Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Infection


  • This topic is locked This topic is locked
17 replies to this topic

#1 kevmoney

kevmoney

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 26 October 2011 - 07:06 AM

hello!

I think I might be infected but I'm not to sure. Sometimes my computer won't shut down when I try to shut it down. Oh and I had a random software installed on my computer that I don't remember putting on it. My AVG & Spybot- Search & Destroy comes up clean but I'm still suspicious of certain processes running for some reason. You guys have been very helpful in the past! Any help you can give me would be great!

-Thank you ^_^

Edited by kevmoney, 26 October 2011 - 07:33 AM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,062 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:27 AM

Posted 27 October 2011 - 12:02 AM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#3 kevmoney

kevmoney
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 28 October 2011 - 06:02 PM

Ok here are my Logs.


1st) Gmer Log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-28 15:49:23
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD80 rev.10.0
Running: k67p63n0.exe; Driver: C:\DOCUME~1\kevmoney\LOCALS~1\Temp\uxldqfow.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA0F887E]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x9CD8DF3C]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA0F8BFE]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x9CD8DFE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x9CD8E080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x9CD8E11C]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8A69000, 0x2A12DC, 0xE8000020]
init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xA777EA00]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDF 0x2D 0x25 0x05 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDF 0x2D 0x25 0x05 ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\extension@virtusdesigns.com 0 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\extension@virtusdesigns.com\chrome 0 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\extension@virtusdesigns.com\chrome\content 0 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\extension@virtusdesigns.com\chrome\content\virtusaddon 0 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\extension@virtusdesigns.com\chrome\content\virtusaddon\bing.xml 770 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\extension@virtusdesigns.com\chrome\content\virtusaddon\bingAddonHelper.js 10766 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\extension@virtusdesigns.com\chrome\content\virtusaddon\bingAddonHelperConstants.js 309 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\extension@virtusdesigns.com\chrome\content\virtusaddon\firstrun.js 1689 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\extension@virtusdesigns.com\chrome\content\virtusaddon\overlay.xul 0 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\extension@virtusdesigns.com\chrome\content\virtusaddon\prompt.xul 1747 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\extension@virtusdesigns.com\chrome\skin 0 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\extension@virtusdesigns.com\chrome\skin\virtusaddon 0 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\extension@virtusdesigns.com\chrome.manifest 0 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\extension@virtusdesigns.com\defaults 0 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\extension@virtusdesigns.com\defaults\preferences 0 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\extension@virtusdesigns.com\install.rdf 1066 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\opensearch@ask.com 0 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\opensearch@ask.com\chrome 0 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\opensearch@ask.com\chrome\content 0 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\opensearch@ask.com\chrome\content\askaddonhelper 0 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\opensearch@ask.com\chrome\content\askaddonhelper\askAddonHelper.js 10929 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\opensearch@ask.com\chrome\content\askaddonhelper\askAddonHelperConstants.js 347 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\opensearch@ask.com\chrome\content\askaddonhelper\askcomtemplate.xml 2417 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\opensearch@ask.com\chrome\content\askaddonhelper\overlay.xul 549 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\opensearch@ask.com\chrome\content\askaddonhelper\prompt.xul 1952 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\opensearch@ask.com\chrome\content\askaddonhelper\welcome.js 985 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\opensearch@ask.com\chrome\skin 0 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\opensearch@ask.com\chrome.manifest 0 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\opensearch@ask.com\defaults 0 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\opensearch@ask.com\defaults\preferences 0 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\opensearch@ask.com\install.rdf 1150 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\opensearch@ask.com\META-INF 0 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\opensearch@ask.com\META-INF\manifest.mf 2041 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\opensearch@ask.com\META-INF\zigbert.rsa 3006 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\opensearch@ask.com\META-INF\zigbert.sf 2149 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\opensearch@ask.com\meta.txt 5 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\opensearch@ask.com\revision 5 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\staged 0 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\staged\{73a6fe31-595d-460b-a920-fcc0f8843232}.json 4109 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\staged\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi 515032 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\zigboom.designs@gmail.com.xpi 2970490 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\zigboom555@aol.com.xpi 1239631 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi 514976 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}.xpi 654410 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\{a21cd440-41d6-11e0-9207-0800200c9a66}.xpi 679279 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Firefox\Profiles\t4tvvl1c.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi 627675 bytes
File C:\Documents and Settings\kevmoney\Application Data\Mozilla\Plugins\npoctoshape.dll 71960 bytes executable
File C:\Documents and Settings\kevmoney\Application Data\NCH Software\Prism 0 bytes
File C:\Documents and Settings\kevmoney\Application Data\NCH Software\Prism\ComputerPresets 0 bytes
File C:\Documents and Settings\kevmoney\Application Data\NCH Software\Prism\ComputerPresets\HD%201080.dat 646 bytes
File C:\Documents and Settings\kevmoney\Application Data\NCH Software\Prism\ComputerPresets\HD%20720.dat 644 bytes
File C:\Documents and Settings\kevmoney\Application Data\NCH Software\Prism\ComputerPresets\Internet%20Video.dat 219 bytes
File C:\Documents and Settings\kevmoney\Application Data\NCH Software\Prism\ComputerPresets\PS3%20HD%201080.dat 240 bytes
File C:\Documents and Settings\kevmoney\Application Data\NCH Software\Prism\ComputerPresets\PS3%20HD%20720.dat 238 bytes
File C:\Documents and Settings\kevmoney\Application Data\NCH Software\Prism\ComputerPresets\Traditional%20TV.dat 643 bytes
File C:\Documents and Settings\kevmoney\Application Data\NCH Software\Prism\ComputerPresets\Widescreen%20TV.dat 0 bytes
File C:\Documents and Settings\kevmoney\Application Data\NCH Software\Prism\ComputerPresets\YouTube%20HQ.dat 0 bytes
File C:\Documents and Settings\kevmoney\Application Data\NCH Software\Prism\ComputerPresets\YouTube%20Widescreen.dat 219 bytes
File C:\Documents and Settings\kevmoney\Application Data\NCH Software\Prism\ComputerPresets\YouTube.dat 219 bytes
File C:\Documents and Settings\kevmoney\Application Data\NCH Software\Prism\PortablePresets 0 bytes
File C:\Documents and Settings\kevmoney\Application Data\NCH Software\Prism\PortablePresets\iPhone%20%2F%20iPod%20Touch.dat 234 bytes
File C:\Documents and Settings\kevmoney\Application Data\NCH Software\Prism\PortablePresets\iPod%20Classic.dat 234 bytes
File C:\Documents and Settings\kevmoney\Application Data\NCH Software\Prism\PortablePresets\Mobile%20Phone.dat 289 bytes
File C:\Documents and Settings\kevmoney\Application Data\NCH Software\Prism\PortablePresets\PSP.dat 234 bytes
File C:\Documents and Settings\kevmoney\Application Data\NCH Software\Prism\VideoOutput_AVI.wff 1028 bytes

---- EOF - GMER 1.0.15 ----








2nd DDS

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
Run by kevmoney at 4:52:32 on 2011-10-27
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1141 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Soluto\soluto.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080604
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ultramon.lnk - c:\windows\installer\{537056b7-32a4-4408-9b54-0341963c7c9c}\IcoUltraMon.ico
mPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238600218218
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256796897423
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - hxxp://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} - hxxp://messenger.zone.msn.com/binary/WoF.cab57176.cab
TCP: DhcpNameServer = 192.168.10.1
TCP: Interfaces\{F6CDDCA5-7119-4817-A6FC-CB7688111713} : DhcpNameServer = 192.168.10.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\kevmoney\application data\mozilla\firefox\profiles\t4tvvl1c.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\kevmoney\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
user_pref('capability.policy.policynames', 'localfilelinks');user_pref('capability.policy.localfilelinks.sites', 'hxxp://www.webmynd.com http://www.google.com');user_pref('capability.policy.localfilelinks.checkloaduri.enabled', 'allAccess');
.
FF - user.js: browser.sessionstore.resume_from_crash - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-1-16 64288]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-7-3 13496]
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [2011-5-25 51144]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 229840]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 295248]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2007-6-20 79168]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-12 5265248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-26 189736]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2011-7-7 376352]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2008-11-14 17184]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 16720]
R3 BLKWGD;Belkin Wireless G Desktop Card Service;c:\windows\system32\drivers\BLKWGD.sys [2008-6-11 463872]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-12-1 34384]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [2011-3-22 7040]
S3 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\windows\system32\wlanndi5.sys [2004-4-21 16384]
.
=============== Created Last 30 ================
.
2011-10-27 11:47:28 -------- d-----w- c:\windows\SYSTEMROOT
2011-10-13 20:29:40 42392 ----a-w- c:\windows\system32\xfcodec.dll
2011-10-13 07:18:06 -------- d-----w- c:\documents and settings\kevmoney\local settings\application data\Realtime Soft
2011-10-13 07:13:47 -------- d-----w- c:\documents and settings\kevmoney\application data\Realtime Soft
2011-10-13 07:13:45 -------- d-----w- c:\program files\UltraMon
2011-10-13 07:13:45 -------- d-----w- c:\program files\common files\Realtime Soft
2011-10-13 07:13:45 -------- d-----w- c:\documents and settings\all users\application data\Realtime Soft
2011-10-03 22:55:19 -------- d-----w- c:\documents and settings\kevmoney\application data\AVG2012
2011-10-03 22:54:52 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
.
==================== Find3M ====================
.
2011-10-12 22:49:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-13 13:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-21 23:33:51 443448 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 4:53:52.15 ===============

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:27 PM

Posted 30 October 2011 - 08:12 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#5 kevmoney

kevmoney
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 30 October 2011 - 11:08 PM

I'm here ^_^

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:27 PM

Posted 31 October 2011 - 06:34 PM

It looks like a TDL3 infection. Please run aswMBR so I can double check

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#7 kevmoney

kevmoney
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 01 November 2011 - 06:17 AM

kk heres my aswmbr log


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-01 01:18:24
-----------------------------
01:18:24.234 OS Version: Windows 5.1.2600 Service Pack 3
01:18:24.234 Number of processors: 2 586 0xF0D
01:18:24.265 ComputerName: KEV-OPT330 UserName: kevmoney
01:18:25.609 Initialize success
01:18:36.125 AVAST engine defs: 11110100
01:18:39.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
01:18:39.609 Disk 0 Vendor: WDC_WD80 10.0 Size: 76293MB BusType: 3
01:18:39.640 Disk 0 MBR read successfully
01:18:39.640 Disk 0 MBR scan
01:18:39.671 Disk 0 Windows XP default MBR code
01:18:39.671 Disk 0 scanning sectors +156232125
01:18:39.812 Disk 0 scanning C:\WINDOWS\system32\drivers
01:19:14.265 Service scanning
01:19:16.265 Modules scanning
01:19:26.812 Disk 0 trace - called modules:
01:19:26.828 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
01:19:26.828 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a2635d0]
01:19:26.828 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a7f3030]
01:19:27.421 AVAST engine scan C:\WINDOWS
01:19:38.859 AVAST engine scan C:\WINDOWS\system32
01:22:36.421 AVAST engine scan C:\WINDOWS\system32\drivers
01:23:04.500 AVAST engine scan C:\Documents and Settings\kevmoney
02:22:43.421 AVAST engine scan C:\Documents and Settings\All Users
02:26:18.343 Scan finished successfully
04:15:20.218 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\kevmoney\Desktop\MBR.dat"
04:15:20.218 The log file has been saved successfully to "C:\Documents and Settings\kevmoney\Desktop\aswMBR.txt"

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:27 PM

Posted 01 November 2011 - 08:21 PM

That doesn't confirm it.

Can you run TDSSKiller

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#9 kevmoney

kevmoney
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 02 November 2011 - 02:32 AM

OK Heres the TDSSkiller report


00:30:40.0921 3540 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
00:30:41.0421 3540 ============================================================
00:30:41.0421 3540 Current date / time: 2011/11/02 00:30:41.0421
00:30:41.0421 3540 SystemInfo:
00:30:41.0421 3540
00:30:41.0421 3540 OS Version: 5.1.2600 ServicePack: 3.0
00:30:41.0421 3540 Product type: Workstation
00:30:41.0421 3540 ComputerName: KEV-OPT330
00:30:41.0421 3540 UserName: kevmoney
00:30:41.0421 3540 Windows directory: C:\WINDOWS
00:30:41.0421 3540 System windows directory: C:\WINDOWS
00:30:41.0421 3540 Processor architecture: Intel x86
00:30:41.0421 3540 Number of processors: 2
00:30:41.0421 3540 Page size: 0x1000
00:30:41.0421 3540 Boot type: Normal boot
00:30:41.0421 3540 ============================================================
00:30:42.0093 3540 Initialize success
00:30:49.0265 2272 ============================================================
00:30:49.0265 2272 Scan started
00:30:49.0265 2272 Mode: Manual;
00:30:49.0265 2272 ============================================================
00:30:49.0453 2272 Abiosdsk - ok
00:30:49.0500 2272 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
00:30:49.0515 2272 abp480n5 - ok
00:30:49.0562 2272 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:30:49.0562 2272 ACPI - ok
00:30:49.0609 2272 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:30:49.0609 2272 ACPIEC - ok
00:30:49.0656 2272 ADIHdAudAddService (0f0a69496989912351284bb1baa2ce57) C:\WINDOWS\system32\drivers\ADIHdAud.sys
00:30:49.0656 2272 ADIHdAudAddService - ok
00:30:49.0703 2272 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
00:30:49.0703 2272 adpu160m - ok
00:30:49.0734 2272 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:30:49.0734 2272 aec - ok
00:30:49.0765 2272 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
00:30:49.0765 2272 AegisP - ok
00:30:49.0812 2272 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
00:30:49.0812 2272 AFD - ok
00:30:49.0890 2272 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
00:30:49.0890 2272 agp440 - ok
00:30:49.0937 2272 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
00:30:49.0937 2272 agpCPQ - ok
00:30:49.0968 2272 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
00:30:49.0968 2272 Aha154x - ok
00:30:49.0984 2272 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
00:30:50.0000 2272 aic78u2 - ok
00:30:50.0015 2272 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
00:30:50.0015 2272 aic78xx - ok
00:30:50.0031 2272 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
00:30:50.0031 2272 AliIde - ok
00:30:50.0062 2272 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
00:30:50.0062 2272 alim1541 - ok
00:30:50.0125 2272 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
00:30:50.0125 2272 amdagp - ok
00:30:50.0140 2272 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
00:30:50.0140 2272 amsint - ok
00:30:50.0171 2272 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
00:30:50.0171 2272 asc - ok
00:30:50.0218 2272 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
00:30:50.0218 2272 asc3350p - ok
00:30:50.0250 2272 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
00:30:50.0265 2272 asc3550 - ok
00:30:50.0343 2272 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:30:50.0343 2272 AsyncMac - ok
00:30:50.0390 2272 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:30:50.0406 2272 atapi - ok
00:30:50.0406 2272 Atdisk - ok
00:30:50.0593 2272 ati2mtag (23f1a61ae7553d086ef264c72afc4e6a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
00:30:50.0765 2272 ati2mtag - ok
00:30:50.0796 2272 AtiHdmiService (dc6957811ff95f2dd3004361b20d8d3f) C:\WINDOWS\system32\drivers\AtiHdmi.sys
00:30:50.0796 2272 AtiHdmiService - ok
00:30:50.0828 2272 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:30:50.0843 2272 Atmarpc - ok
00:30:50.0890 2272 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:30:50.0890 2272 audstub - ok
00:30:50.0984 2272 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
00:30:50.0984 2272 AVGIDSDriver - ok
00:30:51.0031 2272 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
00:30:51.0031 2272 AVGIDSEH - ok
00:30:51.0078 2272 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
00:30:51.0078 2272 AVGIDSFilter - ok
00:30:51.0156 2272 AVGIDSShim (07eba0c11fa1d73b82ecc3255ddfe34d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
00:30:51.0156 2272 AVGIDSShim - ok
00:30:51.0234 2272 Avgldx86 (f4dbbc8d3c5338693da23c59a50f8abc) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
00:30:51.0234 2272 Avgldx86 - ok
00:30:51.0281 2272 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
00:30:51.0281 2272 Avgmfx86 - ok
00:30:51.0312 2272 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
00:30:51.0312 2272 Avgrkx86 - ok
00:30:51.0390 2272 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
00:30:51.0390 2272 Avgtdix - ok
00:30:51.0500 2272 b57w2k (d0692f7b8217e3b82d2bfac535816117) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
00:30:51.0500 2272 b57w2k - ok
00:30:51.0546 2272 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
00:30:51.0546 2272 BASFND - ok
00:30:51.0609 2272 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:30:51.0609 2272 Beep - ok
00:30:51.0671 2272 BLKWGD (c2e8c62ed66ec1a9d4b03d6ab0fc851c) C:\WINDOWS\system32\DRIVERS\BLKWGD.sys
00:30:51.0687 2272 BLKWGD - ok
00:30:51.0812 2272 catchme - ok
00:30:51.0843 2272 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
00:30:51.0843 2272 cbidf - ok
00:30:51.0859 2272 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:30:51.0859 2272 cbidf2k - ok
00:30:51.0890 2272 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
00:30:51.0890 2272 cd20xrnt - ok
00:30:51.0906 2272 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:30:51.0906 2272 Cdaudio - ok
00:30:51.0984 2272 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:30:51.0984 2272 Cdfs - ok
00:30:52.0046 2272 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:30:52.0046 2272 Cdrom - ok
00:30:52.0062 2272 Changer - ok
00:30:52.0109 2272 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
00:30:52.0125 2272 CmdIde - ok
00:30:52.0187 2272 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
00:30:52.0187 2272 Cpqarray - ok
00:30:52.0250 2272 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
00:30:52.0265 2272 dac2w2k - ok
00:30:52.0312 2272 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
00:30:52.0312 2272 dac960nt - ok
00:30:52.0406 2272 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:30:52.0406 2272 Disk - ok
00:30:52.0500 2272 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
00:30:52.0515 2272 dmboot - ok
00:30:52.0625 2272 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
00:30:52.0625 2272 dmio - ok
00:30:52.0640 2272 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:30:52.0640 2272 dmload - ok
00:30:52.0687 2272 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:30:52.0687 2272 DMusic - ok
00:30:52.0781 2272 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
00:30:52.0781 2272 dpti2o - ok
00:30:52.0843 2272 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:30:52.0843 2272 drmkaud - ok
00:30:52.0875 2272 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
00:30:52.0875 2272 E100B - ok
00:30:52.0984 2272 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:30:52.0984 2272 Fastfat - ok
00:30:53.0015 2272 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
00:30:53.0015 2272 Fdc - ok
00:30:53.0078 2272 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
00:30:53.0078 2272 Fips - ok
00:30:53.0140 2272 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:30:53.0140 2272 Flpydisk - ok
00:30:53.0234 2272 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
00:30:53.0234 2272 FltMgr - ok
00:30:53.0296 2272 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:30:53.0296 2272 Fs_Rec - ok
00:30:53.0296 2272 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:30:53.0296 2272 Ftdisk - ok
00:30:53.0359 2272 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:30:53.0359 2272 Gpc - ok
00:30:53.0421 2272 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:30:53.0421 2272 HDAudBus - ok
00:30:53.0531 2272 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:30:53.0531 2272 HidUsb - ok
00:30:53.0593 2272 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
00:30:53.0593 2272 hpn - ok
00:30:53.0671 2272 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:30:53.0671 2272 HTTP - ok
00:30:53.0750 2272 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
00:30:53.0750 2272 i2omgmt - ok
00:30:53.0796 2272 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
00:30:53.0796 2272 i2omp - ok
00:30:53.0843 2272 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:30:53.0843 2272 i8042prt - ok
00:30:54.0031 2272 ialm (12c7f8d581c4a9f126f5f8f5683a1c29) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
00:30:54.0187 2272 ialm - ok
00:30:54.0250 2272 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\drivers\iaStor.sys
00:30:54.0250 2272 iaStor - ok
00:30:54.0328 2272 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:30:54.0328 2272 Imapi - ok
00:30:54.0390 2272 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
00:30:54.0390 2272 ini910u - ok
00:30:54.0468 2272 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
00:30:54.0468 2272 IntelIde - ok
00:30:54.0546 2272 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:30:54.0546 2272 intelppm - ok
00:30:54.0593 2272 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
00:30:54.0593 2272 Ip6Fw - ok
00:30:54.0656 2272 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:30:54.0671 2272 IpFilterDriver - ok
00:30:54.0718 2272 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:30:54.0718 2272 IpInIp - ok
00:30:54.0781 2272 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:30:54.0781 2272 IpNat - ok
00:30:54.0812 2272 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:30:54.0812 2272 IPSec - ok
00:30:54.0875 2272 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:30:54.0875 2272 IRENUM - ok
00:30:54.0937 2272 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:30:54.0937 2272 isapnp - ok
00:30:54.0984 2272 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:30:54.0984 2272 Kbdclass - ok
00:30:55.0000 2272 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:30:55.0000 2272 kbdhid - ok
00:30:55.0046 2272 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:30:55.0062 2272 kmixer - ok
00:30:55.0093 2272 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:30:55.0093 2272 KSecDD - ok
00:30:55.0156 2272 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
00:30:55.0156 2272 Lbd - ok
00:30:55.0156 2272 lbrtfdc - ok
00:30:55.0218 2272 LHidFlt2 (27bbea62dfafc495e956d3911ebc3045) C:\WINDOWS\system32\DRIVERS\LHidFlt2.sys
00:30:55.0218 2272 LHidFlt2 - ok
00:30:55.0250 2272 LKbdFlt2 (bbc297ea4fc97fc7b85f70915345c80a) C:\WINDOWS\system32\DRIVERS\LKbdFlt2.sys
00:30:55.0250 2272 LKbdFlt2 - ok
00:30:55.0265 2272 LMouFlt2 (45df10f44f6a140a4f3dd377676603f2) C:\WINDOWS\system32\DRIVERS\LMouFlt2.sys
00:30:55.0265 2272 LMouFlt2 - ok
00:30:55.0281 2272 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:30:55.0281 2272 mnmdd - ok
00:30:55.0343 2272 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
00:30:55.0343 2272 Modem - ok
00:30:55.0375 2272 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:30:55.0375 2272 Mouclass - ok
00:30:55.0406 2272 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:30:55.0406 2272 mouhid - ok
00:30:55.0453 2272 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:30:55.0453 2272 MountMgr - ok
00:30:55.0500 2272 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
00:30:55.0500 2272 mraid35x - ok
00:30:55.0531 2272 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:30:55.0546 2272 MRxDAV - ok
00:30:55.0609 2272 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:30:55.0625 2272 MRxSmb - ok
00:30:55.0687 2272 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:30:55.0687 2272 Msfs - ok
00:30:55.0828 2272 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:30:55.0828 2272 MSKSSRV - ok
00:30:55.0843 2272 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:30:55.0859 2272 MSPCLOCK - ok
00:30:55.0859 2272 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:30:55.0859 2272 MSPQM - ok
00:30:55.0953 2272 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:30:55.0953 2272 mssmbios - ok
00:30:56.0031 2272 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:30:56.0031 2272 Mup - ok
00:30:56.0093 2272 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:30:56.0093 2272 NDIS - ok
00:30:56.0156 2272 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:30:56.0156 2272 NdisTapi - ok
00:30:56.0156 2272 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:30:56.0156 2272 Ndisuio - ok
00:30:56.0218 2272 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:30:56.0218 2272 NdisWan - ok
00:30:56.0281 2272 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:30:56.0281 2272 NDProxy - ok
00:30:56.0328 2272 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:30:56.0328 2272 NetBIOS - ok
00:30:56.0390 2272 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:30:56.0390 2272 NetBT - ok
00:30:56.0453 2272 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:30:56.0453 2272 Npfs - ok
00:30:56.0500 2272 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:30:56.0515 2272 Ntfs - ok
00:30:56.0531 2272 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:30:56.0531 2272 Null - ok
00:30:56.0625 2272 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:30:56.0718 2272 nv - ok
00:30:56.0781 2272 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:30:56.0781 2272 NwlnkFlt - ok
00:30:56.0796 2272 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:30:56.0796 2272 NwlnkFwd - ok
00:30:56.0890 2272 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
00:30:56.0890 2272 Parport - ok
00:30:56.0921 2272 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:30:56.0921 2272 PartMgr - ok
00:30:56.0953 2272 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
00:30:56.0953 2272 ParVdm - ok
00:30:57.0000 2272 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
00:30:57.0000 2272 PCI - ok
00:30:57.0000 2272 PCIDump - ok
00:30:57.0031 2272 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:30:57.0046 2272 PCIIde - ok
00:30:57.0109 2272 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:30:57.0109 2272 Pcmcia - ok
00:30:57.0156 2272 PDCOMP - ok
00:30:57.0187 2272 PDFRAME - ok
00:30:57.0203 2272 PDRELI - ok
00:30:57.0203 2272 PDRFRAME - ok
00:30:57.0250 2272 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
00:30:57.0250 2272 perc2 - ok
00:30:57.0296 2272 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
00:30:57.0296 2272 perc2hib - ok
00:30:57.0375 2272 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:30:57.0375 2272 PptpMiniport - ok
00:30:57.0390 2272 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:30:57.0390 2272 PSched - ok
00:30:57.0406 2272 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:30:57.0406 2272 Ptilink - ok
00:30:57.0453 2272 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
00:30:57.0453 2272 PxHelp20 - ok
00:30:57.0468 2272 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
00:30:57.0468 2272 ql1080 - ok
00:30:57.0484 2272 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
00:30:57.0484 2272 Ql10wnt - ok
00:30:57.0515 2272 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
00:30:57.0515 2272 ql12160 - ok
00:30:57.0515 2272 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
00:30:57.0515 2272 ql1240 - ok
00:30:57.0531 2272 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
00:30:57.0546 2272 ql1280 - ok
00:30:57.0578 2272 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:30:57.0578 2272 RasAcd - ok
00:30:57.0640 2272 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:30:57.0640 2272 Rasl2tp - ok
00:30:57.0703 2272 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:30:57.0703 2272 RasPppoe - ok
00:30:57.0718 2272 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:30:57.0718 2272 Raspti - ok
00:30:57.0781 2272 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:30:57.0781 2272 Rdbss - ok
00:30:57.0828 2272 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:30:57.0828 2272 RDPCDD - ok
00:30:57.0875 2272 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:30:57.0875 2272 rdpdr - ok
00:30:57.0937 2272 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
00:30:57.0937 2272 RDPWD - ok
00:30:57.0968 2272 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:30:57.0968 2272 redbook - ok
00:30:58.0031 2272 SCREAMINGBDRIVER (a643d6df1b7546256b11fb5d6b5d1375) C:\WINDOWS\system32\drivers\ScreamingBAudio.sys
00:30:58.0031 2272 SCREAMINGBDRIVER - ok
00:30:58.0078 2272 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:30:58.0078 2272 Secdrv - ok
00:30:58.0140 2272 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
00:30:58.0156 2272 SenFiltService - ok
00:30:58.0218 2272 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
00:30:58.0218 2272 serenum - ok
00:30:58.0281 2272 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
00:30:58.0281 2272 Serial - ok
00:30:58.0312 2272 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:30:58.0312 2272 Sfloppy - ok
00:30:58.0359 2272 Simbad - ok
00:30:58.0421 2272 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
00:30:58.0421 2272 sisagp - ok
00:30:58.0468 2272 SmartDefragDriver (972dea0d8149d73c5b7a2c97b2e749e3) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
00:30:58.0468 2272 SmartDefragDriver - ok
00:30:58.0484 2272 Soluto (ff35c2d01ac36b446a1b997f305f0fc2) C:\WINDOWS\system32\DRIVERS\Soluto.sys
00:30:58.0484 2272 Soluto - ok
00:30:58.0515 2272 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
00:30:58.0515 2272 Sparrow - ok
00:30:58.0531 2272 spfdrv - ok
00:30:58.0593 2272 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:30:58.0593 2272 splitter - ok
00:30:58.0640 2272 sptd - ok
00:30:58.0703 2272 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
00:30:58.0703 2272 sr - ok
00:30:58.0781 2272 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:30:58.0796 2272 Srv - ok
00:30:58.0859 2272 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:30:58.0859 2272 swenum - ok
00:30:58.0906 2272 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:30:58.0906 2272 swmidi - ok
00:30:58.0937 2272 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
00:30:58.0937 2272 symc810 - ok
00:30:58.0953 2272 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
00:30:58.0953 2272 symc8xx - ok
00:30:58.0953 2272 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
00:30:58.0968 2272 sym_hi - ok
00:30:58.0984 2272 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
00:30:58.0984 2272 sym_u3 - ok
00:30:59.0046 2272 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:30:59.0046 2272 sysaudio - ok
00:30:59.0109 2272 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:30:59.0125 2272 Tcpip - ok
00:30:59.0187 2272 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:30:59.0187 2272 TDPIPE - ok
00:30:59.0234 2272 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:30:59.0234 2272 TDTCP - ok
00:30:59.0296 2272 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:30:59.0296 2272 TermDD - ok
00:30:59.0328 2272 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
00:30:59.0328 2272 TosIde - ok
00:30:59.0375 2272 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:30:59.0375 2272 Udfs - ok
00:30:59.0406 2272 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
00:30:59.0406 2272 ultra - ok
00:30:59.0468 2272 UltraMonUtility (5a5bd0f66e84eb039cb227520d49908c) C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys
00:30:59.0468 2272 UltraMonUtility - ok
00:30:59.0546 2272 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:30:59.0562 2272 Update - ok
00:30:59.0656 2272 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
00:30:59.0656 2272 USBAAPL - ok
00:30:59.0703 2272 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
00:30:59.0703 2272 usbaudio - ok
00:30:59.0765 2272 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:30:59.0765 2272 usbccgp - ok
00:30:59.0828 2272 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:30:59.0828 2272 usbehci - ok
00:30:59.0890 2272 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:30:59.0890 2272 usbhub - ok
00:30:59.0937 2272 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:30:59.0937 2272 usbprint - ok
00:30:59.0984 2272 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:30:59.0984 2272 usbscan - ok
00:31:00.0000 2272 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:31:00.0000 2272 USBSTOR - ok
00:31:00.0062 2272 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:31:00.0062 2272 usbuhci - ok
00:31:00.0125 2272 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:31:00.0125 2272 VgaSave - ok
00:31:00.0203 2272 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
00:31:00.0203 2272 viaagp - ok
00:31:00.0234 2272 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
00:31:00.0234 2272 ViaIde - ok
00:31:00.0296 2272 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
00:31:00.0296 2272 VolSnap - ok
00:31:00.0328 2272 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:31:00.0328 2272 Wanarp - ok
00:31:00.0390 2272 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
00:31:00.0406 2272 Wdf01000 - ok
00:31:00.0421 2272 WDICA - ok
00:31:00.0437 2272 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:31:00.0453 2272 wdmaud - ok
00:31:00.0500 2272 whfltr2k (bdca289d2b54f0816411f9aec541548f) C:\WINDOWS\system32\DRIVERS\whfltr2k.sys
00:31:00.0500 2272 whfltr2k - ok
00:31:00.0578 2272 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
00:31:00.0578 2272 WinUSB - ok
00:31:00.0609 2272 wlanndi5 (224d5a22893cee9dca7b984433549735) C:\WINDOWS\system32\wlanndi5.SYS
00:31:00.0796 2272 wlanndi5 - ok
00:31:00.0906 2272 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
00:31:00.0906 2272 WpdUsb - ok
00:31:00.0953 2272 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:31:00.0953 2272 WudfPf - ok
00:31:00.0984 2272 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:31:01.0000 2272 WudfRd - ok
00:31:01.0062 2272 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
00:31:01.0171 2272 \Device\Harddisk0\DR0 - ok
00:31:01.0187 2272 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3
00:31:01.0187 2272 \Device\Harddisk1\DR3 - ok
00:31:01.0187 2272 Boot (0x1200) (b3fba83c055c505cb31336e411b3cfc0) \Device\Harddisk0\DR0\Partition0
00:31:01.0187 2272 \Device\Harddisk0\DR0\Partition0 - ok
00:31:01.0187 2272 Boot (0x1200) (923130378c7472a103e2f64f601cf458) \Device\Harddisk1\DR3\Partition0
00:31:01.0203 2272 \Device\Harddisk1\DR3\Partition0 - ok
00:31:01.0203 2272 ============================================================
00:31:01.0203 2272 Scan finished
00:31:01.0203 2272 ============================================================
00:31:01.0203 3384 Detected object count: 0
00:31:01.0203 3384 Actual detected object count: 0

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:27 PM

Posted 02 November 2011 - 12:58 PM

There doesn't look to be anything really nasty. Please run MBAM and SAS to look for lower risk malware

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


And

Download Superantispyware
  • Load Superantispyware and click the check for updates button.
  • Once the update is finished click the scan your computer button.
  • Check Perform Complete Scan and then next.
  • Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
  • Make sure that they all have a check next to them and press next.
  • Click finish and you will be taken back to the main interface.
  • Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  • Copy and paste the log onto the forum.

Posted Image
m0le is a proud member of UNITE

#11 kevmoney

kevmoney
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 04 November 2011 - 07:58 PM

Mbam log


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8046

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/3/2011 7:41:31 AM
mbam-log-2011-11-03 (07-41-31).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 301447
Time elapsed: 49 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



SAS Log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/03/2011 at 01:49 AM

Application Version : 5.0.1134

Core Rules Database Version : 7890
Trace Rules Database Version: 5702

Scan type : Complete Scan
Total Scan Time : 00:46:57

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 676
Memory threats detected : 0
Registry items scanned : 38528
Registry threats detected : 1
File items scanned : 43668
File threats detected : 61

Disabled.SecurityCenterOption
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#FIREWALLDISABLENOTIFY

Adware.Tracking Cookie
C:\Documents and Settings\kevmoney\Cookies\XFK33660.txt [ /ad.yieldmanager.com ]
www.pornhub.com [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PK4LBAK9 ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.msnportal.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.dmtracker.com [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.yadro.ru [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
stat.onestat.com [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
stat.onestat.com [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.avgtechnologies.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.youporn.com [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.youporn.com [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.youporn.com [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.youporn.com [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
auth.breakmedia.com [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.foxinteractivemedia.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.rtst.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.msnbc.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
s03.flagcounter.com [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
stat.onestat.com [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
stat.onestat.com [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
counters.gigya.com [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.careers.peopleclick.com [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.careers.peopleclick.com [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.careers.peopleclick.com [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
www.pornhub.com [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.pornhub.com [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.pornhub.com [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.pornhub.com [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.pornhub.com [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.pornhub.com [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
s05.flagcounter.com [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]
dc.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\KEVMONEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T4TVVL1C.DEFAULT\COOKIES.SQLITE ]

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:27 PM

Posted 04 November 2011 - 08:01 PM

There was a change made to the registry but nothing else seems to remain

Please scan with ESET's online application

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.
Posted Image
m0le is a proud member of UNITE

#13 kevmoney

kevmoney
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 06 November 2011 - 08:00 PM

Uh I couldnt find the log for it lol

but it did find something...... If i remember correctly it was a variant of win32.. I think

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:27 PM

Posted 06 November 2011 - 08:28 PM

How has the machine been behaving?
Posted Image
m0le is a proud member of UNITE

#15 kevmoney

kevmoney
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 06 November 2011 - 11:41 PM

So far so good




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users