 aic78u2 - ok
12:05:34.0421 2336 aic78xx - ok
12:05:34.0468 2336 [ 18D0AE5BC1D09D55BD6837A409BB2FFC ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
12:05:34.0484 2336 ALCXWDM - ok
12:05:34.0515 2336 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:05:34.0515 2336 Alerter - ok
12:05:34.0546 2336 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
12:05:34.0546 2336 ALG - ok
12:05:34.0562 2336 AliIde - ok
12:05:34.0562 2336 amsint - ok
12:05:34.0671 2336 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:05:34.0671 2336 Apple Mobile Device - ok
12:05:34.0687 2336 AppMgmt - ok
12:05:34.0718 2336 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:05:34.0718 2336 Arp1394 - ok
12:05:34.0734 2336 asc - ok
12:05:34.0750 2336 asc3350p - ok
12:05:34.0765 2336 asc3550 - ok
12:05:34.0843 2336 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:05:34.0843 2336 aspnet_state - ok
12:05:34.0875 2336 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:05:34.0875 2336 AsyncMac - ok
12:05:34.0906 2336 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:05:34.0906 2336 atapi - ok
12:05:34.0921 2336 Atdisk - ok
12:05:34.0968 2336 [ 944E535926628FB2FA33435EB848F94E ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
12:05:34.0968 2336 Ati HotKey Poller - ok
12:05:35.0187 2336 [ 0997918A56A6E09DDF7BDFC0EBE8A99D ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:05:35.0250 2336 ati2mtag - ok
12:05:35.0296 2336 [ DC6957811FF95F2DD3004361B20D8D3F ] AtiHdmiService C:\WINDOWS\system32\drivers\AtiHdmi.sys
12:05:35.0312 2336 AtiHdmiService - ok
12:05:35.0343 2336 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:05:35.0343 2336 Atmarpc - ok
12:05:35.0375 2336 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:05:35.0375 2336 AudioSrv - ok
12:05:35.0421 2336 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:05:35.0421 2336 audstub - ok
12:05:35.0484 2336 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:05:35.0484 2336 Beep - ok
12:05:35.0531 2336 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
12:05:35.0531 2336 BITS - ok
12:05:35.0578 2336 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:05:35.0578 2336 Bonjour Service - ok
12:05:35.0609 2336 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
12:05:35.0609 2336 Browser - ok
12:05:35.0734 2336 catchme - ok
12:05:35.0765 2336 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:05:35.0765 2336 cbidf2k - ok
12:05:35.0796 2336 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:05:35.0796 2336 CCDECODE - ok
12:05:35.0812 2336 cd20xrnt - ok
12:05:35.0843 2336 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:05:35.0843 2336 Cdaudio - ok
12:05:35.0859 2336 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:05:35.0859 2336 Cdfs - ok
12:05:35.0890 2336 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:05:35.0890 2336 Cdrom - ok
12:05:35.0890 2336 Changer - ok
12:05:35.0937 2336 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:05:35.0937 2336 CiSvc - ok
12:05:35.0968 2336 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:05:35.0968 2336 ClipSrv - ok
12:05:36.0000 2336 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:05:36.0000 2336 clr_optimization_v2.0.50727_32 - ok
12:05:36.0015 2336 CmdIde - ok
12:05:36.0031 2336 COMSysApp - ok
12:05:36.0046 2336 Cpqarray - ok
12:05:36.0078 2336 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:05:36.0093 2336 CryptSvc - ok
12:05:36.0125 2336 [ 8DB84DE3AAB34A8B4C2F644EFF41CD76 ] ctsfm2k C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
12:05:36.0125 2336 ctsfm2k - ok
12:05:36.0140 2336 dac2w2k - ok
12:05:36.0140 2336 dac960nt - ok
12:05:36.0187 2336 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:05:36.0203 2336 DcomLaunch - ok
12:05:36.0234 2336 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:05:36.0234 2336 Dhcp - ok
12:05:36.0265 2336 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:05:36.0281 2336 Disk - ok
12:05:36.0343 2336 [ 7A1E8F722479EF934D71798AC3617ED7 ] DLABMFSM C:\WINDOWS\system32\DLA\DLABMFSM.SYS
12:05:36.0343 2336 DLABMFSM - ok
12:05:36.0375 2336 [ 2281B5C596C04645426B3771A3BD5657 ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
12:05:36.0375 2336 DLABOIOM - ok
12:05:36.0390 2336 [ 43749294A1D9F22FE164A62C1A42919D ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
12:05:36.0390 2336 DLACDBHM - ok
12:05:36.0421 2336 [ 54A3F9EBD1DDC975736F8E18A9B8FCE9 ] DLADResM C:\WINDOWS\system32\DLA\DLADResM.SYS
12:05:36.0421 2336 DLADResM - ok
12:05:36.0437 2336 [ E0FBAF0146BFCEEC29F31F07452DB4AD ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
12:05:36.0437 2336 DLAIFS_M - ok
12:05:36.0468 2336 [ D3CE0C76496A5332032399639485774F ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
12:05:36.0468 2336 DLAOPIOM - ok
12:05:36.0484 2336 [ FCE1882364D4C324B937A841EF9C58AC ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
12:05:36.0484 2336 DLAPoolM - ok
12:05:36.0500 2336 [ 14183A8EFF683EB0C1774802578ED0F4 ] DLARTL_M C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
12:05:36.0500 2336 DLARTL_M - ok
12:05:36.0515 2336 [ 2EF8C92AB8411589387845F58534C7D9 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
12:05:36.0515 2336 DLAUDFAM - ok
12:05:36.0546 2336 [ A2096FD7B5037085A3DC580E2891D2C4 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
12:05:36.0546 2336 DLAUDF_M - ok
12:05:36.0546 2336 dmadmin - ok
12:05:36.0609 2336 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:05:36.0609 2336 dmboot - ok
12:05:36.0640 2336 [ 526192BF7696F72E29777BF4A180513A ] DMICall C:\WINDOWS\system32\DRIVERS\DMICall.sys
12:05:36.0640 2336 DMICall - ok
12:05:36.0671 2336 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:05:36.0687 2336 dmio - ok
12:05:36.0703 2336 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:05:36.0703 2336 dmload - ok
12:05:36.0750 2336 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:05:36.0750 2336 dmserver - ok
12:05:36.0765 2336 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:05:36.0781 2336 DMusic - ok
12:05:36.0812 2336 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:05:36.0812 2336 Dnscache - ok
12:05:36.0843 2336 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:05:36.0843 2336 Dot3svc - ok
12:05:36.0859 2336 dpti2o - ok
12:05:36.0890 2336 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:05:36.0890 2336 drmkaud - ok
12:05:36.0921 2336 [ 1FB11E1EAC27668754FD18A079CCCFB3 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
12:05:36.0921 2336 drvmcdb - ok
12:05:36.0937 2336 [ 9628DFA16B1A47615C65318F8776F233 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
12:05:36.0937 2336 DRVNDDM - ok
12:05:36.0984 2336 [ 21AF611EED87354AEBFDE8F34E201A35 ] DVR2INS C:\WINDOWS\system32\Drivers\dvr2ins.sys
12:05:36.0984 2336 DVR2INS - ok
12:05:37.0015 2336 [ 2476936F4994E9084CCFE75ED4F6226A ] E1000 C:\WINDOWS\system32\DRIVERS\e1000325.sys
12:05:37.0015 2336 E1000 - ok
12:05:37.0046 2336 [ 98B46B331404A951CABAD8B4877E1276 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
12:05:37.0046 2336 E100B - ok
12:05:37.0093 2336 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:05:37.0093 2336 EapHost - ok
12:05:37.0125 2336 [ C47E7C5E7410C7DE98F7219E3008C23D ] EAPPkt C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
12:05:37.0125 2336 EAPPkt - ok
12:05:37.0187 2336 [ 653394706FF5634F4B5180B8294BADB1 ] EL90X C:\WINDOWS\system32\DRIVERS\el90xnd5.sys
12:05:37.0187 2336 EL90X - ok
12:05:37.0203 2336 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:05:37.0203 2336 ERSvc - ok
12:05:37.0234 2336 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
12:05:37.0234 2336 Eventlog - ok
12:05:37.0265 2336 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
12:05:37.0265 2336 EventSystem - ok
12:05:37.0296 2336 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:05:37.0296 2336 Fastfat - ok
12:05:37.0343 2336 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:05:37.0343 2336 FastUserSwitchingCompatibility - ok
12:05:37.0375 2336 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
12:05:37.0375 2336 Fdc - ok
12:05:37.0406 2336 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:05:37.0406 2336 Fips - ok
12:05:37.0421 2336 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:05:37.0421 2336 Flpydisk - ok
12:05:37.0453 2336 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
12:05:37.0453 2336 FltMgr - ok
12:05:37.0500 2336 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:05:37.0515 2336 FontCache3.0.0.0 - ok
12:05:37.0546 2336 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:05:37.0546 2336 Fs_Rec - ok
12:05:37.0562 2336 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:05:37.0562 2336 Ftdisk - ok
12:05:37.0593 2336 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:05:37.0593 2336 GEARAspiWDM - ok
12:05:37.0625 2336 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:05:37.0625 2336 Gpc - ok
12:05:37.0671 2336 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:05:37.0671 2336 HDAudBus - ok
12:05:37.0734 2336 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:05:37.0734 2336 helpsvc - ok
12:05:37.0781 2336 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
12:05:37.0781 2336 HidServ - ok
12:05:37.0796 2336 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:05:37.0796 2336 HidUsb - ok
12:05:37.0843 2336 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:05:37.0859 2336 hkmsvc - ok
12:05:37.0859 2336 hpn - ok
12:05:37.0906 2336 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:05:37.0906 2336 HTTP - ok
12:05:37.0937 2336 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:05:37.0953 2336 HTTPFilter - ok
12:05:37.0953 2336 i2omgmt - ok
12:05:37.0968 2336 i2omp - ok
12:05:37.0984 2336 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:05:37.0984 2336 i8042prt - ok
12:05:38.0031 2336 [ 1406D6EF4436AEE970EFE13193123965 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
12:05:38.0031 2336 ialm - ok
12:05:38.0109 2336 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
12:05:38.0109 2336 IDriverT - ok
12:05:38.0203 2336 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:05:38.0218 2336 idsvc - ok
12:05:38.0250 2336 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:05:38.0250 2336 Imapi - ok
12:05:38.0281 2336 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
12:05:38.0281 2336 ImapiService - ok
12:05:38.0296 2336 ini910u - ok
12:05:38.0343 2336 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
12:05:38.0343 2336 IntelIde - ok
12:05:38.0375 2336 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:05:38.0390 2336 intelppm - ok
12:05:38.0421 2336 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
12:05:38.0421 2336 ip6fw - ok
12:05:38.0453 2336 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:05:38.0453 2336 IpFilterDriver - ok
12:05:38.0468 2336 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:05:38.0468 2336 IpInIp - ok
12:05:38.0500 2336 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:05:38.0500 2336 IpNat - ok
12:05:38.0546 2336 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:05:38.0562 2336 iPod Service - ok
12:05:38.0593 2336 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:05:38.0593 2336 IPSec - ok
12:05:38.0625 2336 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:05:38.0625 2336 IRENUM - ok
12:05:38.0656 2336 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:05:38.0656 2336 isapnp - ok
12:05:38.0734 2336 [ 6ED8D475BF2F950F3262942F630B3A20 ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
12:05:38.0734 2336 ISWKL - ok
12:05:38.0765 2336 [ 8A698B79EDF2BA40E42ADD764F43FAA7 ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
12:05:38.0765 2336 IswSvc - ok
12:05:38.0828 2336 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
12:05:38.0828 2336 JavaQuickStarterService - ok
12:05:38.0843 2336 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:05:38.0843 2336 Kbdclass - ok
12:05:38.0875 2336 [ 186B54479D98E48AEE0E9ADA4B3C4D31 ] KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys
12:05:38.0875 2336 KL1 - ok
12:05:38.0906 2336 [ BF485BFBA13C0AB116701FD9C55324D0 ] kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys
12:05:38.0906 2336 kl2 - ok
12:05:38.0953 2336 [ 1267FC6F43F2868127A01E9766BF51A7 ] KLIF C:\WINDOWS\system32\DRIVERS\klif.sys
12:05:38.0953 2336 KLIF - ok
12:05:38.0984 2336 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:05:39.0000 2336 kmixer - ok
12:05:39.0015 2336 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:05:39.0015 2336 KSecDD - ok
12:05:39.0046 2336 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
12:05:39.0046 2336 lanmanserver - ok
12:05:39.0093 2336 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:05:39.0109 2336 lanmanworkstation - ok
12:05:39.0109 2336 lbrtfdc - ok
12:05:39.0171 2336 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:05:39.0171 2336 LmHosts - ok
12:05:39.0203 2336 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:05:39.0203 2336 Messenger - ok
12:05:39.0250 2336 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:05:39.0250 2336 mnmdd - ok
12:05:39.0281 2336 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
12:05:39.0281 2336 mnmsrvc - ok
12:05:39.0328 2336 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:05:39.0328 2336 Modem - ok
12:05:39.0359 2336 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:05:39.0359 2336 Mouclass - ok
12:05:39.0406 2336 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:05:39.0406 2336 mouhid - ok
12:05:39.0437 2336 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:05:39.0437 2336 MountMgr - ok
12:05:39.0484 2336 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:05:39.0484 2336 MozillaMaintenance - ok
12:05:39.0500 2336 mraid35x - ok
12:05:39.0515 2336 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:05:39.0515 2336 MRxDAV - ok
12:05:39.0562 2336 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:05:39.0562 2336 MRxSmb - ok
12:05:39.0593 2336 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
12:05:39.0593 2336 MSDTC - ok
12:05:39.0609 2336 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:05:39.0609 2336 Msfs - ok
12:05:39.0609 2336 MSIServer - ok
12:05:39.0640 2336 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:05:39.0656 2336 MSKSSRV - ok
12:05:39.0656 2336 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:05:39.0671 2336 MSPCLOCK - ok
12:05:39.0687 2336 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:05:39.0687 2336 MSPQM - ok
12:05:39.0718 2336 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:05:39.0718 2336 mssmbios - ok
12:05:39.0750 2336 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
12:05:39.0750 2336 MSTEE - ok
12:05:39.0781 2336 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:05:39.0781 2336 Mup - ok
12:05:39.0796 2336 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:05:39.0812 2336 NABTSFEC - ok
12:05:39.0843 2336 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
12:05:39.0843 2336 napagent - ok
12:05:39.0859 2336 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:05:39.0875 2336 NDIS - ok
12:05:39.0906 2336 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:05:39.0906 2336 NdisIP - ok
12:05:39.0937 2336 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:05:39.0937 2336 NdisTapi - ok
12:05:39.0953 2336 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:05:39.0953 2336 Ndisuio - ok
12:05:39.0968 2336 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:05:39.0968 2336 NdisWan - ok
12:05:40.0015 2336 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:05:40.0015 2336 NDProxy - ok
12:05:40.0031 2336 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:05:40.0031 2336 NetBIOS - ok
12:05:40.0046 2336 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:05:40.0062 2336 NetBT - ok
12:05:40.0093 2336 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
12:05:40.0093 2336 NetDDE - ok
12:05:40.0093 2336 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:05:40.0109 2336 NetDDEdsdm - ok
12:05:40.0140 2336 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:05:40.0140 2336 Netlogon - ok
12:05:40.0171 2336 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
12:05:40.0171 2336 Netman - ok
12:05:40.0218 2336 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:05:40.0234 2336 NetTcpPortSharing - ok
12:05:40.0265 2336 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:05:40.0281 2336 NIC1394 - ok
12:05:40.0312 2336 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
12:05:40.0312 2336 Nla - ok
12:05:40.0359 2336 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:05:40.0359 2336 Npfs - ok
12:05:40.0406 2336 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:05:40.0406 2336 Ntfs - ok
12:05:40.0421 2336 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
12:05:40.0421 2336 NtLmSsp - ok
12:05:40.0468 2336 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:05:40.0468 2336 NtmsSvc - ok
12:05:40.0500 2336 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
12:05:40.0500 2336 Null - ok
12:05:40.0562 2336 [ 9D0F1B4FCF4F5CDFBC2D0C878F380B83 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:05:40.0578 2336 nv - ok
12:05:40.0625 2336 [ 6C896BE49D7784C42025C0BC9A5AC5BE ] NVSvc C:\WINDOWS\System32\nvsvc32.exe
12:05:40.0625 2336 NVSvc - ok
12:05:40.0687 2336 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:05:40.0687 2336 NwlnkFlt - ok
12:05:40.0703 2336 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:05:40.0703 2336 NwlnkFwd - ok
12:05:40.0796 2336 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:05:40.0796 2336 odserv - ok
12:05:40.0843 2336 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:05:40.0843 2336 ohci1394 - ok
12:05:40.0875 2336 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:05:40.0875 2336 ose - ok
12:05:40.0906 2336 [ 103A9B117A7D9903111955CDAFE65AC6 ] ossrv C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
12:05:40.0906 2336 ossrv - ok
12:05:40.0968 2336 [ 91C21FAC088F33A25BA351CC7C0999F2 ] P17 C:\WINDOWS\system32\drivers\P17.sys
12:05:40.0968 2336 P17 - ok
12:05:40.0984 2336 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
12:05:41.0000 2336 Parport - ok
12:05:41.0000 2336 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:05:41.0000 2336 PartMgr - ok
12:05:41.0046 2336 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:05:41.0046 2336 ParVdm - ok
12:05:41.0078 2336 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:05:41.0078 2336 PCI - ok
12:05:41.0093 2336 PCIDump - ok
12:05:41.0109 2336 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:05:41.0109 2336 PCIIde - ok
12:05:41.0140 2336 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
12:05:41.0140 2336 Pcmcia - ok
12:05:41.0156 2336 PDCOMP - ok
12:05:41.0171 2336 PDFRAME - ok
12:05:41.0171 2336 PDRELI - ok
12:05:41.0187 2336 PDRFRAME - ok
12:05:41.0203 2336 perc2 - ok
12:05:41.0218 2336 perc2hib - ok
12:05:41.0265 2336 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
12:05:41.0265 2336 PlugPlay - ok
12:05:41.0281 2336 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:05:41.0281 2336 PolicyAgent - ok
12:05:41.0312 2336 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:05:41.0312 2336 PptpMiniport - ok
12:05:41.0328 2336 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
12:05:41.0328 2336 Processor - ok
12:05:41.0343 2336 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:05:41.0343 2336 ProtectedStorage - ok
12:05:41.0359 2336 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:05:41.0359 2336 PSched - ok
12:05:41.0390 2336 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:05:41.0390 2336 Ptilink - ok
12:05:41.0406 2336 [ FEFFCFDC528764A04C8ED63D5FA6E711 ] PxHelp20 C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
12:05:41.0421 2336 PxHelp20 - ok
12:05:41.0421 2336 ql1080 - ok
12:05:41.0437 2336 Ql10wnt - ok
12:05:41.0453 2336 ql12160 - ok
12:05:41.0468 2336 ql1240 - ok
12:05:41.0484 2336 ql1280 - ok
12:05:41.0515 2336 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:05:41.0515 2336 RasAcd - ok
12:05:41.0546 2336 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:05:41.0546 2336 RasAuto - ok
12:05:41.0578 2336 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:05:41.0578 2336 Rasl2tp - ok
12:05:41.0625 2336 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:05:41.0625 2336 RasMan - ok
12:05:41.0640 2336 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:05:41.0640 2336 RasPppoe - ok
12:05:41.0671 2336 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:05:41.0671 2336 Raspti - ok
12:05:41.0703 2336 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:05:41.0703 2336 Rdbss - ok
12:05:41.0750 2336 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:05:41.0750 2336 RDPCDD - ok
12:05:41.0796 2336 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:05:41.0796 2336 RDPWD - ok
12:05:41.0843 2336 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:05:41.0843 2336 RDSessMgr - ok
12:05:41.0859 2336 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:05:41.0875 2336 redbook - ok
12:05:41.0906 2336 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:05:41.0906 2336 RemoteAccess - ok
12:05:42.0000 2336 [ 13C1E04140614CBF3144B53BF2069793 ] Roxio UPnP Renderer 9 C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
12:05:42.0000 2336 Roxio UPnP Renderer 9 - ok
12:05:42.0031 2336 [ 013459BCDC330B36039C4F4CB9AC71E7 ] Roxio Upnp Server 9 C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
12:05:42.0031 2336 Roxio Upnp Server 9 - ok
12:05:42.0078 2336 [ A6A0C81E275AE2EBA46DDE1216A9E557 ] RoxLiveShare9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
12:05:42.0093 2336 RoxLiveShare9 - ok
12:05:42.0140 2336 [ B3868BB4948D1F6579FA1906C038424E ] RoxMediaDB9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
12:05:42.0140 2336 RoxMediaDB9 - ok
12:05:42.0171 2336 [ 3C2449D45AEDE29B06050557EFA2F5E1 ] RoxWatch9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
12:05:42.0171 2336 RoxWatch9 - ok
12:05:42.0218 2336 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
12:05:42.0218 2336 RpcLocator - ok
12:05:42.0234 2336 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
12:05:42.0250 2336 RpcSs - ok
12:05:42.0281 2336 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
12:05:42.0281 2336 RSVP - ok
12:05:42.0312 2336 [ D0AC0B0355A3FFB85EB77B083CD0627C ] rtl8139 C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
12:05:42.0312 2336 rtl8139 - ok
12:05:42.0359 2336 [ DE4635E8B7975D2B5D961299469A7462 ] RTL8187B C:\WINDOWS\system32\DRIVERS\wg111v3.sys
12:05:42.0359 2336 RTL8187B - ok
12:05:42.0390 2336 [ 78F204F3A885DE987D41B12F9BB8DFFB ] RxFilter C:\WINDOWS\system32\DRIVERS\RxFilter.sys
12:05:42.0390 2336 RxFilter - ok
12:05:42.0406 2336 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
12:05:42.0406 2336 SamSs - ok
12:05:42.0421 2336 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:05:42.0437 2336 SCardSvr - ok
12:05:42.0468 2336 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:05:42.0484 2336 Schedule - ok
12:05:42.0515 2336 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:05:42.0515 2336 Secdrv - ok
12:05:42.0562 2336 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
12:05:42.0562 2336 seclogon - ok
12:05:42.0578 2336 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
12:05:42.0593 2336 SENS - ok
12:05:42.0609 2336 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
12:05:42.0609 2336 Serenum - ok
12:05:42.0656 2336 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
12:05:42.0656 2336 Serial - ok
12:05:42.0671 2336 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
12:05:42.0687 2336 Sfloppy - ok
12:05:42.0734 2336 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:05:42.0734 2336 SharedAccess - ok
12:05:42.0750 2336 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:05:42.0765 2336 ShellHWDetection - ok
12:05:42.0765 2336 Simbad - ok
12:05:42.0796 2336 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:05:42.0796 2336 SLIP - ok
12:05:42.0843 2336 [ B9B97C295F65A84B62ECF68882823A15 ] smrt C:\WINDOWS\system32\DRIVERS\smrt.sys
12:05:42.0859 2336 smrt - ok
12:05:42.0906 2336 [ 22F5DB6724FEA2F330E1F5EE44AF93EA ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
12:05:42.0906 2336 smwdm - ok
12:05:42.0921 2336 Sparrow - ok
12:05:42.0937 2336 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:05:42.0953 2336 splitter - ok
12:05:42.0984 2336 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:05:42.0984 2336 Spooler - ok
12:05:43.0078 2336 [ 755EDB55D50C9556E15139956EECB9C8 ] SPTISRV C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
12:05:43.0078 2336 SPTISRV - ok
12:05:43.0093 2336 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:05:43.0093 2336 sr - ok
12:05:43.0140 2336 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
12:05:43.0140 2336 srservice - ok
12:05:43.0171 2336 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:05:43.0171 2336 Srv - ok
12:05:43.0203 2336 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:05:43.0218 2336 SSDPSRV - ok
12:05:43.0234 2336 Steam Client Service - ok
12:05:43.0250 2336 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:05:43.0265 2336 stisvc - ok
12:05:43.0312 2336 [ 51778FD315C9882F1CBD932743E62A72 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
12:05:43.0312 2336 stllssvr - ok
12:05:43.0343 2336 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:05:43.0343 2336 streamip - ok
12:05:43.0359 2336 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:05:43.0359 2336 swenum - ok
12:05:43.0406 2336 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:05:43.0406 2336 swmidi - ok
12:05:43.0421 2336 SwPrv - ok
12:05:43.0437 2336 symc810 - ok
12:05:43.0453 2336 symc8xx - ok
12:05:43.0453 2336 sym_hi - ok
12:05:43.0468 2336 sym_u3 - ok
12:05:43.0484 2336 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:05:43.0484 2336 sysaudio - ok
12:05:43.0531 2336 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:05:43.0531 2336 SysmonLog - ok
12:05:43.0578 2336 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:05:43.0578 2336 TapiSrv - ok
12:05:43.0625 2336 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:05:43.0640 2336 Tcpip - ok
12:05:43.0671 2336 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:05:43.0671 2336 TDPIPE - ok
12:05:43.0703 2336 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:05:43.0703 2336 TDTCP - ok
12:05:43.0718 2336 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:05:43.0718 2336 TermDD - ok
12:05:43.0765 2336 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
12:05:43.0781 2336 TermService - ok
12:05:43.0796 2336 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
12:05:43.0796 2336 Themes - ok
12:05:43.0812 2336 TosIde - ok
12:05:43.0859 2336 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:05:43.0859 2336 TrkWks - ok
12:05:43.0906 2336 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:05:43.0906 2336 Udfs - ok
12:05:43.0968 2336 [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
12:05:43.0968 2336 UleadBurningHelper - ok
12:05:43.0968 2336 ultra - ok
12:05:44.0015 2336 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
12:05:44.0015 2336 UMWdf - ok
12:05:44.0062 2336 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:05:44.0062 2336 Update - ok
12:05:44.0093 2336 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
12:05:44.0093 2336 upnphost - ok
12:05:44.0140 2336 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
12:05:44.0140 2336 UPS - ok
12:05:44.0187 2336 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
12:05:44.0187 2336 USBAAPL - ok
12:05:44.0234 2336 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
12:05:44.0234 2336 usbaudio - ok
12:05:44.0265 2336 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:05:44.0265 2336 usbccgp - ok
12:05:44.0296 2336 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:05:44.0296 2336 usbehci - ok
12:05:44.0312 2336 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:05:44.0312 2336 usbhub - ok
12:05:44.0343 2336 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:05:44.0343 2336 usbscan - ok
12:05:44.0375 2336 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:05:44.0375 2336 USBSTOR - ok
12:05:44.0406 2336 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:05:44.0406 2336 usbuhci - ok
12:05:44.0531 2336 [ 32BA0038B3C4DF3C82DE6E219CB81B50 ] VAIOMediaPlatform-MusicServer-AppServer C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
12:05:44.0531 2336 VAIOMediaPlatform-MusicServer-AppServer - ok
12:05:44.0578 2336 [ 425FA8CEBCB7994E2FC78963C100BCA8 ] VAIOMediaPlatform-MusicServer-HTTP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
12:05:44.0578 2336 VAIOMediaPlatform-MusicServer-HTTP - ok
12:05:44.0609 2336 [ 636C3CA58C43AF6280F977FE8402BA77 ] VAIOMediaPlatform-MusicServer-UPnP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
12:05:44.0625 2336 VAIOMediaPlatform-MusicServer-UPnP - ok
12:05:44.0656 2336 [ 59C583EC600F6D4542E82675BD07A214 ] VAIOMediaPlatform-PhotoServer-AppServer C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
12:05:44.0671 2336 VAIOMediaPlatform-PhotoServer-AppServer - ok
12:05:44.0671 2336 [ 425FA8CEBCB7994E2FC78963C100BCA8 ] VAIOMediaPlatform-PhotoServer-HTTP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
12:05:44.0687 2336 VAIOMediaPlatform-PhotoServer-HTTP - ok
12:05:44.0703 2336 [ 636C3CA58C43AF6280F977FE8402BA77 ] VAIOMediaPlatform-PhotoServer-UPnP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
12:05:44.0718 2336 VAIOMediaPlatform-PhotoServer-UPnP - ok
12:05:44.0765 2336 [ 05B82E1092463AF336B890C3309EFCF6 ] VAIOMediaPlatform-VideoServer-AppServer C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
12:05:44.0781 2336 VAIOMediaPlatform-VideoServer-AppServer - ok
12:05:44.0796 2336 [ 425FA8CEBCB7994E2FC78963C100BCA8 ] VAIOMediaPlatform-VideoServer-HTTP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
12:05:44.0796 2336 VAIOMediaPlatform-VideoServer-HTTP - ok
12:05:44.0812 2336 [ 636C3CA58C43AF6280F977FE8402BA77 ] VAIOMediaPlatform-VideoServer-UPnP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
12:05:44.0828 2336 VAIOMediaPlatform-VideoServer-UPnP - ok
12:05:44.0859 2336 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:05:44.0859 2336 VgaSave - ok
12:05:44.0875 2336 ViaIde - ok
12:05:44.0890 2336 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:05:44.0890 2336 VolSnap - ok
12:05:44.0937 2336 [ 2B1B0DC0CC6A3B1D811834BD52BE05D8 ] Vsdatant C:\WINDOWS\system32\vsdatant.sys
12:05:44.0953 2336 Vsdatant - ok
12:05:44.0984 2336 vsmon - ok
12:05:45.0015 2336 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
12:05:45.0031 2336 VSS - ok
12:05:45.0062 2336 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
12:05:45.0062 2336 W32Time - ok
12:05:45.0078 2336 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:05:45.0078 2336 Wanarp - ok
12:05:45.0125 2336 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
12:05:45.0125 2336 WDC_SAM - ok
12:05:45.0140 2336 WDICA - ok
12:05:45.0171 2336 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:05:45.0171 2336 wdmaud - ok
12:05:45.0203 2336 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
12:05:45.0218 2336 WebClient - ok
12:05:45.0296 2336 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:05:45.0296 2336 winmgmt - ok
12:05:45.0343 2336 [ 2ECBAEE91BB940A8E334DCB66E93479B ] WISTechVIDCAP C:\WINDOWS\system32\drivers\wisgostrm.sys
12:05:45.0359 2336 WISTechVIDCAP - ok
12:05:45.0390 2336 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
12:05:45.0390 2336 WmdmPmSN - ok
12:05:45.0437 2336 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
12:05:45.0437 2336 WmiApSrv - ok
12:05:45.0468 2336 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:05:45.0468 2336 WS2IFSL - ok
12:05:45.0515 2336 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:05:45.0515 2336 wscsvc - ok
12:05:45.0546 2336 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:05:45.0546 2336 WSTCODEC - ok
12:05:45.0562 2336 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:05:45.0562 2336 wuauserv - ok
12:05:45.0609 2336 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:05:45.0609 2336 WZCSVC - ok
12:05:45.0656 2336 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:05:45.0656 2336 xmlprov - ok
12:05:45.0687 2336 [ FD1F4E9CF06C71C8D73A24ACF18D8296 ] {6080A529-897E-4629-A488-ABA0C29B635E} C:\WINDOWS\system32\drivers\ialmsbw.sys
12:05:45.0687 2336 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
12:05:45.0734 2336 [ D4D7331D33D1FA73E588E5CE0D90A4C1 ] {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} C:\WINDOWS\system32\drivers\ialmkchw.sys
12:05:45.0734 2336 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
12:05:45.0734 2336 ================ Scan global ===============================
12:05:45.0765 2336 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
12:05:45.0796 2336 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
12:05:45.0828 2336 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
12:05:45.0843 2336 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
12:05:45.0843 2336 [Global] - ok
12:05:45.0843 2336 ================ Scan MBR ==================================
12:05:45.0875 2336 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
12:05:46.0078 2336 \Device\Harddisk0\DR0 - ok
12:05:46.0093 2336 [ 35C6B2FCDE68FACBEFE0A4A7200BAE58 ] \Device\Harddisk1\DR1
12:05:48.0984 2336 \Device\Harddisk1\DR1 - ok
12:05:49.0000 2336 ================ Scan VBR ==================================
12:05:49.0000 2336 [ 1575ECD6A4D82640A5F36D81A28E6619 ] \Device\Harddisk0\DR0\Partition1
12:05:49.0000 2336 \Device\Harddisk0\DR0\Partition1 - ok
12:05:49.0031 2336 [ DC85203F93E1CF68183780D7E8E9F5AE ] \Device\Harddisk0\DR0\Partition2
12:05:49.0031 2336 \Device\Harddisk0\DR0\Partition2 - ok
12:05:49.0031 2336 [ 17D64BFC78D4B064973185204A40A7D9 ] \Device\Harddisk1\DR1\Partition1
12:05:49.0031 2336 \Device\Harddisk1\DR1\Partition1 - ok
12:05:49.0031 2336 ============================================================
12:05:49.0031 2336 Scan finished
12:05:49.0031 2336 ============================================================
12:05:49.0062 0968 Detected object count: 0
12:05:49.0062 0968 Actual detected object count: 0
What's the point in being grown up if you can't be childish sometimes? -- The Doctor

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:18 PM

Posted 06 November 2012 - 01:35 PM

Greetings

for the rest of the scans they can be connected

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Dacar92

Dacar92
  • Topic Starter

  • Members
  • 220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago
  • Local time:05:18 PM

Posted 06 November 2012 - 02:54 PM

Here is the aswMBR log file. I'll run CFScript now.


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-11-06 12:09:20
-----------------------------
12:09:20.953 OS Version: Windows 5.1.2600 Service Pack 3
12:09:20.953 Number of processors: 2 586 0x209
12:09:20.953 ComputerName: KIDS UserName:
12:09:21.562 Initialize success
12:19:15.421 AVAST engine defs: 12110601
13:06:25.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
13:06:25.046 Disk 0 Vendor: WDC_WD3200AAJB-00J3A0 01.03E01 Size: 305245MB BusType: 3
13:06:25.046 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
13:06:25.046 Disk 1 Vendor: WDC_WD2500JB-00REA0 20.00K20 Size: 238475MB BusType: 3
13:06:25.078 Disk 0 MBR read successfully
13:06:25.078 Disk 0 MBR scan
13:06:25.125 Disk 0 Windows XP default MBR code
13:06:25.125 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 163842 MB offset 63
13:06:25.140 Disk 0 Partition - 00 0F Extended LBA 141400 MB offset 335549655
13:06:25.265 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 141400 MB offset 335549718
13:06:25.296 Disk 0 scanning sectors +625137345
13:06:25.375 Disk 0 scanning C:\WINDOWS\system32\drivers
13:06:40.109 Service scanning
13:06:58.906 Modules scanning
13:07:05.078 Disk 0 trace - called modules:
13:07:05.093 ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
13:07:05.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aab1ab8]
13:07:05.109 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000060[0x8aa9f3b8]
13:07:05.109 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8aaa0940]
13:07:05.937 AVAST engine scan C:\WINDOWS
13:07:20.968 AVAST engine scan C:\WINDOWS\system32
13:10:35.828 AVAST engine scan C:\WINDOWS\system32\drivers
13:10:58.609 AVAST engine scan C:\Documents and Settings\Admin
13:38:49.125 AVAST engine scan C:\Documents and Settings\All Users
13:46:19.656 Scan finished successfully
13:55:01.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Admin\Desktop\MBR.dat"
13:55:01.328 The log file has been saved successfully to "C:\Documents and Settings\Admin\Desktop\aswMBR.txt"
What's the point in being grown up if you can't be childish sometimes? -- The Doctor

#12 Dacar92

Dacar92
  • Topic Starter

  • Members
  • 220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago
  • Local time:05:18 PM

Posted 06 November 2012 - 03:15 PM

Here is the new Combofix log:



ComboFix 12-11-06.03 - Admin 11/06/2012 14:02:57.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1963 [GMT -6:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Admin\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
I:\autorun.inf
I:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-06 to 2012-11-06 )))))))))))))))))))))))))))))))
.
.
2012-11-06 18:01 . 2012-11-06 18:01 -------- d-----w- c:\documents and settings\Admin\Application Data\U3
2012-10-24 21:07 . 2012-10-24 21:07 -------- d-----w- c:\program files\VS Revo Group
2012-10-15 22:39 . 2012-10-15 22:39 -------- d-----w- c:\program files\iPod
2012-10-15 22:39 . 2012-10-15 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-10-09 16:28 . 2012-10-09 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2012-10-09 15:39 . 2012-10-09 15:39 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 15:39 . 2012-04-04 00:56 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 15:39 . 2012-03-15 22:47 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-30 00:54 . 2012-08-03 20:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-23 16:17 . 2012-09-23 16:17 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-09-11 20:38 . 2012-09-11 20:38 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2012-09-11 20:38 . 2012-09-11 20:38 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2012-08-28 15:14 . 2003-08-14 02:58 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2003-08-14 02:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2003-08-14 02:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2012-03-15 03:55 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2003-08-14 02:58 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 18:01 . 2012-03-17 18:44 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 18:01 . 2012-03-17 18:44 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-21 13:33 . 2002-08-29 01:04 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2002-08-29 01:04 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-27 03:11 . 2012-10-27 03:11 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2002-12-03 49152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2003-07-16 323584]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-06 335872]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-06 98304]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-10-09 73392]
"CTSysVol"="c:\program files\RocketFish\RF5.1\Surround Mixer\CTSysVol.exe" [2007-09-05 57344]
"P17Helper"="P17.dll" [2008-07-16 65536]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2009-12-23 2330624]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=c:\documents and settings\Admin\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-28 02:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2011-07-19 13:23 2567272 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2011-08-04 19:41 1637496 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD_Reminder]
2003-04-18 00:51 53248 ----a-w- c:\windows\SONYSYS\VAIO Recovery\Reminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
2002-08-20 17:29 40960 ----a-w- c:\windows\system32\ezSP_Px.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScannerSelectorEX]
2011-09-27 16:44 439440 ----a-w- c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-10 04:30 421776 ----a-w- d:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-07-16 18:22 4743168 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-03-17 18:54 98304 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-07-31 14:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-08-10 17:10 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-08-22 00:48 1353080 ----a-w- d:\program files\CoD-MW3\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 20:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 05:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
2003-03-17 18:52 1056768 ----a-w- c:\program files\Sony\VAIO Survey\SurveySA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZTgServerSwitch]
2003-06-24 00:32 1409024 ----a-w- c:\program files\support.com\client\bin\tgcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
"d:\\Program Files\\CoD-MW3\\Steam.exe"=
"d:\\Program Files\\CoD-MW3\\SteamApps\\common\\call of duty modern warfare 3\\iw5mp_server.exe"=
"d:\\Program Files\\CoD-MW3\\SteamApps\\common\\call of duty modern warfare 3\\iw5sp.exe"=
"d:\\Program Files\\CoD-MW3\\SteamApps\\common\\call of duty modern warfare 3\\iw5mp.exe"=
"d:\\Program Files\\CoD-MW3\\SteamApps\\common\\Torchlight II\\Torchlight2.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [10/14/2010 4:08 PM 11352]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 1:13 PM 38144]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [7/25/2011 6:57 AM 27056]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [7/25/2011 6:57 AM 497320]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [7/31/2009 3:12 PM 341504]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 3:06 PM 11520]
S2 DVR2INS;ADS Instant DVD 2.0;c:\windows\system32\drivers\dvr2ins.sys [4/22/2012 10:46 AM 34792]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 72494366
*NewlyCreated* - ASWMBR
*NewlyCreated* - TRUESIGHT
*Deregistered* - 72494366
*Deregistered* - aswMBR
*Deregistered* - TrueSight
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 15:40]
.
2012-03-15 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\System32\OOBE\oobebaln.exe [2003-08-14 10:42]
.
2012-03-15 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\System32\OOBE\oobebaln.exe [2003-08-14 10:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\ca5brwe8.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/|http://www.foxnews.com/
FF - ExtSQL: 2012-10-15 22:20; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\TrustChecker
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-06 14:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\07\01\1e\0f\0f6"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(948)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(1004)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2012-11-06 14:15:54
ComboFix-quarantined-files.txt 2012-11-06 20:15
ComboFix2.txt 2012-11-06 17:24
.
Pre-Run: 89,803,608,064 bytes free
Post-Run: 89,929,068,544 bytes free
.
- - End Of File - - 6486AFC1713C8D98643BFCAD3282C929
What's the point in being grown up if you can't be childish sometimes? -- The Doctor

#13 Dacar92

Dacar92
  • Topic Starter

  • Members
  • 220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago
  • Local time:05:18 PM

Posted 06 November 2012 - 03:19 PM

Was just hijacked. As a test, I search Yahoo for Bleeping Computer. I clicked on en.wikipedia.org/wiki/Bleepingcomputer and was sent to http:// esalestoday.com/products.php?root=Test%20last%20name&category=2232&title=Laptops%20and%20Notebooks

Than I clicked on www.bleepingcomputer.com and was sent to www.bleepingcomputer.com.

Edited by Dacar92, 06 November 2012 - 03:19 PM.

What's the point in being grown up if you can't be childish sometimes? -- The Doctor

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:18 PM

Posted 06 November 2012 - 04:22 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Dacar92

Dacar92
  • Topic Starter

  • Members
  • 220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago
  • Local time:05:18 PM

Posted 06 November 2012 - 04:52 PM

Here is the OTL file:

OTL logfile created on: 11/6/2012 3:39:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 71.14% Memory free
4.34 Gb Paging File | 3.78 Gb Available in Paging File | 87.12% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 160.00 Gb Total Space | 83.78 Gb Free Space | 52.36% Space Free | Partition Type: NTFS
Drive D: | 138.09 Gb Total Space | 42.96 Gb Free Space | 31.11% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 13.50 Gb Free Space | 5.80% Space Free | Partition Type: NTFS
Drive H: | 668.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF1.50
Drive I: | 465.76 Gb Total Space | 62.34 Gb Free Space | 13.39% Space Free | Partition Type: NTFS
Drive J: | 465.11 Gb Total Space | 73.19 Gb Free Space | 15.74% Space Free | Partition Type: NTFS

Computer Name: KIDS | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\RocketFish\RF5.1\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll ()
MOD - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
MOD - C:\Program Files\NETGEAR\WG111v3\WlanDll.dll ()
MOD - C:\Program Files\NETGEAR\WG111v3\WG111v3.dll ()
MOD - C:\Program Files\NETGEAR\WG111v3\acAuth.dll ()
MOD - C:\Program Files\NETGEAR\WG111v3\CheckSessions.dll ()


========== Services (SafeList) ==========

SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (vsmon) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (VAIOMediaPlatform-MusicServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-VideoServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-PhotoServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-VideoServer-UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-PhotoServer-UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-MusicServer-UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-VideoServer-HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-PhotoServer-HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-MusicServer-HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (mbr) -- C:\ComboFix\mbr.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys File not found
DRV - (aswMBR) -- C:\DOCUME~1\Admin\LOCALS~1\Temp\aswMBR.sys File not found
DRV - (Vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (KL1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\WINDOWS\system32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (RTL8187B) -- C:\WINDOWS\system32\drivers\wg111v3.sys (Realtek Semiconductor Corporation )
DRV - (P17) -- C:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (RxFilter) -- C:\WINDOWS\system32\drivers\RxFilter.sys (Sonic Solutions)
DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Sonic Solutions)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Sonic Solutions)
DRV - (WISTechVIDCAP) -- C:\WINDOWS\system32\drivers\wisgostrm.sys (WIS Technologies)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (smrt) -- C:\WINDOWS\system32\drivers\smrt.sys (Sony Corporation)
DRV - (DVR2INS) -- C:\WINDOWS\system32\drivers\dvr2ins.sys (cypress semiconductor)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation)
DRV - (EL90X) -- C:\WINDOWS\system32\drivers\el90xnd5.sys (3Com Corporation)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/|http://www.foxnews.com/"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2012/11/06 14:13:50 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/10/15 21:20:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/26 21:11:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/03/17 10:08:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2012/10/23 07:53:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ca5brwe8.default\extensions
[2002/08/29 06:00:00 | 000,004,819 | ---- | M] () (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ca5brwe8.default\extensions\[email protected]
[2012/08/21 09:58:14 | 000,097,169 | ---- | M] () (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ca5brwe8.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
[2012/08/23 11:31:57 | 000,741,958 | ---- | M] () (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ca5brwe8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/10/26 21:11:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/26 21:11:28 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/30 07:30:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/15 09:28:27 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/11/06 14:13:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\RocketFish\RF5.1\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1331948840640 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab (Microsoft Download Manager ActiveX control)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFE12BE1-3306-4BE0-8A33-BA2B257A48F4}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/08/13 21:08:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/18 15:12:18 | 000,000,088 | ---- | M] () - H:\autorun.inf -- [ UDF1.50 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/06 15:38:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2012/11/06 12:03:29 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Admin\Desktop\aswMBR.exe
[2012/11/06 12:02:26 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Admin\Desktop\tdsskiller.exe
[2012/11/06 12:01:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\U3
[2012/11/06 11:05:08 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/11/06 10:59:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/11/06 10:59:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/11/06 10:59:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/11/06 10:59:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/11/06 10:58:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/06 10:58:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/11/06 10:56:01 | 004,997,881 | R--- | C] (Swearware) -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe
[2012/11/06 08:03:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\RK_Quarantine
[2012/11/05 13:00:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/11/05 13:00:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\Start Menu\Programs\Administrative Tools
[2012/11/05 12:59:58 | 000,687,724 | R--- | C] (Swearware) -- C:\Documents and Settings\Admin\Desktop\dds.scr
[2012/10/26 21:11:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/10/24 15:07:33 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/10/24 15:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Start Menu\Programs\Revo Uninstaller
[2012/10/15 21:19:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Check Point
[2012/10/15 16:41:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/10/15 16:39:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/10/15 16:39:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/10/09 13:41:08 | 000,526,640 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2012/10/09 11:48:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\World of Warcraft.e0a5c71e.temp
[2012/10/09 10:34:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\Interface
[2012/10/09 10:29:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\World of Warcraft.temp
[2012/10/09 10:28:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2012/10/09 09:39:25 | 010,220,472 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/06 15:38:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2012/11/06 15:24:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/11/06 14:13:15 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/11/06 13:55:01 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\MBR.dat
[2012/11/06 12:04:15 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Admin\Desktop\aswMBR.exe
[2012/11/06 12:02:42 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Admin\Desktop\tdsskiller.exe
[2012/11/06 11:05:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/11/06 10:56:14 | 004,997,881 | R--- | M] (Swearware) -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe
[2012/11/06 07:49:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/06 07:41:37 | 000,430,592 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\RogueKiller.exe
[2012/11/06 07:41:23 | 000,540,977 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\adwcleaner.exe
[2012/11/05 14:51:07 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/05 13:31:28 | 000,441,302 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/05 13:31:28 | 000,071,620 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/05 12:59:58 | 000,687,724 | R--- | M] (Swearware) -- C:\Documents and Settings\Admin\Desktop\dds.scr
[2012/11/05 12:56:32 | 000,881,833 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\SecurityCheck.exe
[2012/11/05 12:55:50 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Admin\defogger_reenable
[2012/11/05 12:55:21 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Defogger.exe
[2012/11/05 08:01:34 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/27 16:44:21 | 000,000,023 | ---- | M] () -- C:\WINDOWS\BlendSettings.ini
[2012/10/27 16:40:30 | 000,000,876 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Shortcut to obse_loader.exe.lnk
[2012/10/26 21:35:09 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/10/26 10:56:19 | 000,187,612 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\rx_audio.Cache
[2012/10/25 15:24:02 | 000,002,256 | ---- | M] () -- C:\WINDOWS\current_settings.bin
[2012/10/23 07:11:06 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/10/15 21:21:32 | 000,415,929 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2012/10/09 13:41:08 | 000,526,640 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2012/10/09 09:39:29 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/10/09 09:39:29 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/10/09 09:39:25 | 010,220,472 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/06 13:55:01 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\MBR.dat
[2012/11/06 11:05:12 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/11/06 11:05:09 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/11/06 10:59:01 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/11/06 10:59:01 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/11/06 10:59:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/11/06 10:59:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/11/06 10:59:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/11/06 07:41:36 | 000,430,592 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\RogueKiller.exe
[2012/11/06 07:41:22 | 000,540,977 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\adwcleaner.exe
[2012/11/05 12:56:32 | 000,881,833 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\SecurityCheck.exe
[2012/11/05 12:55:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\defogger_reenable
[2012/11/05 12:55:20 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Defogger.exe
[2012/10/27 16:39:08 | 000,000,876 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Shortcut to obse_loader.exe.lnk
[2012/09/24 15:31:50 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2012/09/11 14:37:39 | 000,005,663 | R--- | C] () -- C:\WINDOWS\System32\ludap17.ini
[2012/09/11 14:37:39 | 000,000,072 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2012/09/04 11:40:35 | 000,187,612 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\rx_audio.Cache
[2012/08/04 08:33:20 | 000,001,584 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\rx_image.Cache
[2012/08/04 08:25:01 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2012/08/04 08:25:00 | 000,000,166 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/04/25 10:22:50 | 000,002,256 | ---- | C] () -- C:\WINDOWS\current_settings.bin
[2012/04/25 09:45:32 | 000,143,540 | R--- | C] () -- C:\WINDOWS\go7007sb.bin
[2012/04/25 09:45:31 | 000,030,800 | R--- | C] () -- C:\WINDOWS\go7007fw.bin
[2012/04/25 09:45:31 | 000,000,208 | R--- | C] () -- C:\WINDOWS\go7007fw_pf.bin
[2012/04/22 10:02:26 | 000,000,419 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2012/04/06 19:57:35 | 000,026,660 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/03/17 12:02:11 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/16 20:08:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/03/15 20:07:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012/03/15 20:07:05 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2012/03/15 20:07:04 | 000,608,507 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012/03/15 20:07:04 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2012/03/15 18:40:17 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2012/03/15 16:51:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/05 21:04:00 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011/12/05 21:03:52 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll

========== ZeroAccess Check ==========

[2012/03/15 17:42:17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 04:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Admin\My Documents\Orbis879265383621.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Admin\My Documents\Orbis87926538362.jpg:Roxio EMC Stream

< End of report >
What's the point in being grown up if you can't be childish sometimes? -- The Doctor




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users