Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Massive slowdown/CPU spikes, help with a HijackThis log.


  • This topic is locked This topic is locked
27 replies to this topic

#1 Omsk

Omsk

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 28 September 2011 - 05:32 PM

Hello, for a couple of months now I have been experiencing a problem with my computer while running certain programs. Namely 3-d computer games. The program will run just fine for a few minutes, before I begin to experience crippling slowdown and framerate drops, my CPU usage spikes to ~100%, and my entire computer slows down. This will last anywhere from 5-15 minutes before returning to normal as if nothing had happened.

I've tried myself to fix this problem, running virus scanners, bootscans, and malware scanners, updating my video card drivers, physically opening and cleaning my computer. But I'm at a loss. Being no computer guru myself, I downloaded HijackThis, and came here hoping that someone could help.

The HijackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:31:11 PM, on 9/28/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
C:\Program Files (x86)\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Joe\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/?&cid=mtmh09162011
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.daum.net/search?nil_profile=ie&ref_code=ms&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: agihelper.AGUtils - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - (no file)
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files (x86)\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfi1.dll (file missing)
O2 - BHO: StartNow Toolbar Helper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Kiwee Toolbar - {1c99b848-84cb-4ce4-8cd8-ed5719484d9f} - mscoree.dll (file missing)
O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfi1.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: MediaFire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1359661524-935666405-3441979797-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')
O4 - Global Startup: SMCWUSB-G 802.11g Wireless USB Utility.lnk = C:\Program Files (x86)\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
O4 - Global Startup: WhiteSmoke Translator.lnk = C:\Users\Joe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KH1EBNKW\WhiteSmokeWriterGeo5002_en[1].exe
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files (x86)\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} (SonyOnlineInstallerX) - http://www-cdn.freerealms.com/gamedata/plugins/1.0.3.84/FreeRealmsInstaller.cab?v=1035
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
O16 - DPF: {571CB303-4267-4D92-B45C-9B79ACC18632} - http://get.daum.net/PotPlayer/v2/PotWeb.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AG Core Services (AGCoreService) - AG Interactive - C:\Program Files (x86)\AGI\core\4.0\AGCoreService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service for StartNow Toolbar - Unknown owner - C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14516 bytes

Thanks for your time.

Edit for clarity: My computer ran these programs perfectly fine in the past, it's a recent occurence.

Edited by Orange Blossom, 29 September 2011 - 02:32 AM.
Moved BB coding so log could be read with ease. ~ OB


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:50 PM

Posted 03 October 2011 - 05:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/420963 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Omsk

Omsk
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 05 October 2011 - 10:49 AM

DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Joe at 9:45:50 on 2011-10-05
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2281 [GMT -6:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\RAVCpl64.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
C:\Program Files (x86)\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AGI\core\4.0\AGCoreService.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\SysWOW64\conime.exe
C:\ProgramData\Sony Online Entertainment\Station Launcher\StationLauncher.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://xfinity.comcast.net/?&cid=mtmh09162011
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.daum.net/search?nil_profile=ie&ref_code=ms&q=%s
mURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfi1.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files (x86)\Windows Live\Family Safety\fssbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfi1.dll
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: MediaFire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Kiwee Toolbar: {1c99b848-84cb-4ce4-8cd8-ed5719484d9f} - mscoree.dll
TB: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfi1.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: MediaFire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SMCWUS~1.LNK - C:\Program Files (x86)\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WHITES~1.LNK - C:\Users\Joe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KH1EBNKW\WhiteSmokeWriterGeo5002_en[1].exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ZDWLAN~1.LNK - C:\Program Files (x86)\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} - hxxp://www-cdn.freerealms.com/gamedata/plugins/1.0.3.84/FreeRealmsInstaller.cab?v=1035
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {571CB303-4267-4D92-B45C-9B79ACC18632} - hxxp://get.daum.net/PotPlayer/v2/PotWeb.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{09185E3D-FA79-4560-8B3C-106F61FBDBD7} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0FA46434-BA20-4732-B880-6689163EBD47} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4AD12ABA-1AE9-4427-8A52-A66298D59410} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8D897557-BCAA-4D1B-9084-87A6349F79D3} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A7673729-3EAC-4D73-8BB3-ABEEE2F9153A} : DhcpNameServer = 192.168.254.254
TCP: Interfaces\{F9D0B230-A614-468C-9C82-39D72C160B11} : DhcpNameServer = 192.168.1.1
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files (x86)\Windows Live\Family Safety\fssbho.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfi1.dll
BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO-X64: StartNow Toolbar Helper - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: MediaFire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: Kiwee Toolbar: {1c99b848-84cb-4ce4-8cd8-ed5719484d9f} - mscoree.dll
TB-X64: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfi1.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: MediaFire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 BIOS;BIOS;C:\Windows\System32\drivers\BIOS64.sys [2009-2-11 14136]
R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AGCoreService;AG Core Services;C:\Program Files (x86)\AGI\core\4.0\AGCoreService.exe [2009-10-31 20480]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-9-2 44768]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-6-29 2214504]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-9-2 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-20 378472]
R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2011-7-27 267488]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys --> C:\Windows\system32\DRIVERS\athurx.sys [?]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2010-2-3 134760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-31 135664]
S3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\system32\DRIVERS\athrxusb.sys --> C:\Windows\system32\DRIVERS\athrxusb.sys [?]
S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-31 135664]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\system32\drivers\mferkdk.sys --> C:\Windows\system32\drivers\mferkdk.sys [?]
S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\system32\drivers\mfesmfk.sys --> C:\Windows\system32\drivers\mfesmfk.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-09-28 22:11:49 388096 ----a-r- C:\Users\Joe\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-28 22:11:49 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-09-28 20:55:07 -------- d-----w- C:\Users\Joe\AppData\Local\A_Collaboration_between_T
2011-09-24 05:46:35 21992 ----a-w- C:\Windows\System32\drivers\cpuz135_x64.sys
2011-09-24 05:46:35 -------- d-----w- C:\Program Files\CPUID
2011-09-23 01:37:00 -------- d-----w- C:\Down
2011-09-23 01:36:44 -------- d-----w- C:\Perfect World Entertainment
2011-09-21 03:35:38 -------- d-----w- C:\ProgramData\Sony Online Entertainment
2011-09-18 03:48:45 -------- d-----w- C:\Users\Joe\AppData\Local\Humanbalance
2011-09-18 03:45:50 -------- d-----w- C:\Program Files (x86)\GraphicsGale FreeEdition
2011-09-17 02:29:42 -------- d-----w- C:\Users\Joe\AppData\Local\Mozilla
2011-09-14 19:47:27 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-09-14 19:47:27 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-09-13 03:28:03 -------- d-----w- C:\Program Files (x86)\StartNow Toolbar
2011-09-05 17:04:56 183696 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-10-05 07:52:10 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-06 20:45:29 41184 ----a-w- C:\Windows\avastSS.scr
2011-09-06 20:38:18 601944 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-09-06 20:36:30 65368 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-07-22 20:51:50 94208 ----a-w- C:\Windows\SysWow64\dpl100.dll
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-12 17:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-07-12 17:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-07-12 17:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-07-12 17:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-07-11 13:45:57 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-07-11 13:25:35 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 9:46:21.09 ===============





GMER Log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-05 09:39:48
Windows 6.0.6002 Service Pack 2
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\Network\NwCategoryWizard@Suppress 0

---- EOF - GMER 1.0.15 ----


Thank you for your time.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:50 AM

Posted 05 October 2011 - 04:42 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Please run aswMBR so we can check for rootkits. The Gmer log isn't very helpful.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 Omsk

Omsk
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 06 October 2011 - 03:46 AM

I'm still here.

Just subscribed to the topic. Thanks for the tips.

#6 Omsk

Omsk
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 09 October 2011 - 04:56 PM

I'm horribly sorry. I've no idea how I missed the second half of your post, m0le.

I downloaded and ran aswMBR, following your instructions. When I clicked scan my computer went a to a blue screen and reset. I've no idea if this is normal for the program or not, but regardless here's the log it produced.



wMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-09 15:13:51
-----------------------------
15:13:51.399 OS Version: Windows x64 6.0.6002 Service Pack 2
15:13:51.399 Number of processors: 2 586 0x170A
15:13:51.399 ComputerName: JOE-PC UserName: Joe
15:13:58.104 Initialize success
15:13:58.275 AVAST engine defs: 11100901
15:14:10.872 The log file has been saved successfully to "C:\Users\Joe\Downloads\aswMBR.txt"

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:50 AM

Posted 09 October 2011 - 05:04 PM

No, not a usual reaction or a usual log.

Please run TDSSKiller next

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#8 Omsk

Omsk
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 09 October 2011 - 08:51 PM

Downloaded and ran TDSSKiller, as per your instructions.

19:47:19.0322 5200 TDSS rootkit removing tool 2.6.6.0 Oct 7 2011 12:45:24
19:47:20.0025 5200 ============================================================
19:47:20.0025 5200 Current date / time: 2011/10/09 19:47:20.0025
19:47:20.0025 5200 SystemInfo:
19:47:20.0025 5200
19:47:20.0025 5200 OS Version: 6.0.6002 ServicePack: 2.0
19:47:20.0025 5200 Product type: Workstation
19:47:20.0025 5200 ComputerName: JOE-PC
19:47:20.0025 5200 UserName: Joe
19:47:20.0025 5200 Windows directory: C:\Windows
19:47:20.0025 5200 System windows directory: C:\Windows
19:47:20.0025 5200 Running under WOW64
19:47:20.0025 5200 Processor architecture: Intel x64
19:47:20.0025 5200 Number of processors: 2
19:47:20.0025 5200 Page size: 0x1000
19:47:20.0025 5200 Boot type: Normal boot
19:47:20.0025 5200 ============================================================
19:47:20.0745 5200 Initialize success
19:47:22.0995 4824 ============================================================
19:47:22.0995 4824 Scan started
19:47:22.0995 4824 Mode: Manual;
19:47:22.0995 4824 ============================================================
19:47:24.0823 4824 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
19:47:24.0839 4824 ACPI - ok
19:47:24.0901 4824 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
19:47:24.0917 4824 adp94xx - ok
19:47:24.0979 4824 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
19:47:24.0995 4824 adpahci - ok
19:47:25.0011 4824 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
19:47:25.0026 4824 adpu160m - ok
19:47:25.0057 4824 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
19:47:25.0057 4824 adpu320 - ok
19:47:25.0151 4824 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
19:47:25.0167 4824 AFD - ok
19:47:25.0198 4824 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
19:47:25.0214 4824 agp440 - ok
19:47:25.0276 4824 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
19:47:25.0276 4824 aic78xx - ok
19:47:25.0339 4824 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
19:47:25.0339 4824 aliide - ok
19:47:25.0370 4824 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
19:47:25.0464 4824 amdide - ok
19:47:25.0948 4824 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
19:47:25.0948 4824 AmdK8 - ok
19:47:25.0995 4824 Amfilter (71aff825b960731e2ae366467bc0d1f3) C:\Windows\system32\DRIVERS\Amfltx64.sys
19:47:25.0995 4824 Amfilter - ok
19:47:26.0026 4824 Amusbprt (8f1db3d133197affa3a721953eb0988c) C:\Windows\system32\DRIVERS\Amusbx64.sys
19:47:26.0026 4824 Amusbprt - ok
19:47:26.0073 4824 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
19:47:26.0073 4824 arc - ok
19:47:26.0120 4824 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
19:47:26.0120 4824 arcsas - ok
19:47:26.0167 4824 aswFsBlk (5a68b880c16ad5a6aa20b49a47ffff24) C:\Windows\system32\drivers\aswFsBlk.sys
19:47:26.0167 4824 aswFsBlk - ok
19:47:26.0214 4824 aswMonFlt (230613be2d3da8053879be5ed2848f2d) C:\Windows\system32\drivers\aswMonFlt.sys
19:47:26.0214 4824 aswMonFlt - ok
19:47:26.0229 4824 aswRdr (0dc1996ae4178d7d14744ef6b3082313) C:\Windows\system32\drivers\aswRdr.sys
19:47:26.0229 4824 aswRdr - ok
19:47:26.0261 4824 aswSnx (b6ff911c23775cdfdd49612d92637af4) C:\Windows\system32\drivers\aswSnx.sys
19:47:26.0261 4824 aswSnx - ok
19:47:26.0276 4824 aswSP (5a590d8516376aed1829fc07d3bdaa4b) C:\Windows\system32\drivers\aswSP.sys
19:47:26.0292 4824 aswSP - ok
19:47:26.0323 4824 aswTdi (3239c0082fb0c1c4ee323730b85690a5) C:\Windows\system32\drivers\aswTdi.sys
19:47:26.0323 4824 aswTdi - ok
19:47:26.0339 4824 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
19:47:26.0354 4824 AsyncMac - ok
19:47:26.0354 4824 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
19:47:26.0354 4824 atapi - ok
19:47:26.0432 4824 athrusb (788914c42ad8318f1dd7a565eaffb049) C:\Windows\system32\DRIVERS\athrxusb.sys
19:47:26.0448 4824 athrusb - ok
19:47:26.0511 4824 athur (fbf4f6ae4215f341c9749c30065dad50) C:\Windows\system32\DRIVERS\athurx.sys
19:47:26.0526 4824 athur - ok
19:47:26.0589 4824 BIOS (00cadb1bc2d0030f0b2a1063618b6bd7) C:\Windows\system32\drivers\BIOS64.sys
19:47:26.0589 4824 BIOS - ok
19:47:26.0604 4824 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
19:47:26.0604 4824 blbdrive - ok
19:47:26.0667 4824 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
19:47:26.0667 4824 bowser - ok
19:47:26.0698 4824 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
19:47:26.0698 4824 BrFiltLo - ok
19:47:26.0729 4824 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
19:47:26.0729 4824 BrFiltUp - ok
19:47:26.0776 4824 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
19:47:26.0792 4824 Brserid - ok
19:47:26.0807 4824 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
19:47:26.0807 4824 BrSerWdm - ok
19:47:26.0839 4824 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
19:47:26.0839 4824 BrUsbMdm - ok
19:47:26.0870 4824 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
19:47:26.0870 4824 BrUsbSer - ok
19:47:26.0917 4824 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
19:47:26.0917 4824 BTHMODEM - ok
19:47:26.0948 4824 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
19:47:26.0948 4824 cdfs - ok
19:47:26.0995 4824 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
19:47:26.0995 4824 cdrom - ok
19:47:27.0026 4824 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
19:47:27.0026 4824 circlass - ok
19:47:27.0073 4824 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
19:47:27.0073 4824 CLFS - ok
19:47:27.0120 4824 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
19:47:27.0120 4824 cmdide - ok
19:47:27.0151 4824 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
19:47:27.0151 4824 Compbatt - ok
19:47:27.0182 4824 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
19:47:27.0182 4824 cpuz135 - ok
19:47:27.0198 4824 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
19:47:27.0198 4824 crcdisk - ok
19:47:27.0229 4824 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
19:47:27.0229 4824 DfsC - ok
19:47:27.0261 4824 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
19:47:27.0276 4824 disk - ok
19:47:27.0307 4824 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
19:47:27.0307 4824 drmkaud - ok
19:47:27.0307 4824 dump_wmimmc - ok
19:47:27.0354 4824 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
19:47:27.0370 4824 DXGKrnl - ok
19:47:27.0401 4824 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
19:47:27.0401 4824 E1G60 - ok
19:47:27.0432 4824 EagleX64 - ok
19:47:27.0464 4824 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
19:47:27.0464 4824 Ecache - ok
19:47:27.0511 4824 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
19:47:27.0526 4824 elxstor - ok
19:47:27.0542 4824 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
19:47:27.0542 4824 ErrDev - ok
19:47:27.0604 4824 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
19:47:27.0604 4824 exfat - ok
19:47:27.0651 4824 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
19:47:27.0667 4824 fastfat - ok
19:47:27.0682 4824 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
19:47:27.0682 4824 fdc - ok
19:47:27.0714 4824 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
19:47:27.0714 4824 FileInfo - ok
19:47:27.0745 4824 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
19:47:27.0745 4824 Filetrace - ok
19:47:27.0792 4824 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:47:27.0792 4824 flpydisk - ok
19:47:27.0823 4824 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
19:47:27.0839 4824 FltMgr - ok
19:47:27.0917 4824 fssfltr (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys
19:47:27.0917 4824 fssfltr - ok
19:47:27.0964 4824 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
19:47:27.0964 4824 Fs_Rec - ok
19:47:27.0995 4824 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
19:47:27.0995 4824 gagp30kx - ok
19:47:28.0042 4824 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\Drivers\GEARAspiWDM.sys
19:47:28.0057 4824 GEARAspiWDM - ok
19:47:28.0104 4824 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
19:47:28.0120 4824 HdAudAddService - ok
19:47:28.0167 4824 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:47:28.0182 4824 HDAudBus - ok
19:47:28.0214 4824 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
19:47:28.0214 4824 HidBth - ok
19:47:28.0261 4824 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
19:47:28.0261 4824 HidIr - ok
19:47:28.0307 4824 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
19:47:28.0307 4824 HidUsb - ok
19:47:28.0339 4824 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
19:47:28.0339 4824 HpCISSs - ok
19:47:28.0370 4824 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
19:47:28.0386 4824 HTTP - ok
19:47:28.0417 4824 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
19:47:28.0417 4824 i2omp - ok
19:47:28.0448 4824 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
19:47:28.0448 4824 i8042prt - ok
19:47:28.0479 4824 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
19:47:28.0479 4824 iaStorV - ok
19:47:28.0495 4824 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
19:47:28.0495 4824 iirsp - ok
19:47:28.0573 4824 IntcAzAudAddService (bb9ddf61538f2822486f4d0fc0e65c1d) C:\Windows\system32\drivers\RTKVHD64.sys
19:47:28.0604 4824 IntcAzAudAddService - ok
19:47:28.0636 4824 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
19:47:28.0636 4824 intelide - ok
19:47:28.0667 4824 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
19:47:28.0667 4824 intelppm - ok
19:47:28.0729 4824 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:47:28.0729 4824 IpFilterDriver - ok
19:47:28.0745 4824 IpInIp - ok
19:47:28.0776 4824 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
19:47:28.0776 4824 IPMIDRV - ok
19:47:28.0792 4824 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
19:47:28.0807 4824 IPNAT - ok
19:47:28.0823 4824 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
19:47:28.0823 4824 IRENUM - ok
19:47:28.0839 4824 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
19:47:28.0854 4824 isapnp - ok
19:47:28.0886 4824 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
19:47:28.0886 4824 iScsiPrt - ok
19:47:28.0917 4824 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
19:47:28.0917 4824 iteatapi - ok
19:47:28.0948 4824 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
19:47:28.0948 4824 iteraid - ok
19:47:28.0979 4824 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
19:47:28.0979 4824 kbdclass - ok
19:47:28.0995 4824 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
19:47:28.0995 4824 kbdhid - ok
19:47:29.0026 4824 KMWDFILTER (4e76398aef64cb6d782cfeb99b4eae55) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
19:47:29.0026 4824 KMWDFILTER - ok
19:47:29.0073 4824 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
19:47:29.0089 4824 KSecDD - ok
19:47:29.0104 4824 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
19:47:29.0104 4824 ksthunk - ok
19:47:29.0136 4824 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
19:47:29.0136 4824 lltdio - ok
19:47:29.0167 4824 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
19:47:29.0167 4824 LSI_FC - ok
19:47:29.0198 4824 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
19:47:29.0214 4824 LSI_SAS - ok
19:47:29.0229 4824 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
19:47:29.0245 4824 LSI_SCSI - ok
19:47:29.0245 4824 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
19:47:29.0261 4824 luafv - ok
19:47:29.0276 4824 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
19:47:29.0276 4824 megasas - ok
19:47:29.0307 4824 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
19:47:29.0307 4824 MegaSR - ok
19:47:29.0354 4824 mfeavfk (4a1c21576fb7f96f4dbdea627ffda775) C:\Windows\system32\drivers\mfeavfk.sys
19:47:29.0370 4824 mfeavfk - ok
19:47:29.0401 4824 mfehidk (9e0ac52b3232ff8dc65fee1a9c2fe8d1) C:\Windows\system32\drivers\mfehidk.sys
19:47:29.0401 4824 mfehidk - ok
19:47:29.0432 4824 mferkdk (624d717b11e5004f68442b5740f17f21) C:\Windows\system32\drivers\mferkdk.sys
19:47:29.0448 4824 mferkdk - ok
19:47:29.0495 4824 mfesmfk (0cd9de7b96735f33f078c4ea044e8b34) C:\Windows\system32\drivers\mfesmfk.sys
19:47:29.0495 4824 mfesmfk - ok
19:47:29.0526 4824 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
19:47:29.0526 4824 Modem - ok
19:47:29.0636 4824 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
19:47:29.0636 4824 monitor - ok
19:47:29.0682 4824 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
19:47:29.0682 4824 mouclass - ok
19:47:29.0698 4824 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
19:47:29.0698 4824 mouhid - ok
19:47:29.0714 4824 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
19:47:29.0714 4824 MountMgr - ok
19:47:29.0761 4824 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
19:47:29.0761 4824 mpio - ok
19:47:29.0792 4824 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
19:47:29.0792 4824 mpsdrv - ok
19:47:29.0823 4824 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
19:47:29.0823 4824 Mraid35x - ok
19:47:29.0854 4824 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
19:47:29.0854 4824 MRxDAV - ok
19:47:29.0870 4824 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:47:29.0886 4824 mrxsmb - ok
19:47:29.0917 4824 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:47:29.0917 4824 mrxsmb10 - ok
19:47:29.0932 4824 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:47:29.0932 4824 mrxsmb20 - ok
19:47:29.0964 4824 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
19:47:29.0964 4824 msahci - ok
19:47:29.0995 4824 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
19:47:29.0995 4824 msdsm - ok
19:47:30.0026 4824 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
19:47:30.0026 4824 Msfs - ok
19:47:30.0042 4824 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
19:47:30.0042 4824 msisadrv - ok
19:47:30.0073 4824 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
19:47:30.0073 4824 MSKSSRV - ok
19:47:30.0089 4824 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
19:47:30.0089 4824 MSPCLOCK - ok
19:47:30.0120 4824 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
19:47:30.0120 4824 MSPQM - ok
19:47:30.0151 4824 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
19:47:30.0151 4824 MsRPC - ok
19:47:30.0182 4824 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
19:47:30.0182 4824 mssmbios - ok
19:47:30.0214 4824 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
19:47:30.0214 4824 MSTEE - ok
19:47:30.0245 4824 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
19:47:30.0245 4824 Mup - ok
19:47:30.0292 4824 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
19:47:30.0292 4824 NativeWifiP - ok
19:47:30.0354 4824 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
19:47:30.0354 4824 NDIS - ok
19:47:30.0370 4824 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
19:47:30.0370 4824 NdisTapi - ok
19:47:30.0401 4824 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
19:47:30.0401 4824 Ndisuio - ok
19:47:30.0417 4824 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
19:47:30.0417 4824 NdisWan - ok
19:47:30.0448 4824 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
19:47:30.0448 4824 NDProxy - ok
19:47:30.0464 4824 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
19:47:30.0464 4824 NetBIOS - ok
19:47:30.0495 4824 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
19:47:30.0511 4824 netbt - ok
19:47:30.0542 4824 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
19:47:30.0542 4824 nfrd960 - ok
19:47:30.0589 4824 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
19:47:30.0589 4824 Npfs - ok
19:47:30.0604 4824 NPPTNT2 - ok
19:47:30.0636 4824 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
19:47:30.0636 4824 nsiproxy - ok
19:47:30.0682 4824 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
19:47:30.0714 4824 Ntfs - ok
19:47:30.0729 4824 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
19:47:30.0729 4824 Null - ok
19:47:30.0964 4824 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:47:31.0293 4824 nvlddmkm - ok
19:47:31.0355 4824 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
19:47:31.0355 4824 nvraid - ok
19:47:31.0387 4824 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
19:47:31.0387 4824 nvstor - ok
19:47:31.0433 4824 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
19:47:31.0433 4824 nv_agp - ok
19:47:31.0449 4824 NwlnkFlt - ok
19:47:31.0465 4824 NwlnkFwd - ok
19:47:31.0480 4824 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
19:47:31.0480 4824 ohci1394 - ok
19:47:31.0512 4824 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
19:47:31.0527 4824 Parport - ok
19:47:31.0558 4824 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
19:47:31.0558 4824 partmgr - ok
19:47:31.0590 4824 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
19:47:31.0590 4824 pci - ok
19:47:31.0621 4824 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
19:47:31.0621 4824 pciide - ok
19:47:31.0652 4824 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
19:47:31.0652 4824 pcmcia - ok
19:47:31.0683 4824 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
19:47:31.0699 4824 PEAUTH - ok
19:47:31.0746 4824 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
19:47:31.0762 4824 PptpMiniport - ok
19:47:31.0793 4824 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
19:47:31.0793 4824 Processor - ok
19:47:31.0855 4824 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
19:47:31.0855 4824 PSched - ok
19:47:31.0887 4824 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
19:47:31.0918 4824 ql2300 - ok
19:47:31.0949 4824 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
19:47:31.0949 4824 ql40xx - ok
19:47:31.0980 4824 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
19:47:31.0980 4824 QWAVEdrv - ok
19:47:31.0980 4824 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
19:47:31.0996 4824 RasAcd - ok
19:47:32.0012 4824 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:47:32.0012 4824 Rasl2tp - ok
19:47:32.0027 4824 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
19:47:32.0043 4824 RasPppoe - ok
19:47:32.0058 4824 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
19:47:32.0058 4824 RasSstp - ok
19:47:32.0074 4824 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
19:47:32.0074 4824 rdbss - ok
19:47:32.0090 4824 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:47:32.0090 4824 RDPCDD - ok
19:47:32.0121 4824 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
19:47:32.0137 4824 rdpdr - ok
19:47:32.0152 4824 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
19:47:32.0152 4824 RDPENCDD - ok
19:47:32.0215 4824 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
19:47:32.0215 4824 RDPWD - ok
19:47:32.0293 4824 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
19:47:32.0293 4824 rspndr - ok
19:47:32.0325 4824 RTL8169 (82b66abf055611024e5dbb9fa556c11d) C:\Windows\system32\DRIVERS\Rtlh64.sys
19:47:32.0325 4824 RTL8169 - ok
19:47:32.0372 4824 SbieDrv (fa5734eb1e9b2e6652eb13dca8b72bed) C:\Program Files\Sandboxie\SbieDrv.sys
19:47:32.0372 4824 SbieDrv - ok
19:47:32.0419 4824 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
19:47:32.0419 4824 sbp2port - ok
19:47:32.0450 4824 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:47:32.0450 4824 secdrv - ok
19:47:32.0466 4824 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
19:47:32.0466 4824 Serenum - ok
19:47:32.0497 4824 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
19:47:32.0497 4824 Serial - ok
19:47:32.0528 4824 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
19:47:32.0528 4824 sermouse - ok
19:47:32.0544 4824 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
19:47:32.0559 4824 sffdisk - ok
19:47:32.0575 4824 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
19:47:32.0575 4824 sffp_mmc - ok
19:47:32.0591 4824 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
19:47:32.0606 4824 sffp_sd - ok
19:47:32.0622 4824 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
19:47:32.0622 4824 sfloppy - ok
19:47:32.0653 4824 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
19:47:32.0653 4824 SiSRaid2 - ok
19:47:32.0684 4824 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
19:47:32.0700 4824 SiSRaid4 - ok
19:47:32.0731 4824 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
19:47:32.0731 4824 Smb - ok
19:47:33.0200 4824 SNPSTD3 (3b7162ac2e64623ef35778a59674e3a9) C:\Windows\system32\DRIVERS\snpstd3.sys
19:47:33.0403 4824 SNPSTD3 - ok
19:47:33.0481 4824 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
19:47:33.0513 4824 spldr - ok
19:47:33.0591 4824 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
19:47:33.0591 4824 srv - ok
19:47:33.0638 4824 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
19:47:33.0669 4824 srv2 - ok
19:47:33.0700 4824 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
19:47:33.0700 4824 srvnet - ok
19:47:33.0747 4824 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
19:47:33.0747 4824 swenum - ok
19:47:33.0778 4824 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
19:47:33.0778 4824 Symc8xx - ok
19:47:33.0809 4824 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
19:47:33.0809 4824 Sym_hi - ok
19:47:33.0841 4824 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
19:47:33.0841 4824 Sym_u3 - ok
19:47:34.0028 4824 Tcpip (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\drivers\tcpip.sys
19:47:34.0059 4824 Tcpip - ok
19:47:34.0091 4824 Tcpip6 (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\DRIVERS\tcpip.sys
19:47:34.0091 4824 Tcpip6 - ok
19:47:34.0122 4824 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
19:47:34.0122 4824 tcpipreg - ok
19:47:34.0138 4824 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
19:47:34.0138 4824 TDPIPE - ok
19:47:34.0169 4824 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
19:47:34.0169 4824 TDTCP - ok
19:47:34.0200 4824 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
19:47:34.0200 4824 tdx - ok
19:47:34.0231 4824 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
19:47:34.0231 4824 TermDD - ok
19:47:34.0278 4824 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:47:34.0278 4824 tssecsrv - ok
19:47:34.0325 4824 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
19:47:34.0325 4824 tunmp - ok
19:47:34.0356 4824 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
19:47:34.0356 4824 tunnel - ok
19:47:34.0388 4824 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
19:47:34.0403 4824 uagp35 - ok
19:47:34.0434 4824 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
19:47:34.0434 4824 udfs - ok
19:47:34.0466 4824 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
19:47:34.0466 4824 uliagpkx - ok
19:47:34.0497 4824 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
19:47:34.0497 4824 uliahci - ok
19:47:34.0528 4824 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
19:47:34.0528 4824 UlSata - ok
19:47:34.0559 4824 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
19:47:34.0559 4824 ulsata2 - ok
19:47:34.0591 4824 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
19:47:34.0591 4824 umbus - ok
19:47:34.0638 4824 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
19:47:34.0638 4824 USBAAPL64 - ok
19:47:34.0700 4824 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
19:47:34.0700 4824 usbaudio - ok
19:47:34.0763 4824 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
19:47:34.0763 4824 usbccgp - ok
19:47:34.0778 4824 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
19:47:34.0794 4824 usbcir - ok
19:47:34.0825 4824 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
19:47:34.0825 4824 usbehci - ok
19:47:34.0856 4824 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
19:47:34.0872 4824 usbhub - ok
19:47:34.0888 4824 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
19:47:34.0888 4824 usbohci - ok
19:47:34.0950 4824 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
19:47:34.0950 4824 usbprint - ok
19:47:34.0981 4824 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:47:34.0981 4824 USBSTOR - ok
19:47:35.0013 4824 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
19:47:35.0013 4824 usbuhci - ok
19:47:35.0044 4824 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
19:47:35.0044 4824 VClone - ok
19:47:35.0075 4824 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
19:47:35.0075 4824 vga - ok
19:47:35.0106 4824 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
19:47:35.0106 4824 VgaSave - ok
19:47:35.0153 4824 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
19:47:35.0153 4824 viaide - ok
19:47:35.0153 4824 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
19:47:35.0169 4824 volmgr - ok
19:47:35.0216 4824 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
19:47:35.0247 4824 volmgrx - ok
19:47:35.0278 4824 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
19:47:35.0278 4824 volsnap - ok
19:47:35.0309 4824 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
19:47:35.0309 4824 vsmraid - ok
19:47:35.0341 4824 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
19:47:35.0341 4824 WacomPen - ok
19:47:35.0372 4824 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
19:47:35.0372 4824 Wanarp - ok
19:47:35.0372 4824 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
19:47:35.0372 4824 Wanarpv6 - ok
19:47:35.0419 4824 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
19:47:35.0419 4824 Wd - ok
19:47:35.0481 4824 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
19:47:35.0481 4824 Wdf01000 - ok
19:47:35.0544 4824 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
19:47:35.0544 4824 WmiAcpi - ok
19:47:35.0591 4824 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
19:47:35.0591 4824 WpdUsb - ok
19:47:35.0622 4824 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
19:47:35.0622 4824 ws2ifsl - ok
19:47:35.0669 4824 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:47:35.0669 4824 WUDFRd - ok
19:47:35.0747 4824 X6va005 - ok
19:47:35.0825 4824 xnacc (da1c23f65ef1894ab5b6ff79d81f544a) C:\Windows\system32\DRIVERS\xnacc.sys
19:47:35.0841 4824 xnacc - ok
19:47:35.0872 4824 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
19:47:35.0872 4824 xusb21 - ok
19:47:35.0950 4824 ZD1211BU(ZyDAS) (79c47ea75dbea178a7c87b080e093e81) C:\Windows\system32\DRIVERS\zd1211Bu.sys
19:47:35.0950 4824 ZD1211BU(ZyDAS) - ok
19:47:35.0981 4824 ZDPSp60a64 - ok
19:47:36.0013 4824 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:47:36.0028 4824 \Device\Harddisk0\DR0 - ok
19:47:36.0028 4824 Boot (0x1200) (6c2c26455d39934c0965bf42e2ef6670) \Device\Harddisk0\DR0\Partition0
19:47:36.0044 4824 \Device\Harddisk0\DR0\Partition0 - ok
19:47:36.0044 4824 ============================================================
19:47:36.0044 4824 Scan finished
19:47:36.0044 4824 ============================================================
19:47:36.0044 5344 Detected object count: 0
19:47:36.0044 5344 Actual detected object count: 0
19:48:20.0380 5932 Deinitialize success

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:50 AM

Posted 10 October 2011 - 02:19 PM

No sign of rootkits so please next run MBAM

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
Posted Image
m0le is a proud member of UNITE

#10 Omsk

Omsk
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 10 October 2011 - 05:40 PM

I actually already had Malware Bytes installed, but reinstalled it for good measure. Ran MBAM as per your instructions.



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7918

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

10/10/2011 3:54:26 PM
mbam-log-2011-10-10 (15-54-26).txt

Scan type: Full scan (A:\|C:\|D:\|)
Objects scanned: 392071
Time elapsed: 1 hour(s), 10 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:50 AM

Posted 10 October 2011 - 06:35 PM

Okay, let's flank that with a SAS scan

Download Superantispyware
  • Load Superantispyware and click the check for updates button.
  • Once the update is finished click the scan your computer button.
  • Check Perform Complete Scan and then next.
  • Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
  • Make sure that they all have a check next to them and press next.
  • Click finish and you will be taken back to the main interface.
  • Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  • Copy and paste the log onto the forum.

Posted Image
m0le is a proud member of UNITE

#12 Omsk

Omsk
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 10 October 2011 - 09:44 PM

Done and done.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/10/2011 at 08:31 PM

Application Version : 5.0.1128

Core Rules Database Version : 7778
Trace Rules Database Version: 5590

Scan type : Complete Scan
Total Scan Time : 00:59:11

Operating System Information
Windows Vista Home Premium 64-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator

Memory items scanned : 582
Memory threats detected : 0
Registry items scanned : 81952
Registry threats detected : 22
File items scanned : 107560
File threats detected : 83

PUP.StartNow Toolbar
(x86) HKLM\Software\Classes\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
(x86) HKCR\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
(x86) HKCR\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
(x86) HKCR\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}#ProgID
(x86) HKCR\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}#VersionIndependentProgID
(x86) HKCR\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}#TypeLib
(x86) HKCR\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\InprocServer32
(x86) HKCR\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\Programmable
C:\PROGRAM FILES (X86)\STARTNOW TOOLBAR\TOOLBAR32.DLL
(x86) HKLM\Software\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}
(x86) HKCR\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}
(x86) HKCR\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}
(x86) HKCR\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}#ProgID
(x86) HKCR\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}#VersionIndependentProgID
(x86) HKCR\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}#TypeLib
(x86) HKCR\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}\InprocServer32
(x86) HKCR\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}\Programmable
(x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}
(x86) HKU\S-1-5-21-1359661524-935666405-3441979797-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
(x86) HKU\S-1-5-21-1359661524-935666405-3441979797-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
(x86) HKLM\Software\Microsoft\Internet Explorer\Toolbar#{5911488E-9D1E-40ec-8CBB-06B231CC153F}
C:\Program Files (x86)\StartNow Toolbar\Resources\images\engine_images.png
C:\Program Files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
C:\Program Files (x86)\StartNow Toolbar\Resources\images\engine_news.png
C:\Program Files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
C:\Program Files (x86)\StartNow Toolbar\Resources\images\engine_web.png
C:\Program Files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
C:\Program Files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
C:\Program Files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
C:\Program Files (x86)\StartNow Toolbar\Resources\images\icon_games.png
C:\Program Files (x86)\StartNow Toolbar\Resources\images\icon_msn.png
C:\Program Files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
C:\Program Files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
C:\Program Files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
C:\Program Files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
C:\Program Files (x86)\StartNow Toolbar\Resources\images
C:\Program Files (x86)\StartNow Toolbar\Resources\installer.xml
C:\Program Files (x86)\StartNow Toolbar\Resources\protect\index.html
C:\Program Files (x86)\StartNow Toolbar\Resources\protect\NotIE6.css
C:\Program Files (x86)\StartNow Toolbar\Resources\protect\OnlyIE6.css
C:\Program Files (x86)\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
C:\Program Files (x86)\StartNow Toolbar\Resources\protect\window.css
C:\Program Files (x86)\StartNow Toolbar\Resources\protect\window.js
C:\Program Files (x86)\StartNow Toolbar\Resources\protect
C:\Program Files (x86)\StartNow Toolbar\Resources\reactivate\index.html
C:\Program Files (x86)\StartNow Toolbar\Resources\reactivate\LeftImage.png
C:\Program Files (x86)\StartNow Toolbar\Resources\reactivate\NotIE6.css
C:\Program Files (x86)\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
C:\Program Files (x86)\StartNow Toolbar\Resources\reactivate\window.css
C:\Program Files (x86)\StartNow Toolbar\Resources\reactivate\window.js
C:\Program Files (x86)\StartNow Toolbar\Resources\reactivate
C:\Program Files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png
C:\Program Files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
C:\Program Files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
C:\Program Files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
C:\Program Files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png
C:\Program Files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png
C:\Program Files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
C:\Program Files (x86)\StartNow Toolbar\Resources\skin\separator.png
C:\Program Files (x86)\StartNow Toolbar\Resources\skin\splitter.png
C:\Program Files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
C:\Program Files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
C:\Program Files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
C:\Program Files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
C:\Program Files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
C:\Program Files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
C:\Program Files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
C:\Program Files (x86)\StartNow Toolbar\Resources\skin
C:\Program Files (x86)\StartNow Toolbar\Resources\toolbar.xml
C:\Program Files (x86)\StartNow Toolbar\Resources\update.xml
C:\Program Files (x86)\StartNow Toolbar\Resources
C:\Program Files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Program Files (x86)\StartNow Toolbar\uninstall.dat
C:\Program Files (x86)\StartNow Toolbar
C:\Windows\Prefetch\TOOLBARUPDATERSERVICE.EXE-9BAC63FA.pf

Adware.Tracking Cookie
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\0VCCV8DL.txt [ /accounts.youtube.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\72KA8818.txt [ /ads.bleepingcomputer.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\3PLJYAXF.txt [ /ads.nexon.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\LU7C1CPX.txt [ /accounts.google.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\BFCU7TGB.txt [ /media-mgmt.armorgames.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\AP2AJ33K.txt [ /account.station.sony.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\LUB4ZMVD.txt [ /www.eqclickies.com ]
C:\USERS\JOE\AppData\Roaming\Microsoft\Windows\Cookies\65XWC1B6.txt [ Cookie:joe@us.battle.net/account ]
C:\USERS\JOE\Cookies\0VCCV8DL.txt [ Cookie:joe@accounts.youtube.com/accounts ]
C:\USERS\JOE\Cookies\65XWC1B6.txt [ Cookie:joe@us.battle.net/account ]
C:\USERS\JOE\Cookies\LU7C1CPX.txt [ Cookie:joe@accounts.google.com/ ]
C:\USERS\JOE\Cookies\BFCU7TGB.txt [ Cookie:joe@media-mgmt.armorgames.com/ ]
C:\USERS\JOE\Cookies\AP2AJ33K.txt [ Cookie:joe@account.station.sony.com/ ]
C:\USERS\JOE\Cookies\LUB4ZMVD.txt [ Cookie:joe@www.eqclickies.com/ ]
.sonyonlineentertainment.112.2o7.net [ C:\PROGRAM FILES\SONY\EVERQUEST\MOZILLA\COOKIES.TXT ]
C:\SANDBOX\JOE\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JOE@AD.WSOD[3].TXT [ /AD.WSOD ]
C:\SANDBOX\JOE\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JOE@ADS.INTERGI[2].TXT [ /ADS.INTERGI ]
C:\SANDBOX\JOE\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JOE@ATDMT[3].TXT [ /ATDMT ]
C:\SANDBOX\JOE\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JOE@AZJMP[1].TXT [ /AZJMP ]
C:\SANDBOX\JOE\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JOE@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]
C:\SANDBOX\JOE\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JOE@FASTCLICK[1].TXT [ /FASTCLICK ]
C:\SANDBOX\JOE\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JOE@FASTCLICK[2].TXT [ /FASTCLICK ]
C:\SANDBOX\JOE\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JOE@SERVING-SYS[2].TXT [ /SERVING-SYS ]
C:\SANDBOX\JOE\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JOE@WWW.GOOGLEADSERVICES[2].TXT [ /WWW.GOOGLEADSERVICES ]
cdn2.themis-media.com [ C:\USERS\JOE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3YDQM7VM ]
media.oprah.com [ C:\USERS\JOE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3YDQM7VM ]
secure-us.imrworldwide.com [ C:\USERS\JOE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3YDQM7VM ]

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:50 AM

Posted 11 October 2011 - 07:42 PM

Now scan with ESET

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.
Posted Image
m0le is a proud member of UNITE

#14 Omsk

Omsk
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 11 October 2011 - 11:19 PM

Scan finished, found something at least.

C:\Users\Joe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\7c88068a-14b79e22 Java/Agent.BV trojan deleted - quarantined
C:\Users\Joe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\e728466-2862b8d9 Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined
C:\Users\Joe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\38e63bec-17622f84 Java/Agent.BV trojan deleted - quarantined
C:\Users\Joe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\5ad4b738-4ca1ffbb Java/Agent.BV trojan deleted - quarantined

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:50 AM

Posted 12 October 2011 - 04:12 PM

Found something, but only cached copies and no live malware. Which is good. :)

How is the machine running now though? Any shutdowns or CPU spikes?
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users