Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Help Cannot Remove


  • Please log in to reply
17 replies to this topic

#1 speedy3

speedy3

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:49 AM

Posted 06 October 2011 - 08:51 AM

I orginally posted in the "BleepingComputer.com> Security> Am I infected? What do I do?" category and was informed by BC advisor Broni to post over in this category.


Hi I'm having difficulty removing a virus on my PC, although I'm not an expert I am somewhat computer savy. I have followed a few threads and implemeted the suggestions mentioned with no success. I have ran Malwarebytes, Adaware, superAntispyware, Combofix, Rkill, etc, Microsoft Security Essentials is installed as well.

Symptoms, Internet Explorer closes periodically. And even when it is not in use I can hear music from ads being played yet there are no applications open. When computer is unattended I will come back to one or two pop ups that have appeared.
Running XP with latest updates, Java is updated as well with older versions being deleted.

I would like to add that I'm being redirected when using google. And Internet explorer randomly shuts down and also pops up when i'm not at my PC(while connected to the internet). I have attempetd to follow the steps in some of the threads regarding being redirected but they have not resolved the issues. Not sure if I'm missing a step or not doing something in the right order. I cannot seem to isolate where the virus or malicious content is hiding on the PC. What log files would one need to see to help uncover where the problem lies? Thanks in advance for any help.

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:49 AM

Posted 11 October 2011 - 08:17 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Posted Image
Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===
Please post the logs and wait for further instructions.

#3 speedy3

speedy3
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:49 AM

Posted 11 October 2011 - 09:16 AM

Below are the logs requested. Thanks!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by User at 9:43:53 on 2011-10-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.154 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\EloSrvce.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070518
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10t_ActiveX.exe -update activex
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [WatcherHelper] "c:\program files\sierra wireless inc\watcher\WaHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xportar a Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://amer-ml22.amer.csc.com/dwa8W.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{369FF3B2-7E9B-4408-A7AE-45DCA35A4D10} : DhcpNameServer = 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-9-27 64512]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-9-1 28552]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-7-29 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-7-29 243024]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 MpKsl188121ee;MpKsl188121ee;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{40fa39e1-4ba3-4925-b1a7-5c1676356ace}\MpKsl188121ee.sys [2011-10-7 28752]
R1 MpKsl64f39012;MpKsl64f39012;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dda8333c-24c5-4682-a9e2-6cfff1580376}\mpksl64f39012.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dda8333c-24c5-4682-a9e2-6cfff1580376}\MpKsl64f39012.sys [?]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
S0 bslmiyv;bslmiyv;c:\windows\system32\drivers\tmhgndfx.sys --> c:\windows\system32\drivers\tmhgndfx.sys [?]
S0 cmttkgku;cmttkgku;c:\windows\system32\drivers\vtoocrr.sys --> c:\windows\system32\drivers\vtoocrr.sys [?]
S0 itgc;itgc;c:\windows\system32\drivers\ntsys.sys --> c:\windows\system32\drivers\ntsys.sys [?]
S0 mjtuxx;mjtuxx;c:\windows\system32\drivers\htunxjeq.sys --> c:\windows\system32\drivers\htunxjeq.sys [?]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-7-29 216400]
S1 MpKsl07c3b05e;MpKsl07c3b05e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0e87d2e9-c5a1-4638-9144-c108519ae372}\mpksl07c3b05e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0e87d2e9-c5a1-4638-9144-c108519ae372}\MpKsl07c3b05e.sys [?]
S1 MpKsl0de1897a;MpKsl0de1897a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{916ee052-4537-4a3c-95e5-9849228f10d1}\mpksl0de1897a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{916ee052-4537-4a3c-95e5-9849228f10d1}\MpKsl0de1897a.sys [?]
S1 MpKsl100bddea;MpKsl100bddea;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8ae2fde5-6d0b-46f9-b5ee-edca59a018e2}\mpksl100bddea.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8ae2fde5-6d0b-46f9-b5ee-edca59a018e2}\MpKsl100bddea.sys [?]
S1 MpKsl12e16199;MpKsl12e16199;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b04b7a04-2de0-434e-be6b-508333d133e6}\mpksl12e16199.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b04b7a04-2de0-434e-be6b-508333d133e6}\MpKsl12e16199.sys [?]
S1 MpKsl18a7dc61;MpKsl18a7dc61;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b677cdfe-550b-4534-8883-0be2a6690449}\mpksl18a7dc61.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b677cdfe-550b-4534-8883-0be2a6690449}\MpKsl18a7dc61.sys [?]
S1 MpKsl243ee16c;MpKsl243ee16c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e79ad164-c6a3-49c7-9307-c74a947086d1}\mpksl243ee16c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e79ad164-c6a3-49c7-9307-c74a947086d1}\MpKsl243ee16c.sys [?]
S1 MpKsl3d6496ea;MpKsl3d6496ea;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e8a0a782-743d-4f7b-b6c5-b1457644b4db}\mpksl3d6496ea.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e8a0a782-743d-4f7b-b6c5-b1457644b4db}\MpKsl3d6496ea.sys [?]
S1 MpKsl4275a39e;MpKsl4275a39e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b6628e96-0cfb-4408-82b6-79885c3dc885}\mpksl4275a39e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b6628e96-0cfb-4408-82b6-79885c3dc885}\MpKsl4275a39e.sys [?]
S1 MpKsl439f6947;MpKsl439f6947;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ddd28bd5-1e4a-42f3-8067-37ef4291642c}\mpksl439f6947.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ddd28bd5-1e4a-42f3-8067-37ef4291642c}\MpKsl439f6947.sys [?]
S1 MpKsl5a371987;MpKsl5a371987;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{06ec8a75-97f5-4fcc-8423-b35aba8fae5f}\mpksl5a371987.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{06ec8a75-97f5-4fcc-8423-b35aba8fae5f}\MpKsl5a371987.sys [?]
S1 MpKsl5cd25604;MpKsl5cd25604;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{decb088b-0ea7-4c31-a5df-641a86bd4db2}\mpksl5cd25604.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{decb088b-0ea7-4c31-a5df-641a86bd4db2}\MpKsl5cd25604.sys [?]
S1 MpKsl9bfcc995;MpKsl9bfcc995;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{916ee052-4537-4a3c-95e5-9849228f10d1}\mpksl9bfcc995.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{916ee052-4537-4a3c-95e5-9849228f10d1}\MpKsl9bfcc995.sys [?]
S1 MpKsl9c9e2da0;MpKsl9c9e2da0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{94a72d23-ec10-4be0-b92f-b313190787b8}\mpksl9c9e2da0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{94a72d23-ec10-4be0-b92f-b313190787b8}\MpKsl9c9e2da0.sys [?]
S1 MpKsla09b9603;MpKsla09b9603;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{68c65f73-dce5-4090-bca7-a76ca48761f0}\mpksla09b9603.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{68c65f73-dce5-4090-bca7-a76ca48761f0}\MpKsla09b9603.sys [?]
S1 MpKsla545cdac;MpKsla545cdac;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e79ad164-c6a3-49c7-9307-c74a947086d1}\mpksla545cdac.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e79ad164-c6a3-49c7-9307-c74a947086d1}\MpKsla545cdac.sys [?]
S1 MpKslc94e8ed9;MpKslc94e8ed9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3a8d7ede-08dd-4c22-9707-e1b222fb9088}\mpkslc94e8ed9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3a8d7ede-08dd-4c22-9707-e1b222fb9088}\MpKslc94e8ed9.sys [?]
S1 MpKsld5d5db90;MpKsld5d5db90;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{64813972-79be-4587-9996-be3c1b000b23}\mpksld5d5db90.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{64813972-79be-4587-9996-be3c1b000b23}\MpKsld5d5db90.sys [?]
S1 MpKsle1347340;MpKsle1347340;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{403a43f3-668d-46c1-907b-801ea2bbcab9}\mpksle1347340.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{403a43f3-668d-46c1-907b-801ea2bbcab9}\MpKsle1347340.sys [?]
S1 MpKsle4bbbda1;MpKsle4bbbda1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{403a43f3-668d-46c1-907b-801ea2bbcab9}\mpksle4bbbda1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{403a43f3-668d-46c1-907b-801ea2bbcab9}\MpKsle4bbbda1.sys [?]
S1 MpKslf07b5397;MpKslf07b5397;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b677cdfe-550b-4534-8883-0be2a6690449}\mpkslf07b5397.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b677cdfe-550b-4534-8883-0be2a6690449}\MpKslf07b5397.sys [?]
S1 MpKslf2dc4d5f;MpKslf2dc4d5f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{403a43f3-668d-46c1-907b-801ea2bbcab9}\mpkslf2dc4d5f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{403a43f3-668d-46c1-907b-801ea2bbcab9}\MpKslf2dc4d5f.sys [?]
S1 MpKslf5d44967;MpKslf5d44967;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3327779d-dc4f-4a2a-83fd-1b7b387f8583}\mpkslf5d44967.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3327779d-dc4f-4a2a-83fd-1b7b387f8583}\MpKslf5d44967.sys [?]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-29 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-29 308136]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 2151640]
S2 navapsvc;Norton AntiVirus Auto-Protect Service;"c:\program files\norton internet security\norton antivirus\navapsvc.exe" --> c:\program files\norton internet security\norton antivirus\navapsvc.exe [?]
S3 elomoufiltr;ELO TouchSystems-SRV2;c:\windows\system32\drivers\EloFiltr.sys [2008-2-5 53248]
S3 EloUsb;ELO TouchSystems-SRV;c:\windows\system32\drivers\EloUsb.Sys [2008-2-5 92032]
.
=============== Created Last 30 ================
.
2011-10-07 22:50:21 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{40fa39e1-4ba3-4925-b1a7-5c1676356ace}\MpKsl188121ee.sys
2011-10-07 22:49:03 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{40fa39e1-4ba3-4925-b1a7-5c1676356ace}\offreg.dll
2011-10-07 22:48:57 7269712 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{40fa39e1-4ba3-4925-b1a7-5c1676356ace}\mpengine.dll
2011-10-03 00:57:50 -------- d-----w- c:\documents and settings\user\application data\SUPERAntiSpyware.com
2011-10-03 00:56:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-10-03 00:56:45 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-09-29 16:46:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-09-29 16:46:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-09-29 16:46:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-09-29 16:46:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-09-29 16:46:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-09-29 16:46:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-09-29 16:46:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-09-29 16:44:31 -------- d-----w- c:\documents and settings\user\local settings\application data\Apple
2011-09-29 16:40:10 -------- d-----w- c:\documents and settings\user\local settings\application data\Apple Computer
2011-09-27 17:30:32 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-09-27 16:00:51 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-27 15:57:41 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-09-27 15:57:27 -------- d-----w- c:\program files\Lavasoft
2011-09-27 10:52:57 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-27 01:58:58 -------- d-----w- c:\program files\ESET
2011-09-26 22:45:09 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-09-26 22:44:56 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-09-26 14:46:16 -------- d-----w- c:\documents and settings\user\local settings\application data\ApplicationHistory
2011-09-26 13:58:02 -------- d-----w- C:\ComboFix
.
==================== Find3M ====================
.
2011-09-29 16:59:59 5642 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-09-29 16:59:58 168 --sh--r- c:\windows\system32\35C9ABD519.sys
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-19 06:40:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-15 13:29:31 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys
.
============= FINISH: 9:50:38.53 ===============





.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 8/11/2007 7:20:21 AM
System Uptime: 10/5/2011 5:17:08 AM (124 hours ago)
.
Motherboard: Dell Inc. | | 0XD720
Processor: Intel® Core™ Duo CPU T2350 @ 1.86GHz | Microprocessor | 1861/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 144 GiB total, 121.494 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP308: 7/12/2011 9:51:45 PM - Software Distribution Service 3.0
RP309: 7/13/2011 8:10:55 AM - Software Distribution Service 3.0
RP310: 7/13/2011 10:16:49 PM - Software Distribution Service 3.0
RP311: 7/15/2011 7:37:52 AM - Software Distribution Service 3.0
RP312: 7/16/2011 7:50:45 AM - System Checkpoint
RP313: 7/17/2011 9:25:09 AM - System Checkpoint
RP314: 7/18/2011 6:01:06 PM - Software Distribution Service 3.0
RP315: 7/19/2011 6:05:41 PM - System Checkpoint
RP316: 7/19/2011 11:08:25 PM - Software Distribution Service 3.0
RP317: 7/20/2011 9:15:55 PM - Software Distribution Service 3.0
RP318: 7/21/2011 11:56:54 PM - Software Distribution Service 3.0
RP319: 7/23/2011 1:37:15 AM - System Checkpoint
RP320: 7/24/2011 9:53:40 AM - System Checkpoint
RP321: 7/25/2011 10:06:06 AM - Software Distribution Service 3.0
RP322: 7/26/2011 10:00:48 AM - Software Distribution Service 3.0
RP323: 7/27/2011 10:14:35 AM - Software Distribution Service 3.0
RP324: 7/28/2011 7:57:52 AM - Software Distribution Service 3.0
RP325: 7/29/2011 8:26:28 AM - Software Distribution Service 3.0
RP326: 7/30/2011 9:15:12 AM - Software Distribution Service 3.0
RP327: 7/31/2011 5:51:11 PM - Software Distribution Service 3.0
RP328: 8/1/2011 6:06:34 PM - System Checkpoint
RP329: 8/2/2011 8:21:56 AM - Software Distribution Service 3.0
RP330: 8/3/2011 8:30:58 AM - System Checkpoint
RP331: 8/3/2011 8:51:16 AM - Software Distribution Service 3.0
RP332: 8/4/2011 9:28:09 AM - Software Distribution Service 3.0
RP333: 8/5/2011 10:21:59 AM - Software Distribution Service 3.0
RP334: 8/6/2011 11:34:09 AM - System Checkpoint
RP335: 8/6/2011 3:30:38 PM - Software Distribution Service 3.0
RP336: 8/7/2011 7:34:27 PM - Software Distribution Service 3.0
RP337: 8/8/2011 8:01:31 PM - Software Distribution Service 3.0
RP338: 8/9/2011 9:48:15 PM - System Checkpoint
RP339: 8/10/2011 1:50:55 PM - Software Distribution Service 3.0
RP340: 8/11/2011 3:00:19 AM - Software Distribution Service 3.0
RP341: 8/11/2011 4:49:18 PM - Software Distribution Service 3.0
RP342: 8/13/2011 1:10:55 PM - Software Distribution Service 3.0
RP343: 8/14/2011 1:58:35 PM - Software Distribution Service 3.0
RP344: 8/15/2011 5:25:24 PM - Software Distribution Service 3.0
RP345: 8/16/2011 5:50:10 PM - Software Distribution Service 3.0
RP346: 8/17/2011 6:45:49 PM - System Checkpoint
RP347: 8/17/2011 7:28:26 PM - Software Distribution Service 3.0
RP348: 8/18/2011 8:10:33 PM - Software Distribution Service 3.0
RP349: 8/18/2011 8:24:25 PM - Software Distribution Service 3.0
RP350: 8/19/2011 10:16:51 PM - System Checkpoint
RP351: 8/21/2011 10:47:09 AM - Software Distribution Service 3.0
RP352: 8/22/2011 12:10:23 PM - System Checkpoint
RP353: 8/22/2011 5:14:05 PM - Software Distribution Service 3.0
RP354: 8/23/2011 5:43:51 PM - Software Distribution Service 3.0
RP355: 8/24/2011 6:01:26 PM - Software Distribution Service 3.0
RP356: 8/24/2011 7:07:39 PM - Restore Operation
RP357: 8/24/2011 7:08:33 PM - Software Distribution Service 3.0
RP358: 8/24/2011 8:40:18 PM - Software Distribution Service 3.0
RP359: 8/24/2011 8:50:36 PM - Restore Operation
RP360: 8/25/2011 10:25:18 AM - Installed Microsoft Office Professional Plus 2007
RP361: 8/25/2011 10:53:06 AM - Removed Microsoft Office Professional Plus 2007
RP362: 8/25/2011 11:18:39 AM - Installed Microsoft Office Professional 2007
RP363: 8/25/2011 7:07:56 PM - Software Distribution Service 3.0
RP364: 8/26/2011 3:00:36 AM - Software Distribution Service 3.0
RP365: 8/26/2011 9:36:38 PM - Software Distribution Service 3.0
RP366: 8/27/2011 10:21:35 AM - Software Distribution Service 3.0
RP367: 8/27/2011 11:43:07 PM - Software Distribution Service 3.0
RP368: 8/28/2011 1:35:37 PM - Software Distribution Service 3.0
RP369: 8/28/2011 6:42:15 PM - Software Distribution Service 3.0
RP370: 8/29/2011 10:11:26 AM - Software Distribution Service 3.0
RP371: 8/30/2011 12:56:15 PM - Software Distribution Service 3.0
RP372: 8/31/2011 2:07:50 PM - Software Distribution Service 3.0
RP373: 9/1/2011 4:01:05 PM - System Checkpoint
RP374: 9/2/2011 12:03:47 AM - Software Distribution Service 3.0
RP375: 9/3/2011 12:03:33 AM - Software Distribution Service 3.0
RP376: 9/4/2011 2:22:38 PM - Software Distribution Service 3.0
RP377: 9/5/2011 2:41:54 PM - Software Distribution Service 3.0
RP378: 9/6/2011 9:11:56 AM - Software Distribution Service 3.0
RP379: 9/7/2011 3:00:16 AM - Software Distribution Service 3.0
RP380: 9/7/2011 3:20:37 PM - Software Distribution Service 3.0
RP381: 9/8/2011 3:29:09 AM - Software Distribution Service 3.0
RP382: 9/9/2011 3:30:08 AM - Software Distribution Service 3.0
RP383: 9/10/2011 7:51:34 PM - Software Distribution Service 3.0
RP384: 9/11/2011 8:09:11 PM - System Checkpoint
RP385: 9/12/2011 10:24:57 AM - Software Distribution Service 3.0
RP386: 9/13/2011 10:24:49 AM - Software Distribution Service 3.0
RP387: 9/14/2011 10:25:28 AM - Software Distribution Service 3.0
RP388: 9/15/2011 3:00:41 AM - Software Distribution Service 3.0
RP389: 9/16/2011 4:57:37 AM - System Checkpoint
RP390: 9/16/2011 8:59:49 AM - Software Distribution Service 3.0
RP391: 9/17/2011 8:59:44 AM - Software Distribution Service 3.0
RP392: 9/18/2011 2:14:56 AM - Software Distribution Service 3.0
RP393: 9/19/2011 3:02:02 AM - System Checkpoint
RP394: 9/19/2011 7:58:32 PM - Software Distribution Service 3.0
RP395: 9/20/2011 9:35:37 PM - System Checkpoint
RP396: 9/20/2011 9:37:20 PM - Software Distribution Service 3.0
RP397: 9/21/2011 4:25:53 AM - Software Distribution Service 3.0
RP398: 9/22/2011 8:31:04 AM - System Checkpoint
RP399: 9/22/2011 9:58:31 AM - Software Distribution Service 3.0
RP400: 9/23/2011 9:58:11 AM - Software Distribution Service 3.0
RP401: 9/24/2011 9:58:41 AM - Software Distribution Service 3.0
RP402: 9/25/2011 2:04:00 AM - Software Distribution Service 3.0
RP403: 9/25/2011 9:58:08 AM - Software Distribution Service 3.0
RP404: 9/25/2011 10:01:29 PM - Software Distribution Service 3.0
RP405: 9/26/2011 6:28:13 PM - Removed Microsoft Plus! Photo Story 2 LE
RP406: 9/26/2011 6:48:31 PM - Installed AVG 2012
RP407: 9/26/2011 6:48:56 PM - Removed AVG 2012
RP408: 9/27/2011 12:34:03 AM - Software Distribution Service 3.0
RP409: 9/27/2011 6:48:31 AM - Removed Garmin City Navigator North America NT 2010.20
RP410: 9/27/2011 6:51:56 AM - Installed Java™ 6 Update 27
RP411: 9/27/2011 6:55:10 AM - Removed J2SE Runtime Environment 5.0 Update 6
RP412: 9/27/2011 6:56:12 AM - Removed Microsoft Plus! Digital Media Edition Installer
RP413: 9/27/2011 7:13:46 AM - Software Distribution Service 3.0
RP414: 9/27/2011 11:57:07 AM - Installed Ad-Aware
RP415: 9/27/2011 11:57:25 AM - Installed Ad-Aware
RP416: 9/27/2011 2:50:06 PM - Software Distribution Service 3.0
RP417: 9/28/2011 12:25:44 AM - Software Distribution Service 3.0
RP418: 9/28/2011 3:39:45 PM - Software Distribution Service 3.0
RP419: 9/29/2011 12:45:46 PM - Installed QuickTime
RP420: 9/30/2011 7:49:13 AM - Software Distribution Service 3.0
RP421: 10/1/2011 9:25:14 AM - System Checkpoint
RP422: 10/1/2011 9:27:42 AM - Software Distribution Service 3.0
RP423: 10/2/2011 11:26:14 AM - System Checkpoint
RP424: 10/3/2011 10:33:21 AM - Software Distribution Service 3.0
RP425: 10/4/2011 12:18:13 PM - System Checkpoint
RP426: 10/4/2011 12:21:02 PM - Software Distribution Service 3.0
RP427: 10/5/2011 12:58:50 PM - System Checkpoint
RP428: 10/5/2011 6:49:04 PM - Software Distribution Service 3.0
RP429: 10/6/2011 7:44:44 PM - System Checkpoint
RP430: 10/7/2011 5:35:16 AM - Software Distribution Service 3.0
RP431: 10/7/2011 6:48:54 PM - Software Distribution Service 3.0
RP432: 10/8/2011 7:30:40 PM - System Checkpoint
RP433: 10/9/2011 9:30:40 PM - System Checkpoint
.
==== Installed Programs ======================
.
7500_7600_7700_Help
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.8
Apple Application Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AVG Free 9.0
BPD_HPSU
BPD_Scan
BPDfax
BPDSoftware
BPDSoftware_Ini
Broadcom Management Programs
BufferChm
CCleaner
Conexant HDA D110 MDC V.92 Modem
Corel Paint Shop Pro Photo XI
Coupon Printer for Windows
D4200
D4200_Help
Dell Driver Download Manager
Dell Support 3.2.1
Dell System Restore
Dell Wireless WLAN Card
Destinations
DeviceDiscovery
Digital Line Detect
dj_sf_ProductContext
dj_sf_software
dj_sf_software_req
ESET Online Scanner v3
eSupportQFolder
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Deskjet Printer Driver Software 9.0
HP Imaging Device Functions 9.0
HP Officejet Pro 8500 A910 Basic Device Software
HP Officejet Pro 8500 A910 Help
HP Officejet Pro All-In-One Series
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
InstantShareDevicesMFC
Java Auto Updater
Java™ 6 Update 27
L7500
Malwarebytes' Anti-Malware version 1.51.2.1300
MediaDirect
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
Panda ActiveScan 2.0
PanoStandAlone
Performance Maximizer Incrediads.
ProductContext
QuickSet
QuickTime
Scan
SearchAssist
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Sierra Wireless Watcher
SolutionCenter
Sonic DLA


Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG Free 9.0
ESET Online Scanner v3
Microsoft Security Essentials
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 27
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:49 AM

Posted 11 October 2011 - 01:19 PM

Nothing suspicious was found on your logs.

Please download ComboFix from one of these locations:
I know you have already run this tool. If you still have it run it again and if prompted to update do it.

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

#5 speedy3

speedy3
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:49 AM

Posted 12 October 2011 - 10:09 AM

Ran Combofix, below is the log. Notice anything abnormal?

ComboFix 11-10-11.05 - User 10/12/2011 10:13:33.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.503 [GMT -4:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-09-12 to 2011-10-12 )))))))))))))))))))))))))))))))
.
.
2011-10-12 14:00 . 2011-10-12 14:00 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E24EF52F-963A-4DE5-93F8-91B9EFD6F754}\offreg.dll
2011-10-12 13:51 . 2011-09-12 23:14 7269712 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E24EF52F-963A-4DE5-93F8-91B9EFD6F754}\mpengine.dll
2011-10-10 15:08 . 2011-10-11 16:23 -------- d-----w- c:\program files\Yahoo!
2011-10-05 23:02 . 2011-10-05 23:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2011-10-03 00:57 . 2011-10-03 00:57 -------- d-----w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com
2011-10-03 00:56 . 2011-10-03 00:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-10-03 00:56 . 2011-10-03 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-09-29 16:47 . 2011-09-29 16:47 -------- d-----w- c:\documents and settings\User\Application Data\Apple Computer
2011-09-29 16:46 . 2011-09-29 16:46 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-09-29 16:46 . 2011-09-29 16:46 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-09-29 16:46 . 2011-09-29 16:46 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-09-29 16:46 . 2011-09-29 16:46 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-09-29 16:46 . 2011-09-29 16:46 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-09-29 16:46 . 2011-09-29 16:46 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-09-29 16:46 . 2011-09-29 16:46 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-09-29 16:45 . 2011-09-29 16:46 -------- d-----w- c:\program files\QuickTime
2011-09-29 16:45 . 2011-09-29 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2011-09-29 16:44 . 2011-09-29 16:44 -------- d-----w- c:\program files\Common Files\Apple
2011-09-29 16:44 . 2011-09-29 16:44 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Apple
2011-09-29 16:44 . 2011-09-29 16:44 -------- d-----w- c:\program files\Apple Software Update
2011-09-29 16:44 . 2011-09-29 16:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2011-09-29 16:40 . 2011-09-29 16:40 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Apple Computer
2011-09-27 17:30 . 2011-09-27 16:00 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-09-27 16:00 . 2011-09-27 16:00 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-27 15:57 . 2011-08-18 19:25 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-09-27 15:57 . 2011-09-27 15:57 -------- d-----w- c:\program files\Lavasoft
2011-09-27 15:57 . 2011-09-27 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-09-27 10:52 . 2011-07-19 09:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-27 01:58 . 2011-09-27 01:58 -------- d-----w- c:\program files\ESET
2011-09-26 22:45 . 2011-09-26 22:45 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-09-26 22:44 . 2011-09-26 22:45 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-09-26 14:46 . 2011-09-26 14:46 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\ApplicationHistory
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 15:11 . 2011-05-24 13:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-12 23:14 . 2011-01-05 21:19 7269712 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-09 09:12 . 2004-08-10 17:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-31 21:00 . 2011-01-04 20:21 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-19 06:40 . 2009-11-12 18:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-15 13:29 . 2004-08-10 17:51 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-01_11.52.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-19 02:51 . 2011-04-19 02:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2011-01-11 03:03 . 2011-01-11 03:03 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_189d6662\vcomp.dll
+ 2011-01-11 02:32 . 2011-01-11 02:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80KOR.dll
+ 2011-01-11 02:32 . 2011-01-11 02:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80JPN.dll
+ 2011-01-11 02:32 . 2011-01-11 02:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ITA.dll
+ 2011-01-11 02:32 . 2011-01-11 02:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80FRA.dll
+ 2011-01-11 02:32 . 2011-01-11 02:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ESP.dll
+ 2011-01-11 02:32 . 2011-01-11 02:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ENU.dll
+ 2011-01-11 02:32 . 2011-01-11 02:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80DEU.dll
+ 2011-01-11 02:32 . 2011-01-11 02:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80CHT.dll
+ 2011-01-11 02:32 . 2011-01-11 02:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80CHS.dll
+ 2011-01-11 08:05 . 2011-01-11 08:05 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfcm80u.dll
+ 2011-01-11 08:23 . 2011-01-11 08:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfcm80.dll
+ 2011-01-11 01:21 . 2011-01-11 01:21 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_7837863c\ATL80.dll
+ 2011-10-12 13:59 . 2011-10-12 13:59 16384 c:\windows\Temp\Perflib_Perfdata_278.dat
+ 2004-08-10 17:51 . 2011-09-15 12:57 74370 c:\windows\system32\perfc009.dat
- 2004-08-10 17:51 . 2011-09-01 04:02 74370 c:\windows\system32\perfc009.dat
+ 2011-09-27 15:57 . 2011-08-18 19:25 64512 c:\windows\system32\DRVSTORE\lbd_69523D0F7F903BDB477CD80CFD35086362532B23\Lbd.sys
- 2007-08-11 11:13 . 2010-05-29 15:15 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-08-11 11:13 . 2011-10-11 15:58 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-08-11 11:13 . 2010-05-29 15:15 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-08-11 11:13 . 2011-10-11 15:58 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-09-27 18:25 . 2011-10-11 15:58 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-08-11 11:13 . 2010-05-29 15:15 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2011-08-25 15:25 . 2011-08-28 17:42 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
+ 2011-08-25 15:25 . 2011-09-15 07:08 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
+ 2011-08-25 15:25 . 2011-09-15 07:08 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
- 2011-08-25 15:25 . 2011-08-28 17:42 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2011-08-25 15:25 . 2011-09-15 07:08 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
- 2011-08-25 15:25 . 2011-08-28 17:42 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-09-29 16:44 . 2011-09-29 16:44 27136 c:\windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
+ 2011-09-07 07:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2607712\update\spcustom.dll
+ 2011-09-07 07:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2607712\spmsg.dll
+ 2008-03-31 00:24 . 2011-09-29 16:59 5642 c:\windows\system32\KGyGaAvL.sys
- 2008-03-31 00:24 . 2011-08-13 19:15 5642 c:\windows\system32\KGyGaAvL.sys
+ 2011-04-19 02:51 . 2011-04-19 02:51 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2011-01-11 08:27 . 2011-01-11 08:27 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcr80.dll
+ 2011-01-11 08:24 . 2011-01-11 08:24 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcp80.dll
+ 2011-01-11 08:08 . 2011-01-11 08:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcm80.dll
+ 2009-07-12 02:11 . 2009-07-12 02:11 624448 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcr90.dll
+ 2009-07-12 02:11 . 2009-07-12 02:11 853312 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcp90.dll
+ 2009-07-12 02:14 . 2009-07-12 02:14 245760 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcm90.dll
+ 2009-07-12 02:11 . 2009-07-12 02:11 176456 c:\windows\WinSxS\amd64_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_673f7fa2\atl90.dll
+ 2004-08-10 17:51 . 2011-09-15 12:57 446868 c:\windows\system32\perfh009.dat
- 2004-08-10 17:51 . 2011-09-01 04:02 446868 c:\windows\system32\perfh009.dat
+ 2011-10-10 15:10 . 2011-10-10 15:11 243360 c:\windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe
+ 2011-10-10 15:11 . 2011-10-10 15:11 328864 c:\windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.dll
+ 2011-09-27 10:52 . 2011-07-19 09:05 157472 c:\windows\system32\javaws.exe
+ 2011-09-27 10:52 . 2011-07-19 09:05 145184 c:\windows\system32\javaw.exe
- 2007-05-18 09:51 . 2009-11-12 18:58 145184 c:\windows\system32\javaw.exe
+ 2011-09-27 10:52 . 2011-07-19 09:05 145184 c:\windows\system32\java.exe
- 2007-05-18 09:51 . 2009-11-12 18:58 145184 c:\windows\system32\java.exe
+ 2011-09-03 10:17 . 2011-09-09 09:12 599040 c:\windows\system32\dllcache\crypt32.dll
+ 2011-09-26 22:48 . 2011-09-26 22:48 219648 c:\windows\Installer\8947c.msi
+ 2011-10-10 15:09 . 2011-10-10 15:09 459264 c:\windows\Installer\1d4828fb.msi
+ 2011-09-27 11:13 . 2011-09-27 11:13 223744 c:\windows\Installer\178ffeb.msi
+ 2011-09-27 10:53 . 2011-09-27 10:53 203776 c:\windows\Installer\15fd510.msi
+ 2011-08-25 15:25 . 2011-09-15 07:08 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
- 2011-08-25 15:25 . 2011-08-28 17:42 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
- 2011-08-25 15:25 . 2011-08-28 17:42 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2011-08-25 15:25 . 2011-09-15 07:08 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2011-08-25 15:25 . 2011-09-15 07:08 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
- 2011-08-25 15:25 . 2011-08-28 17:42 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
- 2011-08-25 15:25 . 2011-08-28 17:42 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
+ 2011-08-25 15:25 . 2011-09-15 07:08 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2011-08-25 15:25 . 2011-08-28 17:42 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2011-08-25 15:25 . 2011-09-15 07:08 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2011-01-14 11:10 . 2011-01-14 11:10 155520 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD6.DLL
+ 2011-01-14 11:10 . 2011-01-14 11:10 140160 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL2.DLL
+ 2008-01-17 17:03 . 2008-01-17 17:03 325112 c:\windows\Downloaded Program Files\dwa8W.dll
+ 2011-09-07 07:01 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2607712$\spuninst\updspapi.dll
+ 2011-09-07 07:01 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2607712$\spuninst\spuninst.exe
+ 2011-09-07 07:01 . 2008-04-14 00:11 599040 c:\windows\$NtUninstallKB2607712$\crypt32.dll
+ 2011-09-07 07:01 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2607712\update\updspapi.dll
+ 2011-09-07 07:01 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2607712\update\update.exe
+ 2011-09-07 07:01 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2607712\spuninst.exe
+ 2011-09-03 10:16 . 2011-09-03 10:16 599552 c:\windows\$hf_mig$\KB2607712\SP3QFE\crypt32.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 3781960 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 3766600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2011-01-11 02:50 . 2011-01-11 02:50 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfc80u.dll
+ 2011-01-11 02:50 . 2011-01-11 02:50 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfc80.dll
+ 2011-09-29 16:46 . 2011-09-29 16:46 9474048 c:\windows\Installer\9f1ff42.msi
+ 2011-09-29 16:45 . 2011-09-29 16:45 1485312 c:\windows\Installer\9f1ff3e.msi
+ 2011-09-29 16:44 . 2011-09-29 16:44 1769984 c:\windows\Installer\9f1ff39.msi
+ 2011-09-27 15:57 . 2011-09-27 15:57 5153792 c:\windows\Installer\26aa6a.msi
+ 2011-08-10 21:43 . 2011-08-10 21:43 3795968 c:\windows\Installer\1d56375a.msp
+ 2011-09-07 01:46 . 2011-09-07 01:46 9006080 c:\windows\Installer\1d563747.msp
+ 2011-08-24 10:37 . 2011-08-24 10:37 4985856 c:\windows\Installer\1d563734.msp
+ 2011-08-10 21:42 . 2011-08-10 21:42 7070208 c:\windows\Installer\1d563721.msp
+ 2011-07-21 16:34 . 2011-07-21 16:34 3456000 c:\windows\Installer\1d56370f.msp
+ 2011-09-07 01:48 . 2011-09-07 01:48 8181248 c:\windows\Installer\1d563704.msp
+ 2011-07-27 11:39 . 2011-07-27 11:39 9892352 c:\windows\Installer\1d5636df.msp
- 2011-08-25 15:25 . 2011-08-28 17:42 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-08-25 15:25 . 2011-09-15 07:08 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
- 2011-08-25 15:25 . 2011-08-28 17:42 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-08-25 15:25 . 2011-09-15 07:08 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-01-14 11:10 . 2011-01-14 11:10 2395008 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD.DLL
+ 2011-01-14 11:10 . 2011-01-14 11:10 2180992 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKPOWERPOINT.DLL
+ 2011-01-14 11:10 . 2011-01-14 11:10 3443072 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL.DLL
+ 2009-04-03 22:21 . 2009-04-03 22:21 8543096 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\OARTCONV.DLL
+ 2009-11-12 17:37 . 2011-09-28 04:25 47369160 c:\windows\system32\MRT.exe
+ 2011-07-27 11:37 . 2011-07-27 11:37 11592192 c:\windows\Installer\1d5636f1.msp
+ 2009-04-03 22:21 . 2009-04-03 22:21 16037736 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\OART.DLL
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVHotkey"="nvHotkey.dll" [2006-03-21 73728]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-22 1392640]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-03 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-29 23:22 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 22:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 06:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 21:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-03-21 11:03 7557120 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-03-21 11:03 1519616 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-09-14 19:04 4611456 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatcherHelper]
2009-06-12 14:30 53248 ----a-w- c:\program files\Sierra Wireless Inc\Watcher\WaHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg9wd"=2 (0x2)
"avg9emc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sierra Wireless Inc\\Watcher\\SwiApiMux.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5910:TCP"= 5910:TCP:vnc5910
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/27/2011 11:57 AM 64512]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [9/1/2011 12:09 AM 28552]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/29/2010 7:22 PM 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/18/2011 3:25 PM 2151640]
S0 bslmiyv;bslmiyv;c:\windows\system32\drivers\tmhgndfx.sys --> c:\windows\system32\drivers\tmhgndfx.sys [?]
S0 cmttkgku;cmttkgku;c:\windows\system32\drivers\vtoocrr.sys --> c:\windows\system32\drivers\vtoocrr.sys [?]
S0 itgc;itgc;c:\windows\system32\drivers\ntsys.sys --> c:\windows\system32\drivers\ntsys.sys [?]
S0 mjtuxx;mjtuxx;c:\windows\system32\drivers\htunxjeq.sys --> c:\windows\system32\drivers\htunxjeq.sys [?]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/29/2010 7:22 PM 216400]
S1 MpKsl07c3b05e;MpKsl07c3b05e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0E87D2E9-C5A1-4638-9144-C108519AE372}\MpKsl07c3b05e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0E87D2E9-C5A1-4638-9144-C108519AE372}\MpKsl07c3b05e.sys [?]
S1 MpKsl0de1897a;MpKsl0de1897a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{916EE052-4537-4A3C-95E5-9849228F10D1}\MpKsl0de1897a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{916EE052-4537-4A3C-95E5-9849228F10D1}\MpKsl0de1897a.sys [?]
S1 MpKsl100bddea;MpKsl100bddea;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8AE2FDE5-6D0B-46F9-B5EE-EDCA59A018E2}\MpKsl100bddea.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8AE2FDE5-6D0B-46F9-B5EE-EDCA59A018E2}\MpKsl100bddea.sys [?]
S1 MpKsl12e16199;MpKsl12e16199;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B04B7A04-2DE0-434E-BE6B-508333D133E6}\MpKsl12e16199.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B04B7A04-2DE0-434E-BE6B-508333D133E6}\MpKsl12e16199.sys [?]
S1 MpKsl18a7dc61;MpKsl18a7dc61;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B677CDFE-550B-4534-8883-0BE2A6690449}\MpKsl18a7dc61.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B677CDFE-550B-4534-8883-0BE2A6690449}\MpKsl18a7dc61.sys [?]
S1 MpKsl243ee16c;MpKsl243ee16c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E79AD164-C6A3-49C7-9307-C74A947086D1}\MpKsl243ee16c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E79AD164-C6A3-49C7-9307-C74A947086D1}\MpKsl243ee16c.sys [?]
S1 MpKsl3d6496ea;MpKsl3d6496ea;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E8A0A782-743D-4F7B-B6C5-B1457644B4DB}\MpKsl3d6496ea.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E8A0A782-743D-4F7B-B6C5-B1457644B4DB}\MpKsl3d6496ea.sys [?]
S1 MpKsl4275a39e;MpKsl4275a39e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B6628E96-0CFB-4408-82B6-79885C3DC885}\MpKsl4275a39e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B6628E96-0CFB-4408-82B6-79885C3DC885}\MpKsl4275a39e.sys [?]
S1 MpKsl439f6947;MpKsl439f6947;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DDD28BD5-1E4A-42F3-8067-37EF4291642C}\MpKsl439f6947.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DDD28BD5-1E4A-42F3-8067-37EF4291642C}\MpKsl439f6947.sys [?]
S1 MpKsl5a371987;MpKsl5a371987;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{06EC8A75-97F5-4FCC-8423-B35ABA8FAE5F}\MpKsl5a371987.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{06EC8A75-97F5-4FCC-8423-B35ABA8FAE5F}\MpKsl5a371987.sys [?]
S1 MpKsl5cd25604;MpKsl5cd25604;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DECB088B-0EA7-4C31-A5DF-641A86BD4DB2}\MpKsl5cd25604.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DECB088B-0EA7-4C31-A5DF-641A86BD4DB2}\MpKsl5cd25604.sys [?]
S1 MpKsl64f39012;MpKsl64f39012;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DDA8333C-24C5-4682-A9E2-6CFFF1580376}\MpKsl64f39012.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DDA8333C-24C5-4682-A9E2-6CFFF1580376}\MpKsl64f39012.sys [?]
S1 MpKsl9bfcc995;MpKsl9bfcc995;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{916EE052-4537-4A3C-95E5-9849228F10D1}\MpKsl9bfcc995.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{916EE052-4537-4A3C-95E5-9849228F10D1}\MpKsl9bfcc995.sys [?]
S1 MpKsl9c9e2da0;MpKsl9c9e2da0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{94A72D23-EC10-4BE0-B92F-B313190787B8}\MpKsl9c9e2da0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{94A72D23-EC10-4BE0-B92F-B313190787B8}\MpKsl9c9e2da0.sys [?]
S1 MpKsla09b9603;MpKsla09b9603;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{68C65F73-DCE5-4090-BCA7-A76CA48761F0}\MpKsla09b9603.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{68C65F73-DCE5-4090-BCA7-A76CA48761F0}\MpKsla09b9603.sys [?]
S1 MpKsla545cdac;MpKsla545cdac;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E79AD164-C6A3-49C7-9307-C74A947086D1}\MpKsla545cdac.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E79AD164-C6A3-49C7-9307-C74A947086D1}\MpKsla545cdac.sys [?]
S1 MpKslc94e8ed9;MpKslc94e8ed9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3A8D7EDE-08DD-4C22-9707-E1B222FB9088}\MpKslc94e8ed9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3A8D7EDE-08DD-4C22-9707-E1B222FB9088}\MpKslc94e8ed9.sys [?]
S1 MpKsld5d5db90;MpKsld5d5db90;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{64813972-79BE-4587-9996-BE3C1B000B23}\MpKsld5d5db90.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{64813972-79BE-4587-9996-BE3C1B000B23}\MpKsld5d5db90.sys [?]
S1 MpKsle1347340;MpKsle1347340;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{403A43F3-668D-46C1-907B-801EA2BBCAB9}\MpKsle1347340.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{403A43F3-668D-46C1-907B-801EA2BBCAB9}\MpKsle1347340.sys [?]
S1 MpKsle4bbbda1;MpKsle4bbbda1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{403A43F3-668D-46C1-907B-801EA2BBCAB9}\MpKsle4bbbda1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{403A43F3-668D-46C1-907B-801EA2BBCAB9}\MpKsle4bbbda1.sys [?]
S1 MpKslf07b5397;MpKslf07b5397;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B677CDFE-550B-4534-8883-0BE2A6690449}\MpKslf07b5397.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B677CDFE-550B-4534-8883-0BE2A6690449}\MpKslf07b5397.sys [?]
S1 MpKslf2dc4d5f;MpKslf2dc4d5f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{403A43F3-668D-46C1-907B-801EA2BBCAB9}\MpKslf2dc4d5f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{403A43F3-668D-46C1-907B-801EA2BBCAB9}\MpKslf2dc4d5f.sys [?]
S1 MpKslf5d44967;MpKslf5d44967;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3327779D-DC4F-4A2A-83FD-1B7B387F8583}\MpKslf5d44967.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3327779D-DC4F-4A2A-83FD-1B7B387F8583}\MpKslf5d44967.sys [?]
S3 elomoufiltr;ELO TouchSystems-SRV2;c:\windows\system32\drivers\EloFiltr.sys [2/5/2008 12:06 PM 53248]
S3 EloUsb;ELO TouchSystems-SRV;c:\windows\system32\drivers\EloUsb.Sys [2/5/2008 12:06 PM 92032]
S4 avg9emc;AVG Free E-mail Scanner;"c:\program files\AVG\AVG9\avgemc.exe" --> c:\program files\AVG\AVG9\avgemc.exe [?]
S4 avg9wd;AVG Free WatchDog;"c:\program files\AVG\AVG9\avgwdsvc.exe" --> c:\program files\AVG\AVG9\avgwdsvc.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 16:00]
.
2011-10-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-10-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070518
IE: E&xportar a Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-AVG9Uninstall - c:\program files\AVG\AVG9\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-12 10:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(892)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2011-10-12 11:01:47
ComboFix-quarantined-files.txt 2011-10-12 15:01
ComboFix2.txt 2011-09-26 15:02
ComboFix3.txt 2011-09-01 11:54
.
Pre-Run: 130,434,457,600 bytes free
Post-Run: 130,711,461,888 bytes free
.
- - End Of File - - 0028AB3FEF6ED6384926BFB70CB68FCF

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:49 AM

Posted 12 October 2011 - 01:21 PM

Open notepad and copy/paste the text in the quote box below into it:



Driver::
MpKsl07c3b05e
MpKsl0de1897a
MpKsl100bddea
MpKsl12e16199
MpKsl18a7dc61
MpKsl243ee16c
MpKsl3d6496ea
MpKsl4275a39e
MpKsl439f6947
MpKsl5a371987
MpKsl5cd25604
MpKsl64f39012
MpKsl9bfcc995
MpKsl9c9e2da0
MpKsla09b9603
MpKsla545cdac
MpKslc94e8ed9
MpKsld5d5db90
MpKsle1347340
MpKsle4bbbda1
MpKslf07b5397
MpKslf2dc4d5f
MpKslf5d44967


Save this as CFScript on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Please let me know what problem persists.

#7 speedy3

speedy3
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:49 AM

Posted 12 October 2011 - 08:11 PM

Below are the results. Issues still exists, google redirects to various websites, Mevio ad box appears periodically along with others, explorer closes randomly.

omboFix 11-10-12.04 - User 10/12/2011 19:59:50.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.371 [GMT -4:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MPKSL07C3B05E
-------\Legacy_MPKSL0DE1897A
-------\Legacy_MPKSL100BDDEA
-------\Legacy_MPKSL12E16199
-------\Legacy_MPKSL18A7DC61
-------\Legacy_MPKSL243EE16C
-------\Legacy_MPKSL3D6496EA
-------\Legacy_MPKSL4275A39E
-------\Legacy_MPKSL439F6947
-------\Legacy_MPKSL5A371987
-------\Legacy_MPKSL5CD25604
-------\Legacy_MPKSL64F39012
-------\Legacy_MPKSL9BFCC995
-------\Legacy_MPKSL9C9E2DA0
-------\Legacy_MPKSLA09B9603
-------\Legacy_MPKSLA545CDAC
-------\Legacy_MPKSLC94E8ED9
-------\Legacy_MPKSLD5D5DB90
-------\Legacy_MPKSLF07B5397
-------\Legacy_MPKSLF5D44967
-------\Service_MpKsl07c3b05e
-------\Service_MpKsl0de1897a
-------\Service_MpKsl100bddea
-------\Service_MpKsl12e16199
-------\Service_MpKsl18a7dc61
-------\Service_MpKsl243ee16c
-------\Service_MpKsl3d6496ea
-------\Service_MpKsl4275a39e
-------\Service_MpKsl439f6947
-------\Service_MpKsl5a371987
-------\Service_MpKsl5cd25604
-------\Service_MpKsl64f39012
-------\Service_MpKsl9bfcc995
-------\Service_MpKsl9c9e2da0
-------\Service_MpKsla09b9603
-------\Service_MpKsla545cdac
-------\Service_MpKslc94e8ed9
-------\Service_MpKsld5d5db90
-------\Service_MpKsle1347340
-------\Service_MpKsle4bbbda1
-------\Service_MpKslf07b5397
-------\Service_MpKslf2dc4d5f
-------\Service_MpKslf5d44967
.
.
((((((((((((((((((((((((( Files Created from 2011-09-13 to 2011-10-13 )))))))))))))))))))))))))))))))
.
.
2011-10-13 00:40 . 2011-10-13 00:40 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E24EF52F-963A-4DE5-93F8-91B9EFD6F754}\offreg.dll
2011-10-12 13:51 . 2011-09-12 23:14 7269712 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E24EF52F-963A-4DE5-93F8-91B9EFD6F754}\mpengine.dll
2011-10-10 15:08 . 2011-10-11 16:23 -------- d-----w- c:\program files\Yahoo!
2011-10-05 23:02 . 2011-10-05 23:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2011-10-03 00:57 . 2011-10-03 00:57 -------- d-----w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com
2011-10-03 00:56 . 2011-10-03 00:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-10-03 00:56 . 2011-10-03 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-09-29 16:47 . 2011-09-29 16:47 -------- d-----w- c:\documents and settings\User\Application Data\Apple Computer
2011-09-29 16:46 . 2011-09-29 16:46 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-09-29 16:46 . 2011-09-29 16:46 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-09-29 16:46 . 2011-09-29 16:46 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-09-29 16:46 . 2011-09-29 16:46 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-09-29 16:46 . 2011-09-29 16:46 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-09-29 16:46 . 2011-09-29 16:46 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-09-29 16:46 . 2011-09-29 16:46 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-09-29 16:45 . 2011-09-29 16:46 -------- d-----w- c:\program files\QuickTime
2011-09-29 16:45 . 2011-09-29 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2011-09-29 16:44 . 2011-09-29 16:44 -------- d-----w- c:\program files\Common Files\Apple
2011-09-29 16:44 . 2011-09-29 16:44 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Apple
2011-09-29 16:44 . 2011-09-29 16:44 -------- d-----w- c:\program files\Apple Software Update
2011-09-29 16:44 . 2011-09-29 16:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2011-09-29 16:40 . 2011-09-29 16:40 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Apple Computer
2011-09-27 17:30 . 2011-09-27 16:00 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-09-27 16:00 . 2011-09-27 16:00 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-27 15:57 . 2011-08-18 19:25 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-09-27 15:57 . 2011-09-27 15:57 -------- d-----w- c:\program files\Lavasoft
2011-09-27 15:57 . 2011-09-27 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-09-27 10:52 . 2011-07-19 09:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-27 01:58 . 2011-09-27 01:58 -------- d-----w- c:\program files\ESET
2011-09-26 22:45 . 2011-09-26 22:45 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-09-26 22:44 . 2011-09-26 22:45 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-09-26 14:46 . 2011-09-26 14:46 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\ApplicationHistory
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 15:11 . 2011-05-24 13:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-12 23:14 . 2011-01-05 21:19 7269712 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-09 09:12 . 2004-08-10 17:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-31 21:00 . 2011-01-04 20:21 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-19 06:40 . 2009-11-12 18:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-15 13:29 . 2004-08-10 17:51 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2011-10-12_14.47.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-13 00:39 . 2011-10-13 00:39 16384 c:\windows\Temp\Perflib_Perfdata_29c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVHotkey"="nvHotkey.dll" [2006-03-21 73728]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-22 1392640]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-03 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-29 23:22 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 22:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 06:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 21:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-03-21 11:03 7557120 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-03-21 11:03 1519616 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-09-14 19:04 4611456 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatcherHelper]
2009-06-12 14:30 53248 ----a-w- c:\program files\Sierra Wireless Inc\Watcher\WaHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg9wd"=2 (0x2)
"avg9emc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sierra Wireless Inc\\Watcher\\SwiApiMux.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5910:TCP"= 5910:TCP:vnc5910
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/27/2011 11:57 AM 64512]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [9/1/2011 12:09 AM 28552]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/29/2010 7:22 PM 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/18/2011 3:25 PM 2151640]
S0 bslmiyv;bslmiyv;c:\windows\system32\drivers\tmhgndfx.sys --> c:\windows\system32\drivers\tmhgndfx.sys [?]
S0 cmttkgku;cmttkgku;c:\windows\system32\drivers\vtoocrr.sys --> c:\windows\system32\drivers\vtoocrr.sys [?]
S0 itgc;itgc;c:\windows\system32\drivers\ntsys.sys --> c:\windows\system32\drivers\ntsys.sys [?]
S0 mjtuxx;mjtuxx;c:\windows\system32\drivers\htunxjeq.sys --> c:\windows\system32\drivers\htunxjeq.sys [?]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/29/2010 7:22 PM 216400]
S3 elomoufiltr;ELO TouchSystems-SRV2;c:\windows\system32\drivers\EloFiltr.sys [2/5/2008 12:06 PM 53248]
S3 EloUsb;ELO TouchSystems-SRV;c:\windows\system32\drivers\EloUsb.Sys [2/5/2008 12:06 PM 92032]
S4 avg9emc;AVG Free E-mail Scanner;"c:\program files\AVG\AVG9\avgemc.exe" --> c:\program files\AVG\AVG9\avgemc.exe [?]
S4 avg9wd;AVG Free WatchDog;"c:\program files\AVG\AVG9\avgwdsvc.exe" --> c:\program files\AVG\AVG9\avgwdsvc.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 16:00]
.
2011-10-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-10-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070518
IE: E&xportar a Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-12 20:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(900)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(3168)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\EloSrvce.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\system32\rundll32.exe
c:\windows\stsystra.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Completion time: 2011-10-12 20:57:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-13 00:56
ComboFix2.txt 2011-10-12 15:02
ComboFix3.txt 2011-09-26 15:02
ComboFix4.txt 2011-09-01 11:54
.
Pre-Run: 130,466,816,000 bytes free
Post-Run: 130,571,100,160 bytes free
.
- - End Of File - - F672624ED8F3A4A10A7F04A0B6C65AEE

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:49 AM

Posted 13 October 2011 - 07:01 AM

Go start > run box and type cmd and hit OK
type
ipconfig /flushdns <-- (The space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit Enter
===

>>> Download to your Desktop GooredFix by jpshortstuff from here or here
Ensure all Firefox windows are closed and right-click on GooredFix.exe and select Run As Administrator. Click Yes when prompted to run the scan.
GooredFix will check for infections, and then a log will appear and can also be found on your desktop, called GooredFix.txt.
Please copy and paste the contents of this log in your next reply.
===

If still being redirected:

Open notepad and copy/paste the text in the quote box below into it:

ClearJavaCache::


Save this as CFScript on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Keep me posted.

#9 speedy3

speedy3
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:49 AM

Posted 13 October 2011 - 07:49 AM

Ok follwed step 1 regarding the run cmd. I could not see and option when right clicking on the Gooredfix program. I saw an option in list "Run As" i selected that and the box that appeared did not have an option to run as adminstrator. I then tried to "log off" and the only isgn on option that appears is "user". Also I do not have Firefox installed, I use Internet Explorer. Thanks

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:49 AM

Posted 13 October 2011 - 01:27 PM

Were you able to run the ComboFix script as suggested?

#11 speedy3

speedy3
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:49 AM

Posted 13 October 2011 - 02:26 PM

Yes, I did. Also when signed in under the user account I am already under the administrator setting. Below is the log. I did not take long to run.

GooredFix by jpshortstuff (03.07.10.1)
Log created at 08:43 on 13/10/2011 (User)
Firefox version [Unable to determine]

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [08:03 12/03/2011]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [18:58 12/11/2009]

-=E.O.F=-

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:49 AM

Posted 14 October 2011 - 08:01 AM

Lets check deeper.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.


One more thing. Is this computer connected to a Wireless router?

#13 speedy3

speedy3
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:49 AM

Posted 14 October 2011 - 08:46 AM

I downloaded the aswMBR.exe to the desktop, double clicked on it and nothing happens. I have not attempted step two yet as I wasnt sure if the aswMBR.exe should be run first. Any ideas why it is not running? I deleted, reinstalled rebooted and tried still not working.
Yes, I am connected to a wireless router. I can also connect via line as well. Thanks - Ron

#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:49 AM

Posted 14 October 2011 - 09:25 AM

Right click on the aswMBR.exe file and use Run as an Administrator.

If still not being able to run it run the other tool.

#15 speedy3

speedy3
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:49 AM

Posted 14 October 2011 - 12:18 PM

Ok looks like it found a rootkit issue.



11:13:19.0859 2900 TDSS rootkit removing tool 2.6.9.0 Oct 14 2011 11:33:24
11:13:20.0578 2900 ============================================================
11:13:20.0578 2900 Current date / time: 2011/10/14 11:13:20.0578
11:13:20.0578 2900 SystemInfo:
11:13:20.0578 2900
11:13:20.0578 2900 OS Version: 5.1.2600 ServicePack: 3.0
11:13:20.0578 2900 Product type: Workstation
11:13:20.0578 2900 ComputerName: TOMAHAWKMX
11:13:20.0578 2900 UserName: User
11:13:20.0578 2900 Windows directory: C:\WINDOWS
11:13:20.0578 2900 System windows directory: C:\WINDOWS
11:13:20.0578 2900 Processor architecture: Intel x86
11:13:20.0578 2900 Number of processors: 2
11:13:20.0578 2900 Page size: 0x1000
11:13:20.0578 2900 Boot type: Normal boot
11:13:20.0578 2900 ============================================================
11:13:24.0375 2900 Initialize success
11:13:33.0156 2100 ============================================================
11:13:33.0156 2100 Scan started
11:13:33.0156 2100 Mode: Manual;
11:13:33.0156 2100 ============================================================
11:13:35.0828 2100 Abiosdsk - ok
11:13:36.0203 2100 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
11:13:36.0218 2100 abp480n5 - ok
11:13:36.0515 2100 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:13:36.0593 2100 ACPI - ok
11:13:36.0843 2100 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:13:36.0890 2100 ACPIEC - ok
11:13:37.0812 2100 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:13:37.0921 2100 adpu160m - ok
11:13:38.0812 2100 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:13:38.0953 2100 aec - ok
11:13:39.0406 2100 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:13:39.0437 2100 AFD - ok
11:13:40.0046 2100 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
11:13:40.0062 2100 agp440 - ok
11:13:40.0265 2100 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
11:13:40.0265 2100 agpCPQ - ok
11:13:40.0437 2100 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
11:13:40.0453 2100 Aha154x - ok
11:13:40.0640 2100 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:13:40.0640 2100 aic78u2 - ok
11:13:40.0750 2100 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:13:40.0750 2100 aic78xx - ok
11:13:40.0937 2100 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
11:13:40.0968 2100 AliIde - ok
11:13:41.0140 2100 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
11:13:41.0171 2100 alim1541 - ok
11:13:41.0218 2100 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
11:13:41.0218 2100 amdagp - ok
11:13:41.0250 2100 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
11:13:41.0250 2100 amsint - ok
11:13:41.0312 2100 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
11:13:41.0328 2100 APPDRV - ok
11:13:41.0421 2100 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:13:41.0437 2100 Arp1394 - ok
11:13:41.0500 2100 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
11:13:41.0500 2100 asc - ok
11:13:41.0546 2100 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
11:13:41.0546 2100 asc3350p - ok
11:13:41.0640 2100 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
11:13:41.0640 2100 asc3550 - ok
11:13:41.0796 2100 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:13:41.0812 2100 AsyncMac - ok
11:13:41.0843 2100 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:13:41.0859 2100 atapi - ok
11:13:41.0859 2100 Atdisk - ok
11:13:42.0171 2100 ati2mtag (2573c08729dd52b7b4f18df1592e0b37) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:13:42.0578 2100 ati2mtag - ok
11:13:42.0703 2100 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:13:42.0718 2100 Atmarpc - ok
11:13:42.0796 2100 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:13:42.0796 2100 audstub - ok
11:13:42.0921 2100 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
11:13:43.0046 2100 AvgLdx86 - ok
11:13:43.0156 2100 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys
11:13:43.0171 2100 AvgMfx86 - ok
11:13:43.0281 2100 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\system32\Drivers\avgtdix.sys
11:13:43.0281 2100 AvgTdiX - ok
11:13:43.0515 2100 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
11:13:43.0546 2100 BCM43XX - ok
11:13:43.0609 2100 bcm4sbxp (6489310d11971f6ba6c7f49be0baf6e0) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
11:13:43.0609 2100 bcm4sbxp - ok
11:13:43.0671 2100 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:13:43.0671 2100 Beep - ok
11:13:43.0687 2100 bslmiyv - ok
11:13:44.0281 2100 catchme - ok
11:13:44.0609 2100 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
11:13:44.0625 2100 cbidf - ok
11:13:44.0953 2100 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:13:44.0968 2100 cbidf2k - ok
11:13:45.0390 2100 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
11:13:45.0406 2100 cd20xrnt - ok
11:13:45.0531 2100 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:13:45.0546 2100 Cdaudio - ok
11:13:45.0718 2100 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:13:45.0718 2100 Cdfs - ok
11:13:46.0218 2100 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:13:46.0218 2100 Cdrom - ok
11:13:46.0406 2100 Changer - ok
11:13:46.0468 2100 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:13:46.0468 2100 CmBatt - ok
11:13:46.0500 2100 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
11:13:46.0500 2100 CmdIde - ok
11:13:46.0562 2100 cmttkgku - ok
11:13:46.0609 2100 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:13:46.0609 2100 Compbatt - ok
11:13:46.0656 2100 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
11:13:46.0656 2100 Cpqarray - ok
11:13:46.0781 2100 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
11:13:46.0796 2100 dac2w2k - ok
11:13:46.0828 2100 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
11:13:46.0828 2100 dac960nt - ok
11:13:46.0921 2100 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:13:46.0937 2100 Disk - ok
11:13:47.0140 2100 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:13:47.0375 2100 dmboot - ok
11:13:47.0421 2100 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:13:47.0421 2100 dmio - ok
11:13:47.0484 2100 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:13:47.0484 2100 dmload - ok
11:13:47.0687 2100 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:13:47.0703 2100 DMusic - ok
11:13:47.0937 2100 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:13:47.0968 2100 dpti2o - ok
11:13:48.0062 2100 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:13:48.0062 2100 drmkaud - ok
11:13:48.0140 2100 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
11:13:48.0156 2100 drvmcdb - ok
11:13:48.0171 2100 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
11:13:48.0171 2100 drvnddm - ok
11:13:48.0390 2100 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
11:13:48.0390 2100 DSproct - ok
11:13:48.0593 2100 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
11:13:48.0609 2100 E100B - ok
11:13:48.0812 2100 elomoufiltr (8c8e031f32d5f1808a5ae4c912b57607) C:\WINDOWS\system32\DRIVERS\elofiltr.sys
11:13:48.0828 2100 elomoufiltr - ok
11:13:48.0968 2100 EloUsb (8ebf908ba3909488b7ad3d696c9059b7) C:\WINDOWS\system32\DRIVERS\EloUsb.sys
11:13:48.0968 2100 EloUsb - ok
11:13:49.0171 2100 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:13:49.0203 2100 Fastfat - ok
11:13:49.0343 2100 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:13:49.0375 2100 Fdc - ok
11:13:49.0421 2100 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:13:49.0437 2100 Fips - ok
11:13:49.0468 2100 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:13:49.0468 2100 Flpydisk - ok
11:13:49.0546 2100 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:13:49.0562 2100 FltMgr - ok
11:13:49.0625 2100 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:13:49.0640 2100 Fs_Rec - ok
11:13:49.0812 2100 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:13:49.0843 2100 Ftdisk - ok
11:13:50.0000 2100 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:13:50.0015 2100 Gpc - ok
11:13:50.0109 2100 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:13:50.0125 2100 HDAudBus - ok
11:13:50.0187 2100 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:13:50.0203 2100 HidUsb - ok
11:13:50.0468 2100 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
11:13:50.0484 2100 hpn - ok
11:13:50.0703 2100 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
11:13:50.0718 2100 HSFHWAZL - ok
11:13:51.0078 2100 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
11:13:51.0234 2100 HSF_DPV - ok
11:13:51.0406 2100 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:13:51.0421 2100 HTTP - ok
11:13:51.0500 2100 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
11:13:51.0500 2100 i2omgmt - ok
11:13:51.0640 2100 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
11:13:51.0656 2100 i2omp - ok
11:13:51.0828 2100 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:13:51.0843 2100 i8042prt - ok
11:13:52.0046 2100 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:13:52.0046 2100 Imapi - ok
11:13:52.0328 2100 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
11:13:52.0343 2100 ini910u - ok
11:13:52.0468 2100 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:13:52.0484 2100 IntelIde - ok
11:13:52.0625 2100 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:13:52.0640 2100 intelppm - ok
11:13:52.0875 2100 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:13:52.0890 2100 Ip6Fw - ok
11:13:53.0031 2100 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:13:53.0046 2100 IpFilterDriver - ok
11:13:53.0187 2100 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:13:53.0203 2100 IpInIp - ok
11:13:53.0265 2100 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:13:53.0265 2100 IpNat - ok
11:13:53.0312 2100 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:13:53.0328 2100 IPSec - ok
11:13:53.0406 2100 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:13:53.0406 2100 IRENUM - ok
11:13:53.0453 2100 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:13:53.0453 2100 isapnp - ok
11:13:53.0500 2100 itgc - ok
11:13:53.0562 2100 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:13:53.0578 2100 Kbdclass - ok
11:13:53.0703 2100 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:13:53.0718 2100 kbdhid - ok
11:13:53.0781 2100 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:13:53.0796 2100 kmixer - ok
11:13:53.0906 2100 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:13:53.0906 2100 KSecDD - ok
11:13:54.0203 2100 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
11:13:54.0218 2100 Lavasoft Kernexplorer - ok
11:13:54.0515 2100 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
11:13:54.0531 2100 Lbd - ok
11:13:54.0625 2100 lbrtfdc - ok
11:13:54.0750 2100 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
11:13:54.0765 2100 mdmxsdk - ok
11:13:54.0796 2100 mjtuxx - ok
11:13:55.0000 2100 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:13:55.0000 2100 mnmdd - ok
11:13:55.0093 2100 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:13:55.0093 2100 Modem - ok
11:13:55.0109 2100 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:13:55.0109 2100 Mouclass - ok
11:13:55.0156 2100 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:13:55.0171 2100 mouhid - ok
11:13:55.0218 2100 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:13:55.0218 2100 MountMgr - ok
11:13:55.0437 2100 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
11:13:55.0500 2100 MpFilter - ok
11:13:55.0578 2100 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
11:13:55.0593 2100 mraid35x - ok
11:13:55.0671 2100 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:13:55.0687 2100 MRxDAV - ok
11:13:55.0765 2100 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:13:55.0781 2100 MRxSmb - ok
11:13:55.0796 2100 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:13:55.0796 2100 Msfs - ok
11:13:55.0843 2100 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:13:55.0875 2100 MSKSSRV - ok
11:13:55.0921 2100 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:13:55.0921 2100 MSPCLOCK - ok
11:13:56.0031 2100 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:13:56.0062 2100 MSPQM - ok
11:13:56.0312 2100 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:13:56.0312 2100 mssmbios - ok
11:13:56.0468 2100 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:13:56.0500 2100 Mup - ok
11:13:56.0765 2100 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:13:56.0859 2100 NDIS - ok
11:13:57.0328 2100 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:13:57.0343 2100 NdisTapi - ok
11:13:57.0421 2100 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:13:57.0437 2100 Ndisuio - ok
11:13:57.0515 2100 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:13:57.0546 2100 NdisWan - ok
11:13:57.0609 2100 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:13:57.0609 2100 NDProxy - ok
11:13:57.0625 2100 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:13:57.0625 2100 NetBIOS - ok
11:13:57.0671 2100 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:13:57.0671 2100 NetBT - ok
11:13:57.0781 2100 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:13:57.0796 2100 NIC1394 - ok
11:13:58.0156 2100 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:13:58.0218 2100 Npfs - ok
11:13:59.0171 2100 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:13:59.0765 2100 Ntfs - ok
11:14:00.0609 2100 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:14:00.0656 2100 Null - ok
11:14:03.0453 2100 nv (f238620bc9d2fdf8734948c0a4441707) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:14:05.0843 2100 nv - ok
11:14:06.0140 2100 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:14:06.0140 2100 NwlnkFlt - ok
11:14:06.0218 2100 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:14:06.0250 2100 NwlnkFwd - ok
11:14:06.0359 2100 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:14:06.0390 2100 ohci1394 - ok
11:14:06.0875 2100 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
11:14:06.0875 2100 omci - ok
11:14:07.0468 2100 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:14:07.0500 2100 Parport - ok
11:14:08.0000 2100 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:14:08.0031 2100 PartMgr - ok
11:14:08.0109 2100 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:14:08.0109 2100 ParVdm - ok
11:14:08.0218 2100 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
11:14:08.0218 2100 pavboot - ok
11:14:08.0265 2100 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:14:08.0265 2100 PCI - ok
11:14:08.0281 2100 PCIDump - ok
11:14:08.0312 2100 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:14:08.0328 2100 PCIIde - ok
11:14:08.0390 2100 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:14:08.0406 2100 Pcmcia - ok
11:14:08.0406 2100 PDCOMP - ok
11:14:08.0437 2100 PDFRAME - ok
11:14:08.0468 2100 PDRELI - ok
11:14:08.0484 2100 PDRFRAME - ok
11:14:08.0515 2100 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
11:14:08.0531 2100 perc2 - ok
11:14:08.0640 2100 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
11:14:08.0656 2100 perc2hib - ok
11:14:08.0828 2100 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:14:08.0828 2100 PptpMiniport - ok
11:14:08.0953 2100 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:14:08.0953 2100 PSched - ok
11:14:08.0984 2100 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:14:08.0984 2100 Ptilink - ok
11:14:09.0265 2100 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:14:09.0312 2100 PxHelp20 - ok
11:14:09.0609 2100 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
11:14:09.0625 2100 ql1080 - ok
11:14:09.0796 2100 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
11:14:09.0796 2100 Ql10wnt - ok
11:14:09.0812 2100 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
11:14:09.0812 2100 ql12160 - ok
11:14:09.0843 2100 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
11:14:09.0859 2100 ql1240 - ok
11:14:09.0921 2100 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
11:14:09.0921 2100 ql1280 - ok
11:14:09.0968 2100 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:14:09.0984 2100 RasAcd - ok
11:14:10.0109 2100 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:14:10.0125 2100 Rasl2tp - ok
11:14:10.0171 2100 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:14:10.0203 2100 RasPppoe - ok
11:14:10.0453 2100 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:14:10.0453 2100 Raspti - ok
11:14:10.0593 2100 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:14:10.0656 2100 Rdbss - ok
11:14:10.0812 2100 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:14:10.0812 2100 RDPCDD - ok
11:14:10.0921 2100 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:14:10.0968 2100 rdpdr - ok
11:14:11.0093 2100 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
11:14:11.0109 2100 RDPWD - ok
11:14:11.0234 2100 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:14:11.0250 2100 redbook - ok
11:14:11.0546 2100 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
11:14:11.0546 2100 rimmptsk - ok
11:14:11.0703 2100 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
11:14:11.0718 2100 rimsptsk - ok
11:14:12.0156 2100 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
11:14:12.0375 2100 rismxdp - ok
11:14:12.0640 2100 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
11:14:12.0640 2100 SASDIFSV - ok
11:14:12.0687 2100 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
11:14:12.0750 2100 SASKUTIL - ok
11:14:13.0265 2100 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
11:14:13.0281 2100 sdbus - ok
11:14:13.0375 2100 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:14:13.0375 2100 Secdrv - ok
11:14:13.0453 2100 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:14:13.0484 2100 serenum - ok
11:14:13.0531 2100 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:14:13.0531 2100 Serial - ok
11:14:13.0593 2100 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:14:13.0609 2100 Sfloppy - ok
11:14:13.0640 2100 Simbad - ok
11:14:13.0781 2100 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
11:14:13.0781 2100 sisagp - ok
11:14:13.0843 2100 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
11:14:13.0843 2100 Sparrow - ok
11:14:13.0937 2100 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:14:13.0953 2100 splitter - ok
11:14:14.0187 2100 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:14:14.0203 2100 sr - ok
11:14:14.0265 2100 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:14:14.0265 2100 Srv - ok
11:14:14.0343 2100 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
11:14:14.0359 2100 sscdbhk5 - ok
11:14:14.0562 2100 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
11:14:14.0562 2100 ssrtln - ok
11:14:14.0859 2100 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
11:14:15.0609 2100 STHDA - ok
11:14:15.0671 2100 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
11:14:15.0687 2100 StillCam - ok
11:14:16.0343 2100 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:14:16.0390 2100 swenum - ok
11:14:16.0468 2100 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:14:16.0468 2100 swmidi - ok
11:14:16.0531 2100 swmsflt (eda7336cd2e334b4db321bc60b7da11e) C:\WINDOWS\System32\drivers\swmsflt.sys
11:14:16.0531 2100 swmsflt - ok
11:14:16.0687 2100 SWMX00 (2bcdcf7e2a3a707e74ad4cdcb420225a) C:\WINDOWS\system32\DRIVERS\swmx00.sys
11:14:16.0703 2100 SWMX00 - ok
11:14:16.0796 2100 SWNC5E00 (47edcd5fdd249e5273cb90e56be97a5d) C:\WINDOWS\system32\DRIVERS\SWNC5E00.sys
11:14:16.0796 2100 SWNC5E00 - ok
11:14:16.0859 2100 SWUMX20 - ok
11:14:17.0000 2100 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
11:14:17.0000 2100 symc810 - ok
11:14:17.0031 2100 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
11:14:17.0031 2100 symc8xx - ok
11:14:17.0078 2100 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
11:14:17.0078 2100 sym_hi - ok
11:14:17.0093 2100 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
11:14:17.0093 2100 sym_u3 - ok
11:14:17.0171 2100 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
11:14:17.0187 2100 SynTP - ok
11:14:17.0234 2100 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:14:17.0234 2100 sysaudio - ok
11:14:17.0312 2100 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:14:17.0328 2100 Tcpip - ok
11:14:17.0406 2100 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:14:17.0421 2100 TDPIPE - ok
11:14:17.0453 2100 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:14:17.0453 2100 TDTCP - ok
11:14:17.0484 2100 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:14:17.0484 2100 TermDD - ok
11:14:17.0562 2100 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
11:14:17.0562 2100 tfsnboio - ok
11:14:17.0593 2100 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
11:14:17.0593 2100 tfsncofs - ok
11:14:17.0609 2100 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
11:14:17.0609 2100 tfsndrct - ok
11:14:17.0625 2100 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
11:14:17.0640 2100 tfsndres - ok
11:14:17.0640 2100 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
11:14:17.0656 2100 tfsnifs - ok
11:14:17.0656 2100 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
11:14:17.0671 2100 tfsnopio - ok
11:14:17.0671 2100 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
11:14:17.0687 2100 tfsnpool - ok
11:14:17.0718 2100 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
11:14:17.0734 2100 tfsnudf - ok
11:14:17.0796 2100 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
11:14:17.0796 2100 tfsnudfa - ok
11:14:17.0968 2100 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
11:14:17.0968 2100 TosIde - ok
11:14:18.0171 2100 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:14:18.0187 2100 Udfs - ok
11:14:18.0250 2100 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
11:14:18.0265 2100 ultra - ok
11:14:18.0390 2100 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:14:18.0406 2100 Update - ok
11:14:18.0500 2100 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:14:18.0515 2100 usbccgp - ok
11:14:18.0546 2100 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:14:18.0546 2100 usbehci - ok
11:14:18.0578 2100 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:14:18.0578 2100 usbhub - ok
11:14:18.0640 2100 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:14:18.0640 2100 usbprint - ok
11:14:18.0703 2100 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:14:18.0703 2100 usbscan - ok
11:14:18.0781 2100 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:14:18.0781 2100 USBSTOR - ok
11:14:18.0812 2100 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:14:18.0812 2100 usbuhci - ok
11:14:18.0890 2100 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:14:18.0890 2100 VgaSave - ok
11:14:18.0984 2100 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
11:14:19.0000 2100 viaagp - ok
11:14:19.0078 2100 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
11:14:19.0078 2100 ViaIde - ok
11:14:19.0140 2100 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:14:19.0140 2100 VolSnap - ok
11:14:19.0187 2100 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:14:19.0187 2100 Wanarp - ok
11:14:19.0218 2100 WDICA - ok
11:14:19.0265 2100 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:14:19.0265 2100 wdmaud - ok
11:14:19.0390 2100 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
11:14:19.0437 2100 winachsf - ok
11:14:19.0578 2100 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
11:14:19.0578 2100 WmiAcpi - ok
11:14:19.0703 2100 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:14:19.0703 2100 WudfPf - ok
11:14:19.0781 2100 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:14:19.0781 2100 WudfRd - ok
11:14:19.0843 2100 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0
11:14:19.0843 2100 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
11:14:19.0843 2100 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
11:14:19.0890 2100 Boot (0x1200) (a40e6ffc3ae01fc24f867309c8f9148b) \Device\Harddisk0\DR0\Partition0
11:14:19.0890 2100 \Device\Harddisk0\DR0\Partition0 - ok
11:14:19.0890 2100 ============================================================
11:14:19.0890 2100 Scan finished
11:14:19.0890 2100 ============================================================
11:14:19.0906 3248 Detected object count: 1
11:14:19.0906 3248 Actual detected object count: 1
13:02:39.0421 3248 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - will be cured on reboot
13:02:39.0421 3248 \Device\Harddisk0\DR0 - ok
13:02:39.0421 3248 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure
13:03:14.0203 4032 Deinitialize success




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users