Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Got Slammed - Malware Possibly?


  • This topic is locked This topic is locked
32 replies to this topic

#1 northpchelp

northpchelp

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 16 October 2011 - 01:34 AM

Hello. Trying to work through this with the tricks and programs I have used in the past with no such luck. Time to ask the experts. The computer is noisy all the time and it seems like there is also a significant amount of activity going on in the background. Please help. Hijack This log is below.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:33:10, on 10/15/2011
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} (Photo Upload Plugin Class) - http://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/58.10/uploader2.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/24.19/uploader2.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://preview.evite.com/js/ImageUploader5.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} (Photo Upload Plugin Class) - http://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10442 bytes

Edit: Moved topic from Am I infected? What do I do? to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 northpchelp

northpchelp
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 16 October 2011 - 02:05 PM

Forgot to mention I also tried a System Restore by booting from the CD that was provided with the computer. It is an older Dell so it only had SP1 when purchased. Tried downloading SP2 and SP3 immeadiately and am getting weird spooling errors, etc. I am tempted just to reinstall but am hoping someone can help me through this to avoid that.

When trying to install SP2, got a setup error saying c:\windows\system32\ntoskrnl.exe is open and in use.

Thanks again. Hope to hear back from someone.

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 PM

Posted 21 October 2011 - 01:35 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/423712 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 northpchelp

northpchelp
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 22 October 2011 - 10:13 AM

Hello. I will run everything and post the resultant logs soon. Thanks in advance for your help with this.

#5 northpchelp

northpchelp
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 22 October 2011 - 03:00 PM

Hello. I went through the steps. DDS log is below and the attach and ark logs are attached. I do have the original Windows CD the computer came with. However, I have two CD's, one being Windows XP with SP1 and then another that just says Windows XP SP2. We have two work stations at the house so I can't remember which one of these was sent from Dell when we purchased the computer. For the system restore that I did, I used the Windows with SP1 disc.

Some other notes.

-The DDS log took about 10 minutes to produce.
-When I clicked on the GMER.exe file, I got a load driver error 0xc000010E (overlapped I/O operation is in progress). Then I was able to click through and get to the screen, however, only Services, Registry, Files and ADS could be checked on the right hand side of the screen. For the hard drives, I only checked the C drive and not the partioned D drive.

Please help us! Much appreciates. DDS log below.


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 6.0.2800.1106 BrowserJavaVersion: 1.6.0_26
Run by Sam at 10:48:44 on 2011-10-22
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.502.170 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [vptray] c:\progra~1\symant~1\symant~1\vptray.exe
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
dRunOnce: [RunNarrator] Narrator.exe
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/58.10/uploader2.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/24.19/uploader2.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://preview.evite.com/js/ImageUploader5.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FFFE99BA-CAFE-4799-8136-E4E77DAB1076} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\sam\application data\mozilla\firefox\profiles\muprrudr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - plugin: c:\documents and settings\sam\application data\mozilla\firefox\profiles\muprrudr.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: d:\sam files\picasa3\npPicasa3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-9-22 54752]
R2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2002-6-19 29184]
R2 Norton AntiVirus Server;Symantec AntiVirus Client;c:\program files\symantec_client_security\symantec antivirus\Rtvscan.exe [2002-7-30 573440]
R3 NAVAP;NAVAP;c:\program files\symantec_client_security\symantec antivirus\Navap.sys [2002-6-19 218112]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101018.002\NAVENG.sys [2010-10-22 86064]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101018.002\NAVEX15.sys [2010-10-22 1371184]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2006-8-3 2944]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2003-3-13 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2006-8-3 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2006-8-3 10368]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2009-1-2 18560]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [2010-9-4 33792]
.
=============== Created Last 30 ================
.
2011-10-16 03:50:08 135168 ----a-w- c:\windows\system32\igfxres.dll
2011-10-16 03:38:58 16384 -c--a-w- c:\windows\system32\dllcache\quser.exe
2011-10-16 03:37:58 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2011-10-16 03:27:38 24576 ----a-w- c:\windows\system32\xpsp1hfm.exe
2011-10-16 03:24:16 176640 ----a-w- c:\windows\system32\LXSYSUI.DLL
2011-10-16 03:22:40 18560 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2011-10-16 03:22:39 16384 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2011-10-16 03:22:36 4992 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2011-10-16 03:22:34 83712 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2011-10-16 03:21:05 3346432 -c--a-w- c:\windows\system32\dllcache\msgr3en.dll
2011-10-16 03:21:05 106562 -c--a-w- c:\windows\system32\dllcache\srchctls.dll
2011-10-16 03:18:53 6656 ----a-w- c:\program files\msn\msncorefiles\setup\msn9xmig.dll
2011-10-16 02:54:36 5888 ----a-w- c:\windows\system32\drivers\splitter.sys
2011-10-16 02:54:33 50048 ----a-w- c:\windows\system32\drivers\DMusic.sys
2011-10-16 02:53:30 56576 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-10-16 02:50:22 4096 ----a-w- c:\windows\system32\ksuser.dll
2011-10-16 02:50:22 117248 ----a-w- c:\windows\system32\ksproxy.ax
2011-10-16 02:48:33 38024 ----a-w- c:\windows\system32\drivers\termdd.sys
2011-10-15 20:24:26 -------- d-----w- c:\windows\pss
2011-10-15 20:06:39 3660 ----a-w- c:\windows\system32\tmp.reg
2011-10-15 06:49:01 -------- d-sha-r- C:\cmdcons
2011-10-15 06:42:53 208896 ----a-w- c:\windows\MBR.exe
2011-10-15 06:42:51 98816 ----a-w- c:\windows\sed.exe
2011-10-15 06:42:51 518144 ----a-w- c:\windows\SWREG.exe
2011-10-15 06:42:51 256000 ----a-w- c:\windows\PEV.exe
2011-10-15 06:40:53 -------- d-----w- C:\ComboFix
2011-10-15 05:39:27 -------- d-----w- c:\windows\PIF
2011-10-06 03:24:48 -------- d-----w- c:\windows\system32\LogFiles
.
==================== Find3M ====================
.
2011-10-15 04:13:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-08-17 21:32:16 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-08-17 12:22:23 389120 ----a-w- c:\windows\system32\html.iec
2011-08-12 20:51:26 26488 ----a-w- c:\windows\system32\spupdsvc.exe
.
============= FINISH: 10:56:50.21 ===============

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:11 PM

Posted 23 October 2011 - 09:51 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Please post the logs for my review.

#7 northpchelp

northpchelp
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 23 October 2011 - 02:25 PM

Hi nasdaq. Thanks for your assistance.

I could not run the avast application with a double click (it just sat there hung up). TDSS killer worked (found a bad one I believe) however, then then avast worked after TDSS did its thing. Here are the logs (TDSS, then avast). The .dat file is also attached per your request.

TDSS

12:09:02.0796 3684 TDSS rootkit removing tool 2.6.12.0 Oct 21 2011 11:23:48
12:09:03.0750 3684 ============================================================
12:09:03.0750 3684 Current date / time: 2011/10/23 12:09:03.0750
12:09:03.0750 3684 SystemInfo:
12:09:03.0750 3684
12:09:03.0750 3684 OS Version: 5.1.2600 ServicePack: 1.0
12:09:03.0750 3684 Product type: Workstation
12:09:03.0750 3684 ComputerName: SAMANTHA
12:09:03.0750 3684 UserName: Sam
12:09:03.0750 3684 Windows directory: C:\WINDOWS
12:09:03.0750 3684 System windows directory: C:\WINDOWS
12:09:03.0750 3684 Processor architecture: Intel x86
12:09:03.0750 3684 Number of processors: 2
12:09:03.0750 3684 Page size: 0x1000
12:09:03.0750 3684 Boot type: Normal boot
12:09:03.0750 3684 ============================================================
12:09:05.0703 3684 Initialize success
12:09:09.0875 3984 ============================================================
12:09:09.0875 3984 Scan started
12:09:09.0875 3984 Mode: Manual;
12:09:09.0875 3984 ============================================================
12:09:13.0515 3984 Abiosdsk - ok
12:09:14.0046 3984 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
12:09:14.0093 3984 abp480n5 - ok
12:09:14.0500 3984 ACPI (94ddd4b3acbd7a9558e1762cd58386f9) C:\WINDOWS\System32\DRIVERS\ACPI.sys
12:09:15.0046 3984 ACPI - ok
12:09:15.0421 3984 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\System32\drivers\ACPIEC.sys
12:09:15.0484 3984 ACPIEC - ok
12:09:16.0062 3984 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
12:09:16.0281 3984 adpu160m - ok
12:09:16.0421 3984 aec (ff773feda15e8bd97fd54fe87a0acdbe) C:\WINDOWS\System32\drivers\aec.sys
12:09:16.0531 3984 aec - ok
12:09:16.0750 3984 AFD (51b1872b62d1c335bac53313913c8d5b) C:\WINDOWS\System32\drivers\afd.sys
12:09:17.0031 3984 AFD - ok
12:09:17.0500 3984 agp440 (65880045c51aa36184841cee915a61df) C:\WINDOWS\system32\DRIVERS\agp440.sys
12:09:17.0671 3984 agp440 - ok
12:09:17.0890 3984 agpCPQ (bef1a1ba294959466ab6bc54b01b08a7) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
12:09:17.0921 3984 agpCPQ - ok
12:09:18.0015 3984 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
12:09:18.0046 3984 Aha154x - ok
12:09:18.0343 3984 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
12:09:18.0453 3984 aic78u2 - ok
12:09:18.0656 3984 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:09:18.0671 3984 aic78xx - ok
12:09:18.0703 3984 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
12:09:18.0703 3984 AliIde - ok
12:09:18.0781 3984 alim1541 (c793db379f9e81f6efe56e43df6b31d8) C:\WINDOWS\system32\DRIVERS\alim1541.sys
12:09:18.0781 3984 alim1541 - ok
12:09:18.0843 3984 amdagp (8d49db427f7c6eb6a044fea26cfad4ff) C:\WINDOWS\system32\DRIVERS\amdagp.sys
12:09:18.0875 3984 amdagp - ok
12:09:19.0031 3984 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
12:09:19.0031 3984 amsint - ok
12:09:19.0062 3984 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
12:09:19.0062 3984 asc - ok
12:09:19.0093 3984 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
12:09:19.0109 3984 asc3350p - ok
12:09:19.0125 3984 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
12:09:19.0125 3984 asc3550 - ok
12:09:19.0171 3984 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\System32\drivers\ASCTRM.sys
12:09:19.0187 3984 ASCTRM - ok
12:09:19.0218 3984 AsyncMac (03f403b07a884fc2aa54a0916c410931) C:\WINDOWS\System32\DRIVERS\asyncmac.sys
12:09:19.0234 3984 AsyncMac - ok
12:09:19.0390 3984 atapi (95b858761a00e1d4f81f79a0da019aca) C:\WINDOWS\System32\DRIVERS\atapi.sys
12:09:19.0406 3984 atapi - ok
12:09:19.0437 3984 Atdisk - ok
12:09:19.0484 3984 Atmarpc (8d735ca1cbdb0081b0e3b9ff0eb222d0) C:\WINDOWS\System32\DRIVERS\atmarpc.sys
12:09:19.0500 3984 Atmarpc - ok
12:09:19.0531 3984 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\System32\DRIVERS\audstub.sys
12:09:19.0531 3984 audstub - ok
12:09:19.0593 3984 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\System32\drivers\Beep.sys
12:09:19.0593 3984 Beep - ok
12:09:19.0640 3984 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\System32\Drivers\Brfilt.sys
12:09:19.0640 3984 brfilt - ok
12:09:19.0703 3984 BrSerWDM (791ef93168dcf057715493d607e37983) C:\WINDOWS\System32\Drivers\BrSerWdm.sys
12:09:19.0718 3984 BrSerWDM - ok
12:09:19.0843 3984 BrUsbMdm (37e2d0b12ddf536cd64af6eb3b580ef8) C:\WINDOWS\System32\Drivers\BrUsbMdm.sys
12:09:19.0859 3984 BrUsbMdm - ok
12:09:19.0906 3984 BrUsbScn (1c5f014048e5b2748c1a8ad297c50b6f) C:\WINDOWS\System32\Drivers\BrUsbScn.sys
12:09:19.0906 3984 BrUsbScn - ok
12:09:20.0078 3984 catchme - ok
12:09:20.0140 3984 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
12:09:20.0140 3984 cbidf - ok
12:09:20.0156 3984 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\drivers\cbidf2k.sys
12:09:20.0156 3984 cbidf2k - ok
12:09:20.0203 3984 CCDECODE (3e289d740577293f0a7924f413cfa572) C:\WINDOWS\System32\DRIVERS\CCDECODE.sys
12:09:20.0218 3984 CCDECODE - ok
12:09:20.0250 3984 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
12:09:20.0250 3984 cd20xrnt - ok
12:09:20.0296 3984 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\System32\drivers\Cdaudio.sys
12:09:20.0296 3984 Cdaudio - ok
12:09:20.0343 3984 Cdfs (049a38451f2611caf2fd528e023a0b5a) C:\WINDOWS\System32\drivers\Cdfs.sys
12:09:20.0343 3984 Cdfs - ok
12:09:20.0406 3984 Cdrom (6506e033ad04cfec9ee56dbefd1083dd) C:\WINDOWS\System32\DRIVERS\cdrom.sys
12:09:20.0421 3984 Cdrom - ok
12:09:20.0421 3984 Changer - ok
12:09:20.0484 3984 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
12:09:20.0484 3984 CmdIde - ok
12:09:20.0515 3984 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
12:09:20.0531 3984 Cpqarray - ok
12:09:20.0578 3984 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
12:09:20.0593 3984 dac2w2k - ok
12:09:20.0687 3984 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
12:09:20.0718 3984 dac960nt - ok
12:09:20.0765 3984 Disk (d1b16340ceaceecbf52340a0cbdf43e1) C:\WINDOWS\System32\DRIVERS\disk.sys
12:09:20.0781 3984 Disk - ok
12:09:20.0921 3984 dmboot (e18132d39407aadca6b1d19adf408a8a) C:\WINDOWS\System32\drivers\dmboot.sys
12:09:20.0937 3984 dmboot - ok
12:09:21.0218 3984 dmio (aca44e9a8e2ff7c833664263c8478629) C:\WINDOWS\System32\drivers\dmio.sys
12:09:21.0281 3984 dmio - ok
12:09:21.0343 3984 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\System32\drivers\dmload.sys
12:09:21.0359 3984 dmload - ok
12:09:21.0468 3984 DMusic (ef05974d47d56fa8387f170f05bae5e7) C:\WINDOWS\System32\drivers\DMusic.sys
12:09:21.0484 3984 DMusic - ok
12:09:21.0515 3984 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
12:09:21.0515 3984 dpti2o - ok
12:09:21.0578 3984 drmkaud (fd859e517fa2abb53654afa7ec9e3a94) C:\WINDOWS\System32\drivers\drmkaud.sys
12:09:21.0578 3984 drmkaud - ok
12:09:21.0656 3984 drvmcdb (b15f9e526ba511a48b1b1b8537815740) C:\WINDOWS\System32\drivers\drvmcdb.sys
12:09:21.0671 3984 drvmcdb - ok
12:09:21.0687 3984 drvnddm (fa4670cae95ae2bb857c68e535661145) C:\WINDOWS\System32\drivers\drvnddm.sys
12:09:21.0703 3984 drvnddm - ok
12:09:21.0718 3984 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\System32\DRIVERS\e100b325.sys
12:09:21.0734 3984 E100B - ok
12:09:21.0796 3984 Fastfat (e4a3a8f3e60b542a747b10e86faa5dad) C:\WINDOWS\System32\drivers\Fastfat.sys
12:09:21.0828 3984 Fastfat - ok
12:09:21.0890 3984 Fdc (19c5c7eac0190a42522290bf002f64ea) C:\WINDOWS\System32\DRIVERS\fdc.sys
12:09:21.0906 3984 Fdc - ok
12:09:22.0000 3984 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\System32\drivers\Fips.sys
12:09:22.0000 3984 Fips - ok
12:09:22.0031 3984 Flpydisk (8f70d1f7606f7442e2f7383f3701d728) C:\WINDOWS\System32\DRIVERS\flpydisk.sys
12:09:22.0046 3984 Flpydisk - ok
12:09:22.0093 3984 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\System32\drivers\fltmgr.sys
12:09:22.0109 3984 FltMgr - ok
12:09:22.0171 3984 FlyUsb (8efa9bfc940d9eb9348d9dafb839fe25) C:\WINDOWS\System32\DRIVERS\FlyUsb.sys
12:09:22.0203 3984 FlyUsb - ok
12:09:22.0265 3984 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys
12:09:22.0281 3984 fssfltr - ok
12:09:22.0312 3984 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\System32\drivers\Fs_Rec.sys
12:09:22.0328 3984 Fs_Rec - ok
12:09:22.0343 3984 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\System32\DRIVERS\ftdisk.sys
12:09:22.0359 3984 Ftdisk - ok
12:09:22.0406 3984 Gpc (13591e0a02e85de2a388f3ec4bd206df) C:\WINDOWS\System32\DRIVERS\msgpc.sys
12:09:22.0421 3984 Gpc - ok
12:09:22.0468 3984 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\System32\DRIVERS\HDAudBus.sys
12:09:22.0515 3984 HDAudBus - ok
12:09:22.0609 3984 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\System32\DRIVERS\hidusb.sys
12:09:22.0609 3984 HidUsb - ok
12:09:22.0671 3984 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
12:09:22.0687 3984 hpn - ok
12:09:22.0734 3984 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\System32\DRIVERS\HPZid412.sys
12:09:22.0750 3984 HPZid412 - ok
12:09:22.0765 3984 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\System32\DRIVERS\HPZipr12.sys
12:09:22.0781 3984 HPZipr12 - ok
12:09:22.0828 3984 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\System32\DRIVERS\HPZius12.sys
12:09:22.0843 3984 HPZius12 - ok
12:09:23.0171 3984 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\System32\Drivers\HTTP.sys
12:09:23.0265 3984 HTTP - ok
12:09:23.0562 3984 i2omgmt (aeb15ed12bb5a2ce62d900a97207e78b) C:\WINDOWS\System32\drivers\i2omgmt.sys
12:09:23.0578 3984 i2omgmt - ok
12:09:23.0656 3984 i2omp (83e0f7a55077ba8d13421f0febbae2fa) C:\WINDOWS\system32\DRIVERS\i2omp.sys
12:09:23.0703 3984 i2omp - ok
12:09:23.0906 3984 i8042prt (7080f46568108cc6ea73e460ee6ee702) C:\WINDOWS\System32\DRIVERS\i8042prt.sys
12:09:23.0937 3984 i8042prt - ok
12:09:24.0328 3984 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\System32\DRIVERS\ialmnt5.sys
12:09:24.0406 3984 ialm - ok
12:09:24.0750 3984 Imapi (3cb4410747f2330d97b10b656d5bb2ac) C:\WINDOWS\System32\DRIVERS\imapi.sys
12:09:24.0781 3984 Imapi - ok
12:09:25.0015 3984 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
12:09:25.0062 3984 ini910u - ok
12:09:25.0187 3984 IntelIde (3049227da71a4a68515dcdce3030eacd) C:\WINDOWS\System32\DRIVERS\intelide.sys
12:09:25.0234 3984 IntelIde - ok
12:09:25.0406 3984 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\System32\DRIVERS\intelppm.sys
12:09:25.0437 3984 intelppm - ok
12:09:25.0500 3984 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\System32\drivers\ip6fw.sys
12:09:25.0531 3984 Ip6Fw - ok
12:09:25.0718 3984 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
12:09:25.0718 3984 IpFilterDriver - ok
12:09:25.0812 3984 IpInIp (f56dd863ba732a4e8ee58d486c31250f) C:\WINDOWS\System32\DRIVERS\ipinip.sys
12:09:25.0843 3984 IpInIp - ok
12:09:25.0906 3984 IpNat (fc672ad6e9676814a0c844912f2abcff) C:\WINDOWS\System32\DRIVERS\ipnat.sys
12:09:25.0937 3984 IpNat - ok
12:09:26.0328 3984 IPSec (1c4802409cfd4a7051f458b744cfcaa5) C:\WINDOWS\System32\DRIVERS\ipsec.sys
12:09:26.0531 3984 IPSec - ok
12:09:26.0765 3984 IRENUM (b43201394646b7e98c89056edda686b5) C:\WINDOWS\System32\DRIVERS\irenum.sys
12:09:26.0812 3984 IRENUM - ok
12:09:26.0906 3984 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\System32\DRIVERS\isapnp.sys
12:09:26.0906 3984 isapnp - ok
12:09:26.0937 3984 Kbdclass (1e7f78c2fc393356cd884c6fde7966f9) C:\WINDOWS\System32\DRIVERS\kbdclass.sys
12:09:26.0953 3984 Kbdclass - ok
12:09:27.0015 3984 kbdhid (4e33c6dea3bcc50776f02a1c1ae28671) C:\WINDOWS\System32\DRIVERS\kbdhid.sys
12:09:27.0015 3984 kbdhid - ok
12:09:27.0078 3984 kmixer (10e0feb086d8c1419b958c9034e4668a) C:\WINDOWS\System32\drivers\kmixer.sys
12:09:27.0093 3984 kmixer - ok
12:09:27.0156 3984 KSecDD (abc70e8b89cce44731a346deb764bf95) C:\WINDOWS\System32\drivers\KSecDD.sys
12:09:27.0171 3984 KSecDD - ok
12:09:27.0187 3984 lbrtfdc - ok
12:09:27.0234 3984 Leapfrog-USBLAN (5cffda921fe0c9e9ebde3150d3c81594) C:\WINDOWS\System32\DRIVERS\btblan.sys
12:09:27.0250 3984 Leapfrog-USBLAN - ok
12:09:27.0390 3984 LVUSBSta (caef4c05ba2c1acad4ebcaa4261cd55d) C:\WINDOWS\System32\drivers\LVUSBSta.sys
12:09:27.0406 3984 LVUSBSta - ok
12:09:27.0468 3984 mf (9c46695db5d49d9a7333807430a43be2) C:\WINDOWS\System32\DRIVERS\mf.sys
12:09:27.0484 3984 mf - ok
12:09:27.0515 3984 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\System32\drivers\mnmdd.sys
12:09:27.0531 3984 mnmdd - ok
12:09:27.0593 3984 Modem (7760873e4ec17f288e61f00044dea000) C:\WINDOWS\System32\drivers\Modem.sys
12:09:27.0625 3984 Modem - ok
12:09:27.0703 3984 Mouclass (81fb25d6ee5e0728d2c0630c58d7d908) C:\WINDOWS\System32\DRIVERS\mouclass.sys
12:09:27.0703 3984 Mouclass - ok
12:09:27.0750 3984 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\System32\DRIVERS\mouhid.sys
12:09:27.0765 3984 mouhid - ok
12:09:27.0953 3984 MountMgr (d4face53a1c48cf8419b4cf494d2ee2e) C:\WINDOWS\System32\drivers\MountMgr.sys
12:09:27.0968 3984 MountMgr - ok
12:09:28.0218 3984 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
12:09:28.0250 3984 mraid35x - ok
12:09:28.0281 3984 MRxDAV (d30cba20cc355d3648b9fed5bb55a9d5) C:\WINDOWS\System32\DRIVERS\mrxdav.sys
12:09:28.0296 3984 MRxDAV - ok
12:09:28.0375 3984 MRxSmb (7a3a2be44e12e2abde1af891e83ac130) C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
12:09:28.0406 3984 MRxSmb - ok
12:09:28.0468 3984 Msfs (a1831538e119363d0d90d757ac8a2012) C:\WINDOWS\System32\drivers\Msfs.sys
12:09:28.0484 3984 Msfs - ok
12:09:28.0562 3984 MSKSSRV (9686ded76afb73b48905c77a002c3ad5) C:\WINDOWS\System32\drivers\MSKSSRV.sys
12:09:28.0562 3984 MSKSSRV - ok
12:09:28.0625 3984 MSPCLOCK (bd8a0dcf208c27e20416bf9e8aed9cf9) C:\WINDOWS\System32\drivers\MSPCLOCK.sys
12:09:28.0625 3984 MSPCLOCK - ok
12:09:28.0703 3984 MSPQM (f6a726b8832db1f88326b8be98b11981) C:\WINDOWS\System32\drivers\MSPQM.sys
12:09:28.0734 3984 MSPQM - ok
12:09:28.0796 3984 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\System32\DRIVERS\mssmbios.sys
12:09:28.0812 3984 mssmbios - ok
12:09:28.0937 3984 MSTEE (2dd6df2c91ecdbafa6fc47b5bbb21617) C:\WINDOWS\System32\drivers\MSTEE.sys
12:09:28.0953 3984 MSTEE - ok
12:09:29.0000 3984 Mup (08c56887f06473b09fc1b39e7dec0fb6) C:\WINDOWS\System32\drivers\Mup.sys
12:09:29.0000 3984 Mup - ok
12:09:29.0031 3984 NABTSFEC (536e726644e1e9a8e4b8287cf2b86a4e) C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys
12:09:29.0046 3984 NABTSFEC - ok
12:09:29.0171 3984 NAVAP (70c4d2474833b6ef16342e5d33359ff6) C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys
12:09:29.0187 3984 NAVAP - ok
12:09:29.0203 3984 NAVAPEL (f81a56a1be2c0ea8c2ff320cd5dc9aad) C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS
12:09:29.0218 3984 NAVAPEL - ok
12:09:29.0312 3984 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101018.002\NAVENG.sys
12:09:29.0343 3984 NAVENG - ok
12:09:29.0390 3984 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101018.002\NAVEX15.sys
12:09:29.0437 3984 NAVEX15 - ok
12:09:29.0593 3984 NDIS (09b38768036508b51564201afb000950) C:\WINDOWS\System32\drivers\NDIS.sys
12:09:29.0609 3984 NDIS - ok
12:09:29.0656 3984 NdisIP (46dde6cdaa4677eb2d9b7df35a25f9a2) C:\WINDOWS\System32\DRIVERS\NdisIP.sys
12:09:29.0656 3984 NdisIP - ok
12:09:29.0718 3984 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\System32\DRIVERS\ndistapi.sys
12:09:29.0734 3984 NdisTapi - ok
12:09:29.0765 3984 Ndisuio (ac136fdc051a57e5f8f93694fce2b240) C:\WINDOWS\System32\DRIVERS\ndisuio.sys
12:09:29.0781 3984 Ndisuio - ok
12:09:29.0812 3984 NdisWan (15787deca8c5428beeaa8044f544fd85) C:\WINDOWS\System32\DRIVERS\ndiswan.sys
12:09:29.0812 3984 NdisWan - ok
12:09:30.0000 3984 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\System32\drivers\NDProxy.sys
12:09:30.0015 3984 NDProxy - ok
12:09:30.0062 3984 NetBIOS (e351339fa17c4a70940e15b5e3dae6e2) C:\WINDOWS\System32\DRIVERS\netbios.sys
12:09:30.0078 3984 NetBIOS - ok
12:09:30.0140 3984 NetBT (d96f3bc5a6e7452b0e3275b560dc8528) C:\WINDOWS\System32\DRIVERS\netbt.sys
12:09:30.0140 3984 NetBT - ok
12:09:30.0250 3984 Npfs (20aba9f035e3a98877480e34fcc4dcb3) C:\WINDOWS\System32\drivers\Npfs.sys
12:09:30.0250 3984 Npfs - ok
12:09:30.0390 3984 Ntfs (e3ae9c79498210a5f39fe5a9ad62bc55) C:\WINDOWS\System32\drivers\Ntfs.sys
12:09:30.0406 3984 Ntfs - ok
12:09:30.0468 3984 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\System32\drivers\Null.sys
12:09:30.0484 3984 Null - ok
12:09:30.0546 3984 nv (ef97000c0d078c68be4a4a3474a01b41) C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
12:09:30.0562 3984 nv - ok
12:09:30.0671 3984 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys
12:09:30.0671 3984 NwlnkFlt - ok
12:09:30.0734 3984 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys
12:09:30.0734 3984 NwlnkFwd - ok
12:09:30.0796 3984 Parport (67fd105f525a94c0246c9088e85a2f3b) C:\WINDOWS\System32\DRIVERS\parport.sys
12:09:30.0812 3984 Parport - ok
12:09:30.0890 3984 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\System32\drivers\PartMgr.sys
12:09:30.0890 3984 PartMgr - ok
12:09:30.0937 3984 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\System32\drivers\ParVdm.sys
12:09:30.0937 3984 ParVdm - ok
12:09:31.0125 3984 PCI (9390447f3b1be5064a3ebe98c555a1e5) C:\WINDOWS\System32\DRIVERS\pci.sys
12:09:31.0140 3984 PCI - ok
12:09:31.0156 3984 PCIDump - ok
12:09:31.0187 3984 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\System32\DRIVERS\pciide.sys
12:09:31.0203 3984 PCIIde - ok
12:09:31.0250 3984 Pcmcia (4ca446e011e2f61ac45eb2e3bc3f1584) C:\WINDOWS\System32\drivers\Pcmcia.sys
12:09:31.0265 3984 Pcmcia - ok
12:09:31.0265 3984 PDCOMP - ok
12:09:31.0281 3984 PDFRAME - ok
12:09:31.0296 3984 PDRELI - ok
12:09:31.0312 3984 PDRFRAME - ok
12:09:31.0375 3984 pepifilter (c5d5ea6a29523e0f6016741e9851c6db) C:\WINDOWS\System32\DRIVERS\lv302af.sys
12:09:31.0375 3984 pepifilter - ok
12:09:31.0406 3984 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
12:09:31.0406 3984 perc2 - ok
12:09:31.0484 3984 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
12:09:31.0484 3984 perc2hib - ok
12:09:31.0562 3984 PhilCam8116 (8754763a924639b9d07d4c8ea9990f1e) C:\WINDOWS\System32\DRIVERS\CamDrO21.sys
12:09:31.0578 3984 PhilCam8116 - ok
12:09:31.0656 3984 PID_PEPI (3f96dcd4ac98c8e0d3c03c24fd49a2fe) C:\WINDOWS\System32\DRIVERS\LV302V32.SYS
12:09:31.0687 3984 PID_PEPI - ok
12:09:31.0828 3984 PptpMiniport (fed674d73eb56c35444f701e847bf85b) C:\WINDOWS\System32\DRIVERS\raspptp.sys
12:09:31.0875 3984 PptpMiniport - ok
12:09:32.0031 3984 Processor (0f8a31ab9d8963f66ad93d3f69a1914c) C:\WINDOWS\System32\DRIVERS\processr.sys
12:09:32.0031 3984 Processor - ok
12:09:32.0078 3984 PSched (944440247fe6988c88b376ed85a0cd1a) C:\WINDOWS\System32\DRIVERS\psched.sys
12:09:32.0078 3984 PSched - ok
12:09:32.0125 3984 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\System32\DRIVERS\ptilink.sys
12:09:32.0125 3984 Ptilink - ok
12:09:32.0187 3984 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\System32\Drivers\PxHelp20.sys
12:09:32.0203 3984 PxHelp20 - ok
12:09:32.0250 3984 QCMerced - ok
12:09:32.0312 3984 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
12:09:32.0328 3984 ql1080 - ok
12:09:32.0390 3984 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
12:09:32.0406 3984 Ql10wnt - ok
12:09:32.0421 3984 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
12:09:32.0437 3984 ql12160 - ok
12:09:32.0453 3984 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
12:09:32.0453 3984 ql1240 - ok
12:09:32.0484 3984 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
12:09:32.0484 3984 ql1280 - ok
12:09:32.0531 3984 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\System32\DRIVERS\rasacd.sys
12:09:32.0546 3984 RasAcd - ok
12:09:32.0562 3984 Rasl2tp (4c242c79a9c0d98d52d6f8cb9248d528) C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
12:09:32.0593 3984 Rasl2tp - ok
12:09:32.0734 3984 RasPppoe (888335b3be346119cf7b4eff3a3fca7c) C:\WINDOWS\System32\DRIVERS\raspppoe.sys
12:09:32.0750 3984 RasPppoe - ok
12:09:32.0750 3984 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\System32\DRIVERS\raspti.sys
12:09:32.0765 3984 Raspti - ok
12:09:32.0812 3984 Rdbss (df80c149c96fcfbb8a3dc3d5dd950aa8) C:\WINDOWS\System32\DRIVERS\rdbss.sys
12:09:32.0828 3984 Rdbss - ok
12:09:32.0875 3984 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
12:09:32.0906 3984 RDPCDD - ok
12:09:32.0953 3984 rdpdr (5208d077065ea8775e319f9834f94136) C:\WINDOWS\System32\DRIVERS\rdpdr.sys
12:09:32.0953 3984 rdpdr - ok
12:09:33.0125 3984 RDPWD (0606700377b6fb8b04475e92507adade) C:\WINDOWS\System32\drivers\RDPWD.sys
12:09:33.0125 3984 RDPWD - ok
12:09:33.0187 3984 redbook (ab56d6ed4e86d2b6f819a24a070f35f7) C:\WINDOWS\System32\DRIVERS\redbook.sys
12:09:33.0187 3984 redbook - ok
12:09:33.0359 3984 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\System32\DRIVERS\secdrv.sys
12:09:33.0359 3984 Secdrv - ok
12:09:33.0484 3984 serenum (65a7c4d86c153c82e33a552c217abb29) C:\WINDOWS\System32\DRIVERS\serenum.sys
12:09:33.0484 3984 serenum - ok
12:09:33.0546 3984 Serial (dc7cbfec14b1b38bcf32aba922ffeaad) C:\WINDOWS\System32\DRIVERS\serial.sys
12:09:33.0562 3984 Serial - ok
12:09:33.0625 3984 Sfloppy (4e1b8866f3d208dee3906a191cb493e3) C:\WINDOWS\System32\drivers\Sfloppy.sys
12:09:33.0640 3984 Sfloppy - ok
12:09:33.0734 3984 Simbad - ok
12:09:33.0843 3984 sisagp (5a61f7f9dfb3d3bf5c5c72c36a375428) C:\WINDOWS\system32\DRIVERS\sisagp.sys
12:09:33.0843 3984 sisagp - ok
12:09:33.0890 3984 SLIP (80b86f9b9ec4cd0e25627e4a7c54826a) C:\WINDOWS\System32\DRIVERS\SLIP.sys
12:09:33.0890 3984 SLIP - ok
12:09:33.0953 3984 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
12:09:33.0953 3984 Sparrow - ok
12:09:34.0000 3984 splitter (32c54211e9e8a45cbcb097beaeb1999a) C:\WINDOWS\System32\drivers\splitter.sys
12:09:34.0015 3984 splitter - ok
12:09:34.0078 3984 sr (cd952661dbdf31c42e325a06bc67fd0e) C:\WINDOWS\System32\DRIVERS\sr.sys
12:09:34.0093 3984 sr - ok
12:09:34.0203 3984 Srv (94619eb663216f9bf12f9b950fcab3c0) C:\WINDOWS\System32\DRIVERS\srv.sys
12:09:34.0218 3984 Srv - ok
12:09:34.0250 3984 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\System32\drivers\sscdbhk5.sys
12:09:34.0281 3984 sscdbhk5 - ok
12:09:34.0296 3984 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\System32\drivers\ssrtln.sys
12:09:34.0296 3984 ssrtln - ok
12:09:34.0406 3984 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\System32\drivers\sthda.sys
12:09:34.0421 3984 STHDA - ok
12:09:34.0500 3984 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\System32\DRIVERS\serscan.sys
12:09:34.0500 3984 StillCam - ok
12:09:34.0656 3984 streamip (c0e7e159415c1d10a88297b7eba01066) C:\WINDOWS\System32\DRIVERS\StreamIP.sys
12:09:34.0671 3984 streamip - ok
12:09:34.0718 3984 swenum (064740c5c02de46723c4b8200ee876df) C:\WINDOWS\System32\DRIVERS\swenum.sys
12:09:34.0734 3984 swenum - ok
12:09:34.0796 3984 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\System32\drivers\swmidi.sys
12:09:34.0796 3984 swmidi - ok
12:09:34.0875 3984 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
12:09:34.0875 3984 symc810 - ok
12:09:34.0937 3984 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
12:09:34.0937 3984 symc8xx - ok
12:09:35.0062 3984 SymEvent (275263f78ea934b98c16eb5749ff250d) C:\Program Files\Symantec\SYMEVENT.SYS
12:09:35.0078 3984 SymEvent - ok
12:09:35.0156 3984 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
12:09:35.0187 3984 sym_hi - ok
12:09:35.0218 3984 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
12:09:35.0218 3984 sym_u3 - ok
12:09:35.0281 3984 sysaudio (b0b19f036f76333ab3338c7493e87b12) C:\WINDOWS\System32\drivers\sysaudio.sys
12:09:35.0281 3984 sysaudio - ok
12:09:35.0390 3984 Tcpip (244a2f9816bc9b593957281ef577d976) C:\WINDOWS\System32\DRIVERS\tcpip.sys
12:09:35.0406 3984 Tcpip - ok
12:09:35.0437 3984 TDPIPE (1a96630babbd59e8b885eae0dfbe6a3e) C:\WINDOWS\System32\drivers\TDPIPE.sys
12:09:35.0453 3984 TDPIPE - ok
12:09:35.0515 3984 TDTCP (d1c578c6b37713694c5edd7c2d7f7451) C:\WINDOWS\System32\drivers\TDTCP.sys
12:09:35.0531 3984 TDTCP - ok
12:09:35.0578 3984 TermDD (194c51bc28a7ce9818012142b062e431) C:\WINDOWS\System32\DRIVERS\termdd.sys
12:09:35.0578 3984 TermDD - ok
12:09:35.0656 3984 tfsnboio (1d265cd2fb1673a0873bf8cec19ddc7f) C:\WINDOWS\System32\dla\tfsnboio.sys
12:09:35.0671 3984 tfsnboio - ok
12:09:35.0703 3984 tfsncofs (62e4901295e0467cac78e5b4b131ae5c) C:\WINDOWS\System32\dla\tfsncofs.sys
12:09:35.0703 3984 tfsncofs - ok
12:09:35.0718 3984 tfsndrct (a2f380f9252ab3464c859adf91eead9c) C:\WINDOWS\System32\dla\tfsndrct.sys
12:09:35.0734 3984 tfsndrct - ok
12:09:35.0765 3984 tfsndres (eee79bbefe9c6a2a3ce6c8753cfea950) C:\WINDOWS\System32\dla\tfsndres.sys
12:09:35.0765 3984 tfsndres - ok
12:09:35.0781 3984 tfsnifs (9d644eb11fec9487450c4cfcd63a5df4) C:\WINDOWS\System32\dla\tfsnifs.sys
12:09:35.0781 3984 tfsnifs - ok
12:09:35.0796 3984 tfsnopio (e656af05c67edb7c0e9230a5df71ed1b) C:\WINDOWS\System32\dla\tfsnopio.sys
12:09:35.0812 3984 tfsnopio - ok
12:09:35.0828 3984 tfsnpool (64fccb9cce703ca507dffc3cebf6b2cb) C:\WINDOWS\System32\dla\tfsnpool.sys
12:09:35.0828 3984 tfsnpool - ok
12:09:35.0906 3984 tfsnudf (48bc9d8ab4e4b9bff70fb18e55cec3d6) C:\WINDOWS\System32\dla\tfsnudf.sys
12:09:35.0921 3984 tfsnudf - ok
12:09:35.0937 3984 tfsnudfa (79f60822224256b49bfc855da8d651d5) C:\WINDOWS\System32\dla\tfsnudfa.sys
12:09:35.0937 3984 tfsnudfa - ok
12:09:36.0031 3984 tmcomm (df8444a8fa8fd38d8848bdd40a8403b3) C:\WINDOWS\system32\drivers\tmcomm.sys
12:09:36.0031 3984 tmcomm - ok
12:09:36.0062 3984 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
12:09:36.0078 3984 TosIde - ok
12:09:36.0140 3984 Udfs (01ca8ec606522d2f60820b0c0086fdd5) C:\WINDOWS\System32\drivers\Udfs.sys
12:09:36.0156 3984 Udfs - ok
12:09:36.0171 3984 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
12:09:36.0171 3984 ultra - ok
12:09:36.0234 3984 Update (164cfae1d766905f56c432acfc54f28c) C:\WINDOWS\System32\DRIVERS\update.sys
12:09:36.0234 3984 Update - ok
12:09:36.0406 3984 usbaudio (f35f620363167bb818d7235cd2647077) C:\WINDOWS\System32\drivers\usbaudio.sys
12:09:36.0421 3984 usbaudio - ok
12:09:36.0453 3984 usbccgp (79fee3cfec5b14194dbe0a703d82b2a4) C:\WINDOWS\System32\DRIVERS\usbccgp.sys
12:09:36.0484 3984 usbccgp - ok
12:09:36.0515 3984 usbehci (2d0c2f3836f72e85d41d9c50aeeb5423) C:\WINDOWS\System32\DRIVERS\usbehci.sys
12:09:36.0515 3984 usbehci - ok
12:09:36.0531 3984 usbhub (d7bf70ac85e48b6c4df953401eccb75a) C:\WINDOWS\System32\DRIVERS\usbhub.sys
12:09:36.0562 3984 usbhub - ok
12:09:36.0609 3984 usbprint (c9a83be290c89730ae59f6c3085f072d) C:\WINDOWS\System32\DRIVERS\usbprint.sys
12:09:36.0609 3984 usbprint - ok
12:09:36.0625 3984 usbscan (7691af2109474eb923004f3dca4c9559) C:\WINDOWS\System32\DRIVERS\usbscan.sys
12:09:36.0640 3984 usbscan - ok
12:09:36.0718 3984 USBSTOR (4923c60f9c381eae679db04021d26abb) C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
12:09:36.0718 3984 USBSTOR - ok
12:09:36.0750 3984 usbuhci (49ec068278d85bc1e20ac7f3d315e940) C:\WINDOWS\System32\DRIVERS\usbuhci.sys
12:09:36.0750 3984 usbuhci - ok
12:09:36.0796 3984 VgaSave (08d2edfd7261242b8aea27f1fe11e120) C:\WINDOWS\System32\drivers\vga.sys
12:09:36.0812 3984 VgaSave - ok
12:09:36.0859 3984 viaagp (cdb62aaa807c1a0a3a8449f83267e628) C:\WINDOWS\system32\DRIVERS\viaagp.sys
12:09:36.0859 3984 viaagp - ok
12:09:36.0937 3984 ViaIde (fe2a9e925030fd316680680a2eb9ea63) C:\WINDOWS\system32\DRIVERS\viaide.sys
12:09:36.0937 3984 ViaIde - ok
12:09:37.0000 3984 VolSnap (6fdc9523ef81617cf5028f47fcaf0fbe) C:\WINDOWS\System32\drivers\VolSnap.sys
12:09:37.0015 3984 VolSnap - ok
12:09:37.0046 3984 Wanarp (484af08f15d1306ff2e8b64fe62a160c) C:\WINDOWS\System32\DRIVERS\wanarp.sys
12:09:37.0062 3984 Wanarp - ok
12:09:37.0078 3984 wanatw - ok
12:09:37.0078 3984 WDICA - ok
12:09:37.0125 3984 wdmaud (499b653356a9e5589ee83ac47e5d2a8c) C:\WINDOWS\System32\drivers\wdmaud.sys
12:09:37.0140 3984 wdmaud - ok
12:09:37.0234 3984 WSTCODEC (0d133af83165827b0b2f58f30cde9290) C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS
12:09:37.0250 3984 WSTCODEC - ok
12:09:37.0281 3984 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0
12:09:37.0281 3984 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
12:09:37.0281 3984 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
12:09:37.0296 3984 Boot (0x1200) (e924797a75003e6ca77ec5829cbb4e6a) \Device\Harddisk0\DR0\Partition0
12:09:37.0296 3984 \Device\Harddisk0\DR0\Partition0 - ok
12:09:37.0312 3984 Boot (0x1200) (c919dc3c0a2719d5e0e0cc2b43a76256) \Device\Harddisk0\DR0\Partition1
12:09:37.0312 3984 \Device\Harddisk0\DR0\Partition1 - ok
12:09:37.0312 3984 ============================================================
12:09:37.0312 3984 Scan finished
12:09:37.0312 3984 ============================================================
12:09:37.0343 3976 Detected object count: 1
12:09:37.0343 3976 Actual detected object count: 1
12:10:33.0703 3976 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - will be cured on reboot
12:10:33.0703 3976 \Device\Harddisk0\DR0 - ok
12:10:33.0703 3976 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure
12:10:55.0234 3672 Deinitialize success

AVAST

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-23 12:16:34
-----------------------------
12:16:34.312 OS Version: Windows 5.1.2600 Service Pack 1
12:16:34.312 Number of processors: 2 586 0x409
12:16:34.312 ComputerName: SAMANTHA UserName: Sam
12:16:34.500 Initialize success
12:17:00.937 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
12:17:00.937 Disk 0 Vendor: HDS728080PLA380 PF2OA63A Size: 76293MB BusType: 3
12:17:02.953 Disk 0 MBR read successfully
12:17:02.953 Disk 0 MBR scan
12:17:02.953 Disk 0 unknown MBR code
12:17:02.953 Disk 0 scanning sectors +156232125
12:17:03.031 Disk 0 scanning C:\WINDOWS\System32\drivers
12:17:16.937 Service scanning
12:17:18.390 Modules scanning
12:17:24.921 Disk 0 trace - called modules:
12:17:24.953 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
12:17:24.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x823dd030]
12:17:24.953 3 CLASSPNP.SYS[f8595022] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8239cd98]
12:17:24.968 Scan finished successfully
12:18:07.500 Disk 0 MBR has been saved successfully to "F:\Sam Fix\MBR.dat"
12:18:07.515 The log file has been saved successfully to "F:\Sam Fix\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   587bytes   0 downloads


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:11 PM

Posted 24 October 2011 - 08:32 AM

Looking better.

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know what problem persists.

#9 northpchelp

northpchelp
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 25 October 2011 - 12:17 AM

Combo Fix Log is attached (it said the post was too long). Check Up log is below. Computer seems better. I am now able to update to Windows SP2 and SP3. Hopefully it is okay I went ahead and did that. Please let me know what to do next. I really appreciate it.


Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 1 x86
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Symantec AntiVirus Client
```````````````````````````````
Anti-malware/Other Utilities Check:

Out of date Spybot installed!
Malwarebytes' Anti-Malware
CCleaner (remove only)
Java™ 6 Update 26
Java™ 6 Update 6
Java™ 6 Update 7
Java 2 Runtime Environment, SE v1.4.2_03
Out of date Java installed!
Adobe Flash Player 11.0.1.152
Mozilla Firefox (3.6.23) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Symantec_Client_Security Symantec AntiVirus DefWatch.exe
``````````End of Log````````````

Attached Files



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:11 PM

Posted 25 October 2011 - 12:18 PM

You may not use Internet Explorer but for you added support please update the Service Pack.

Important security issue
Support for Windows XP Service Pack 2 ended 13/07/2010
http://support.microsoft.com/lifecycle/?LN=en-gb&C2=1173

For continued support get the Service Pack 3.

http://windows.microsoft.com/en-us/windows/help/learn-how-to-install-windows-xp-service-pack-3-sp3

Read the article and pay attention to this.
In order to install SP3, you must first have Windows XP Service Pack 1a (SP1a) or Service Pack 2 (SP2) installed.

Follow the instructions on the page.
===

Out of date Spybot installed!
I suggest you update this or remove the program via the Add/Remove Programs list.
===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java SE Runtime Environment 6 Update 27.
  • In the box labeled "Java Platform, Standard Edition", click the "Download JRE" button to the right.
  • In the Window that opens, select Windows (or Windows x64), and check the "agree" box and click "Continue".
  • Click on the link to download Windows Offline Installation and save to your Desktop.
  • Then from your Desktop double-click on jre-6u27-windows-i586.exe that you have downloaded to install the newest version.

    For the x64 bit version download this on jre-6u27-windows-x64.exe). Make sure you download the corrent version.

    - Note: If you are running Vista or Windows 7, you may need to right-click on the installation file and select Run as Administrator.

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 26
Java™ 6 Update 6
Java™ 6 Update 7

===

Critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.10 and earlier versions... being exploited in the wild in active targeted attacks... update to Adobe Adobe Flash Player 11.0.1.152

Flash Player 11.0.1.152

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.
===

Please run ComboFix again. This time it should be shorter.
I also what to know it this will be fixed.
c:\windows\system32\qmgr.dll . . . is infected!!

#11 northpchelp

northpchelp
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 25 October 2011 - 11:40 PM

Hi nasdaq. I completed everything. New combo fix log is attached (zipped). I tried to attach it as a text file and the system said it was too large. Anything else I need to do? Things seem much better.

Attached Files



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:11 PM

Posted 26 October 2011 - 07:27 AM

Looking good.

Just delete these .tmp files.

c:\windows\SET16A.tmp
c:\windows\SET158.tmp
c:\windows\SET14C.tmp

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Surf Safely, and Think Prevention!
===

#13 northpchelp

northpchelp
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 26 October 2011 - 09:37 PM

Ok done. Thanks.

I disabled a pretty basic symantec anti-virus before the fixes as well as the CD drive via the defogger tool. Should I do anything else with those?

I believe there is likely better free virus and anti-malware stuff out there for me to use. Some people I know are using Microsoft Security Essentials. I noticed there are also others listed in the Prevention document you sent me. Which do you recommend?

Also, I hope you don't mind me asking on this section of the board....I have another PC
where I am having issues with speakers/sound/audio. I can play music from my Ipod and hard-drive fine on the computer. However, on internet applications such as youtube, etc, there is no sound coming from the speakers. I have tried a bunch of troubleshooting, etc. Is there a specific location on this site where I can get assistance with this fix, similar to the help you are giving me on the Malware issue?

Edited by northpchelp, 27 October 2011 - 12:05 AM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:11 PM

Posted 27 October 2011 - 09:31 AM

Enable your Norton Security software.

As fas as I'm concerned Norton or any of the security programs are good. One must keep them up to date.

If you decide to remove Norton and install an other I suggest your clean Norton completely.
Download and run the Norton Removal Tool FOR YOUR CURRENT PROGRAM.
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039?Open&src=&docid=2001092114452606&nsf=nav.nsf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=
===

HO TO: Enable the CD Emulators...

To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.
===

Also, I hope you don't mind me asking on this section of the board....I have another PC
where I am having issues with speakers/sound/audio.


Start a new topic in this forum. Run the DDS tool on this other computer and post the log.
Then, post the link to that new topic here for my review. I will expedite the matter.

#15 northpchelp

northpchelp
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 27 October 2011 - 12:18 PM

Thanks so much nasdaq. Super cool of you. The logs will be below for the speaker/sound issue. Also, I may be asking alot with this but I wanted to ask another favor (totally understand if it can't be done). Friend of mine Eric posted up a log yesterday....appears to have pretty harsh malware and then got a blue screen of death while running the gmer log. He used the site a few years ago I believe.

http://www.bleepingcomputer.com/forums/topic425217.html

You've been awesome with this current fix....if you have an interest in picking up and running with his that would be great. I know there may be some lag time to look at it as there are other folks in line, but I wanted to throw it out there and make the request on his behalf.

Here is the DDS log for the speaker/sound issue. Attach file is attached. Thanks again.

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by ksy at 9:54:46 on 2011-10-27
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.683 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBUA.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\MWSnap\MWSnap.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Connection Wizard,ShellNext = hxxp://www.ccleaner.com/update/?v=2.09.600&l=1033
mSearchAssistant = hxxp://www.google.com/ie
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [\\192.168.0.101\EPSON Stylus Photo 1400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibua.exe /fu "c:\docume~1\ksy\locals~1\temp\E_S1A3.tmp" /EF "HKCU"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10v_Plugin.exe -update plugin
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [vptray] c:\progra~1\symant~1\symant~1\vptray.exe
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exe
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238532567120
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262040714384
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://tempo5.sandicor.com/5.1.01.9506/Control/IRCSharc.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: Interfaces\{DC28CC60-641F-49EB-9B25-3AE399E2C0B0} : NameServer = 192.168.0.252
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ksy\application data\mozilla\firefox\profiles\3v0vf16s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-7 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-6-13 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-6-13 47640]
R2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2002-6-19 29184]
R2 Norton AntiVirus Server;Symantec AntiVirus Client;c:\program files\symantec_client_security\symantec antivirus\Rtvscan.exe [2002-7-30 573440]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2006-8-22 316992]
R3 NAVAP;NAVAP;c:\program files\symantec_client_security\symantec antivirus\Navap.sys [2002-6-19 218112]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101018.002\NAVENG.sys [2010-10-18 86064]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101018.002\NAVEX15.sys [2010-10-18 1371184]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
S2 WULAKTPT;WULAKTPT;\??\c:\windows\system32\wulaktpt.vxt --> c:\windows\system32\wulaktpt.vxt [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\drivers\SCR33X2K.sys [2004-4-6 64088]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2011-09-07 22:08:21 1409 ----a-w- c:\windows\QTFont.for
2011-08-18 15:37:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 9:56:37.91 ===============

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users