Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

100% cpu used for ping.exe, redirection and popups


  • This topic is locked This topic is locked
12 replies to this topic

#1 chettt

chettt

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 11 December 2011 - 10:01 PM

I'm having a series of problems with my computer. I'm seeing the following issues:
1) Ping.exe sometimes uses 100% cpu. Using the "WHATSRUNNING" program I can see over 200 individual IP conections assign to PING; there is a lot of disk activity associated.
2) Using IE8; my browser is redirecting my web pages to commercial or search sites.
3) New instances of IE8 are randomly popping up with various commercial content.
4) My network icon (lower right near clock) has a constant status of "Aquiring network address". The net and internet work fine and the properties box show a valid network address.

I have restored my computer back to November 1. This did not help.
I have run:
MS Security Essentials
Spybot
MalwareBytes
Trend Micro housecall

After all of the above, I seem to have fewer ping connections but nothing much else has changed.


I have attached the Following:
Attach.txt
ark.txt (GMER output file)

Your help would be appreciated.

Thanks in advance,
Chet




******************* DDS.TXT ****************************
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Run by Chet at 15:16:42 on 2011-12-11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.1682 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
svchost.exe
C:\Program Files\Common Files\ArchestrA\aaLogger.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
svchost.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\ArchestrA\NTServApp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Common Files\ArchestrA\slssvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\SetPoint\LBTWiz.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\TechSmith\Snagit 10\Snagit32.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\TechSmith\Snagit 10\TSCHelp.exe
C:\Program Files\TechSmith\Snagit 10\SnagPriv.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\WhatsRunning\WhatsRunning.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\TechSmith\Snagit 10\snagiteditor.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.drudgereport.com/
uSearch Bar =
mStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"
mRun: [Logitech BT Wizard] LBTWiz.exe -silent
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 10\Snagit32.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: mswsock.dll
DPF: {0F1B49C0-9894-4696-8E8D-DB1F5D02FBAB} - hxxp://24.43.107.125:50000/UltraMJCamX.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226620039843
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CCA0B877-CB5E-4ADC-AD30-457C379512DD} - hxxp://24.43.107.125:50001/xplugLiteAL.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{7153F881-ACE2-4941-A31B-5B1C20E04924} : DhcpNameServer = 192.168.1.1 68.238.64.12
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\chet\application data\mozilla\firefox\profiles\2gq7q8gf.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 MpKsl793087eb;MpKsl793087eb;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{01fedf8e-6397-4b7c-ada9-73e24b7416aa}\MpKsl793087eb.sys [2011-12-11 29904]
R1 MpKslf764438f;MpKslf764438f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3ce6e721-a853-4048-9cb0-f45815ed460d}\mpkslf764438f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3ce6e721-a853-4048-9cb0-f45815ed460d}\MpKslf764438f.sys [?]
R1 SD;Shunra WAN Emulator Miniport;c:\windows\system32\drivers\simdrv.sys [2007-9-2 88728]
R3 AZNetsim;Network Simulator;c:\windows\system32\drivers\netsim.sys [2007-7-29 67677]
S1 MpKsl1a00a8fc;MpKsl1a00a8fc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8e7961e7-c80f-4915-b7c4-43009254a8cb}\mpksl1a00a8fc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8e7961e7-c80f-4915-b7c4-43009254a8cb}\MpKsl1a00a8fc.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-6 136176]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2008-9-17 37296]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-6 136176]
S3 Shunra VE Service;Shunra VE Service;c:\program files\shunra virtual enterprise\ve user automation\bin\WSManager.exe [2008-8-6 1754392]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 wxpSvc;webcamXP Service;c:\program files\wlite\wService.exe [2009-8-9 3476480]
.
=============== Created Last 30 ================
.
2011-12-11 22:09:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-11 22:09:43 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-12-11 21:08:12 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{01fedf8e-6397-4b7c-ada9-73e24b7416aa}\MpKsl793087eb.sys
2011-12-11 21:07:59 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{01fedf8e-6397-4b7c-ada9-73e24b7416aa}\offreg.dll
2011-12-11 21:07:55 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{01fedf8e-6397-4b7c-ada9-73e24b7416aa}\mpengine.dll
2011-12-11 20:55:01 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-12-11 20:55:01 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-10 20:21:47 -------- d-----w- c:\documents and settings\chet\application data\Malwarebytes
2011-12-10 20:21:32 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-10 20:21:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 15:16:55.79 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:37 PM

Posted 12 December 2011 - 06:57 PM

Hi, Please do the following:


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)



NEXT



Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 chettt

chettt
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 12 December 2011 - 07:38 PM

Running these two programs seems to have cleared up all my problems. Much Appreciated!
Here are the log files. Maybe you can see something else for me to tweak. Thanks.

15:18:21.0562 8784 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
15:18:22.0078 8784 ============================================================
15:18:22.0078 8784 Current date / time: 2011/12/12 15:18:22.0078
15:18:22.0078 8784 SystemInfo:
15:18:22.0078 8784
15:18:22.0078 8784 OS Version: 5.1.2600 ServicePack: 3.0
15:18:22.0078 8784 Product type: Workstation
15:18:22.0078 8784 ComputerName: BOPPERS
15:18:22.0078 8784 UserName: Chet
15:18:22.0078 8784 Windows directory: C:\WINDOWS
15:18:22.0078 8784 System windows directory: C:\WINDOWS
15:18:22.0078 8784 Processor architecture: Intel x86
15:18:22.0078 8784 Number of processors: 2
15:18:22.0078 8784 Page size: 0x1000
15:18:22.0078 8784 Boot type: Normal boot
15:18:22.0078 8784 ============================================================
15:18:22.0703 8784 Initialize success
15:19:30.0265 9524 ============================================================
15:19:30.0265 9524 Scan started
15:19:30.0265 9524 Mode: Manual;
15:19:30.0265 9524 ============================================================
15:19:30.0703 9524 Abiosdsk - ok
15:19:30.0765 9524 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:19:30.0765 9524 abp480n5 - ok
15:19:30.0859 9524 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:19:30.0859 9524 ACPI - ok
15:19:30.0906 9524 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:19:30.0906 9524 ACPIEC - ok
15:19:30.0968 9524 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:19:30.0968 9524 adpu160m - ok
15:19:31.0031 9524 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:19:31.0031 9524 aec - ok
15:19:31.0093 9524 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:19:31.0093 9524 AFD - ok
15:19:31.0156 9524 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
15:19:31.0156 9524 agp440 - ok
15:19:31.0218 9524 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:19:31.0218 9524 agpCPQ - ok
15:19:31.0281 9524 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:19:31.0281 9524 Aha154x - ok
15:19:31.0343 9524 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:19:31.0343 9524 aic78u2 - ok
15:19:31.0406 9524 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:19:31.0406 9524 aic78xx - ok
15:19:31.0484 9524 akshasp (64fc197d24a2b240598f29ce0a6660c0) C:\WINDOWS\system32\DRIVERS\akshasp.sys
15:19:31.0484 9524 akshasp - ok
15:19:31.0500 9524 aksusb (2490cf6ad9f422506a088169758b6940) C:\WINDOWS\system32\DRIVERS\aksusb.sys
15:19:31.0515 9524 aksusb - ok
15:19:31.0562 9524 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
15:19:31.0562 9524 AliIde - ok
15:19:31.0625 9524 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:19:31.0625 9524 alim1541 - ok
15:19:31.0687 9524 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:19:31.0687 9524 amdagp - ok
15:19:31.0734 9524 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
15:19:31.0734 9524 amsint - ok
15:19:31.0812 9524 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
15:19:31.0812 9524 asc - ok
15:19:31.0875 9524 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:19:31.0875 9524 asc3350p - ok
15:19:31.0937 9524 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:19:31.0937 9524 asc3550 - ok
15:19:32.0015 9524 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:19:32.0015 9524 AsyncMac - ok
15:19:32.0062 9524 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:19:32.0062 9524 atapi - ok
15:19:32.0093 9524 Atdisk - ok
15:19:32.0250 9524 ati2mtag (c2b6f2161abd498d2b453050ffc81812) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
15:19:32.0296 9524 ati2mtag - ok
15:19:32.0406 9524 AtiHdmiService (591a9eabb5ef5168e435c2f18b05dd76) C:\WINDOWS\system32\drivers\AtiHdmi.sys
15:19:32.0406 9524 AtiHdmiService - ok
15:19:32.0437 9524 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:19:32.0437 9524 Atmarpc - ok
15:19:32.0515 9524 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:19:32.0515 9524 audstub - ok
15:19:32.0546 9524 AZNetsim (d1fa856fdb6be259c9116ba79a3f0483) C:\WINDOWS\system32\DRIVERS\netsim.sys
15:19:32.0562 9524 AZNetsim - ok
15:19:32.0578 9524 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:19:32.0578 9524 Beep - ok
15:19:32.0640 9524 btaudio (0f249be872f618aaba8d641e81aa3d21) C:\WINDOWS\system32\drivers\btaudio.sys
15:19:32.0640 9524 btaudio - ok
15:19:32.0718 9524 BTDriver (07f0a66cfa550b13ad0674ae09e3cba0) C:\WINDOWS\system32\DRIVERS\btport.sys
15:19:32.0718 9524 BTDriver - ok
15:19:32.0765 9524 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
15:19:32.0765 9524 BthEnum - ok
15:19:32.0812 9524 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
15:19:32.0812 9524 BthPan - ok
15:19:32.0875 9524 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
15:19:32.0890 9524 BTHPORT - ok
15:19:32.0906 9524 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
15:19:32.0906 9524 BTHUSB - ok
15:19:32.0984 9524 BTKRNL (ade37ab15c958f5db2f85431cca8763a) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
15:19:32.0984 9524 BTKRNL - ok
15:19:33.0046 9524 btusbflt (24b6f65f80ebe0111e7807769ae3d6c0) C:\WINDOWS\system32\drivers\btusbflt.sys
15:19:33.0046 9524 btusbflt - ok
15:19:33.0109 9524 btwhid (6beb0adaa3d2b80e6515eec5d03b7540) C:\WINDOWS\system32\DRIVERS\btwhid.sys
15:19:33.0109 9524 btwhid - ok
15:19:33.0125 9524 BTWUSB (a01fd9851406de0870c23759e2f7b6ea) C:\WINDOWS\system32\Drivers\btwusb.sys
15:19:33.0140 9524 BTWUSB - ok
15:19:33.0140 9524 catchme - ok
15:19:33.0171 9524 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:19:33.0171 9524 cbidf - ok
15:19:33.0187 9524 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:19:33.0187 9524 cbidf2k - ok
15:19:33.0234 9524 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:19:33.0234 9524 CCDECODE - ok
15:19:33.0296 9524 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:19:33.0296 9524 cd20xrnt - ok
15:19:33.0328 9524 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:19:33.0328 9524 Cdaudio - ok
15:19:33.0343 9524 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:19:33.0343 9524 Cdfs - ok
15:19:33.0359 9524 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:19:33.0375 9524 Cdrom - ok
15:19:33.0375 9524 Changer - ok
15:19:33.0421 9524 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:19:33.0421 9524 CmdIde - ok
15:19:33.0437 9524 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:19:33.0437 9524 Cpqarray - ok
15:19:33.0515 9524 cvspydr2 (c6644d1a70c050fdd7ecbe8c3ac05313) C:\WINDOWS\system32\DRIVERS\cvspydr2.sys
15:19:33.0515 9524 cvspydr2 - ok
15:19:33.0578 9524 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:19:33.0578 9524 dac2w2k - ok
15:19:33.0625 9524 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:19:33.0625 9524 dac960nt - ok
15:19:33.0671 9524 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:19:33.0671 9524 Disk - ok
15:19:33.0765 9524 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
15:19:33.0765 9524 DLABMFSM - ok
15:19:33.0781 9524 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
15:19:33.0781 9524 DLABOIOM - ok
15:19:33.0781 9524 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
15:19:33.0781 9524 DLACDBHM - ok
15:19:33.0796 9524 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS
15:19:33.0796 9524 DLADResM - ok
15:19:33.0812 9524 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
15:19:33.0812 9524 DLAIFS_M - ok
15:19:33.0812 9524 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
15:19:33.0812 9524 DLAOPIOM - ok
15:19:33.0828 9524 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
15:19:33.0828 9524 DLAPoolM - ok
15:19:33.0843 9524 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
15:19:33.0843 9524 DLARTL_M - ok
15:19:33.0843 9524 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
15:19:33.0843 9524 DLAUDFAM - ok
15:19:33.0859 9524 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
15:19:33.0859 9524 DLAUDF_M - ok
15:19:33.0890 9524 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:19:33.0906 9524 dmboot - ok
15:19:33.0906 9524 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:19:33.0906 9524 dmio - ok
15:19:33.0953 9524 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:19:33.0953 9524 dmload - ok
15:19:33.0984 9524 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:19:33.0984 9524 DMusic - ok
15:19:34.0062 9524 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:19:34.0062 9524 dpti2o - ok
15:19:34.0093 9524 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:19:34.0093 9524 drmkaud - ok
15:19:34.0140 9524 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
15:19:34.0140 9524 DRVMCDB - ok
15:19:34.0171 9524 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
15:19:34.0171 9524 DRVNDDM - ok
15:19:34.0203 9524 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:19:34.0203 9524 E100B - ok
15:19:34.0265 9524 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
15:19:34.0265 9524 e1express - ok
15:19:34.0296 9524 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:19:34.0296 9524 Fastfat - ok
15:19:34.0328 9524 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:19:34.0328 9524 Fdc - ok
15:19:34.0421 9524 FilterService (bcef16e3aedd1b44bca45f748d975d73) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
15:19:34.0421 9524 FilterService - ok
15:19:34.0468 9524 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:19:34.0468 9524 Fips - ok
15:19:34.0515 9524 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:19:34.0515 9524 Flpydisk - ok
15:19:34.0593 9524 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:19:34.0593 9524 FltMgr - ok
15:19:34.0640 9524 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:19:34.0640 9524 Fs_Rec - ok
15:19:34.0671 9524 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:19:34.0671 9524 Ftdisk - ok
15:19:34.0718 9524 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
15:19:34.0718 9524 GEARAspiWDM - ok
15:19:34.0765 9524 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:19:34.0765 9524 Gpc - ok
15:19:34.0828 9524 hardlock (2a2448dd47208722c0cf3665687ae9f6) C:\WINDOWS\system32\drivers\hardlock.sys
15:19:34.0843 9524 hardlock - ok
15:19:34.0875 9524 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:19:34.0875 9524 HDAudBus - ok
15:19:34.0921 9524 HidBth (7bd2de4c85eb4241eed57672b16a7d8d) C:\WINDOWS\system32\DRIVERS\hidbth.sys
15:19:34.0921 9524 HidBth - ok
15:19:34.0984 9524 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:19:34.0984 9524 HidUsb - ok
15:19:35.0046 9524 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
15:19:35.0046 9524 hpn - ok
15:19:35.0109 9524 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:19:35.0109 9524 HTTP - ok
15:19:35.0125 9524 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
15:19:35.0125 9524 i2omgmt - ok
15:19:35.0156 9524 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:19:35.0156 9524 i2omp - ok
15:19:35.0156 9524 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:19:35.0156 9524 i8042prt - ok
15:19:35.0296 9524 ialm (28423512370705aeda6a652fedb25468) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
15:19:35.0328 9524 ialm - ok
15:19:35.0421 9524 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\drivers\iaStor.sys
15:19:35.0421 9524 iaStor - ok
15:19:35.0468 9524 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:19:35.0468 9524 Imapi - ok
15:19:35.0500 9524 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:19:35.0500 9524 ini910u - ok
15:19:35.0671 9524 IntcAzAudAddService (17bbbabb21f86b650b2626045a9d016c) C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:19:35.0687 9524 IntcAzAudAddService - ok
15:19:35.0734 9524 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:19:35.0734 9524 IntelIde - ok
15:19:35.0781 9524 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:19:35.0781 9524 intelppm - ok
15:19:35.0859 9524 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:19:35.0859 9524 Ip6Fw - ok
15:19:35.0921 9524 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:19:35.0921 9524 IpFilterDriver - ok
15:19:35.0984 9524 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:19:35.0984 9524 IpInIp - ok
15:19:36.0031 9524 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:19:36.0031 9524 IpNat - ok
15:19:36.0062 9524 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:19:36.0062 9524 IPSec - ok
15:19:36.0109 9524 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:19:36.0109 9524 IRENUM - ok
15:19:36.0156 9524 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:19:36.0156 9524 isapnp - ok
15:19:36.0203 9524 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:19:36.0203 9524 Kbdclass - ok
15:19:36.0234 9524 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:19:36.0234 9524 kbdhid - ok
15:19:36.0265 9524 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:19:36.0265 9524 kmixer - ok
15:19:36.0312 9524 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:19:36.0312 9524 KSecDD - ok
15:19:36.0359 9524 lbrtfdc - ok
15:19:36.0421 9524 LHidFilt (ea57f9a93042d53256db4e2222b93b37) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
15:19:36.0421 9524 LHidFilt - ok
15:19:36.0453 9524 LMouFilt (8bd61e1f686d352b318b025524542128) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
15:19:36.0453 9524 LMouFilt - ok
15:19:36.0562 9524 LVcKap (8113133ec42dd6c566908008ce913edd) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
15:19:36.0562 9524 LVcKap - ok
15:19:36.0640 9524 LVMVDrv (0dd5b8af4917a2821047450195c511b3) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
15:19:36.0640 9524 LVMVDrv - ok
15:19:36.0734 9524 lvpopflt (e1158b0cb852db0573922c92e6e564de) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
15:19:36.0750 9524 lvpopflt - ok
15:19:36.0781 9524 LVPr2Mon (406b1d186f75b4b4832d6237859e1b00) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
15:19:36.0781 9524 LVPr2Mon - ok
15:19:36.0828 9524 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\WINDOWS\system32\drivers\LVUSBSta.sys
15:19:36.0828 9524 LVUSBSta - ok
15:19:36.0953 9524 LVUVC (eacd1eb2d82ed2adc753afeee1d4d660) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
15:19:36.0968 9524 LVUVC - ok
15:19:37.0000 9524 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:19:37.0000 9524 mnmdd - ok
15:19:37.0046 9524 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:19:37.0046 9524 Modem - ok
15:19:37.0109 9524 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:19:37.0109 9524 Mouclass - ok
15:19:37.0140 9524 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:19:37.0140 9524 mouhid - ok
15:19:37.0187 9524 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:19:37.0187 9524 MountMgr - ok
15:19:37.0250 9524 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
15:19:37.0250 9524 MpFilter - ok
15:19:37.0406 9524 MpKsl1a00a8fc - ok
15:19:37.0406 9524 MpKslf0b47760 - ok
15:19:37.0468 9524 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:19:37.0468 9524 mraid35x - ok
15:19:37.0500 9524 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:19:37.0500 9524 MRxDAV - ok
15:19:37.0546 9524 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:19:37.0546 9524 MRxSmb - ok
15:19:37.0609 9524 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:19:37.0609 9524 Msfs - ok
15:19:37.0656 9524 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:19:37.0656 9524 MSKSSRV - ok
15:19:37.0703 9524 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:19:37.0703 9524 MSPCLOCK - ok
15:19:37.0750 9524 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:19:37.0750 9524 MSPQM - ok
15:19:37.0796 9524 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:19:37.0796 9524 mssmbios - ok
15:19:37.0843 9524 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:19:37.0843 9524 MSTEE - ok
15:19:37.0921 9524 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:19:37.0921 9524 Mup - ok
15:19:37.0984 9524 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:19:37.0984 9524 NABTSFEC - ok
15:19:38.0046 9524 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:19:38.0046 9524 NDIS - ok
15:19:38.0093 9524 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:19:38.0093 9524 NdisIP - ok
15:19:38.0125 9524 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:19:38.0125 9524 NdisTapi - ok
15:19:38.0171 9524 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:19:38.0171 9524 Ndisuio - ok
15:19:38.0203 9524 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:19:38.0203 9524 NdisWan - ok
15:19:38.0250 9524 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:19:38.0250 9524 NDProxy - ok
15:19:38.0265 9524 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:19:38.0265 9524 NetBIOS - ok
15:19:38.0312 9524 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:19:38.0312 9524 NetBT - ok
15:19:38.0359 9524 NetworkX (a7d72ad0dc6919555c79a556fb5b2adc) C:\WINDOWS\system32\ckldrv.sys
15:19:38.0359 9524 NetworkX - ok
15:19:38.0375 9524 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:19:38.0375 9524 Npfs - ok
15:19:38.0390 9524 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:19:38.0406 9524 Ntfs - ok
15:19:38.0453 9524 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
15:19:38.0453 9524 NuidFltr - ok
15:19:38.0484 9524 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:19:38.0484 9524 Null - ok
15:19:38.0562 9524 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:19:38.0562 9524 nv - ok
15:19:38.0593 9524 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:19:38.0593 9524 NwlnkFlt - ok
15:19:38.0593 9524 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:19:38.0593 9524 NwlnkFwd - ok
15:19:38.0703 9524 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:19:38.0703 9524 Parport - ok
15:19:38.0750 9524 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:19:38.0750 9524 PartMgr - ok
15:19:38.0812 9524 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:19:38.0812 9524 ParVdm - ok
15:19:38.0843 9524 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:19:38.0843 9524 PCI - ok
15:19:38.0875 9524 PCIDump - ok
15:19:38.0953 9524 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:19:38.0953 9524 PCIIde - ok
15:19:39.0000 9524 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:19:39.0000 9524 Pcmcia - ok
15:19:39.0046 9524 PDCOMP - ok
15:19:39.0109 9524 PDFRAME - ok
15:19:39.0156 9524 PDRELI - ok
15:19:39.0218 9524 PDRFRAME - ok
15:19:39.0281 9524 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
15:19:39.0281 9524 perc2 - ok
15:19:39.0343 9524 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:19:39.0343 9524 perc2hib - ok
15:19:39.0406 9524 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:19:39.0406 9524 PptpMiniport - ok
15:19:39.0453 9524 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:19:39.0453 9524 PSched - ok
15:19:39.0453 9524 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:19:39.0453 9524 Ptilink - ok
15:19:39.0515 9524 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:19:39.0515 9524 PxHelp20 - ok
15:19:39.0578 9524 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:19:39.0578 9524 ql1080 - ok
15:19:39.0609 9524 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:19:39.0609 9524 Ql10wnt - ok
15:19:39.0640 9524 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:19:39.0640 9524 ql12160 - ok
15:19:39.0656 9524 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:19:39.0656 9524 ql1240 - ok
15:19:39.0718 9524 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:19:39.0718 9524 ql1280 - ok
15:19:39.0781 9524 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:19:39.0781 9524 RasAcd - ok
15:19:39.0828 9524 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:19:39.0828 9524 Rasl2tp - ok
15:19:39.0843 9524 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:19:39.0843 9524 RasPppoe - ok
15:19:39.0859 9524 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:19:39.0859 9524 Raspti - ok
15:19:39.0875 9524 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:19:39.0875 9524 Rdbss - ok
15:19:39.0921 9524 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:19:39.0921 9524 RDPCDD - ok
15:19:39.0968 9524 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:19:39.0968 9524 rdpdr - ok
15:19:40.0046 9524 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
15:19:40.0046 9524 RDPWD - ok
15:19:40.0109 9524 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:19:40.0109 9524 redbook - ok
15:19:40.0156 9524 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
15:19:40.0156 9524 RFCOMM - ok
15:19:40.0218 9524 SD (e17131d06232e43d63aa6bba98d1ee86) C:\WINDOWS\system32\DRIVERS\simdrv.sys
15:19:40.0218 9524 SD - ok
15:19:40.0250 9524 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:19:40.0250 9524 Secdrv - ok
15:19:40.0296 9524 Ser2pl (b490ad520257dda26c1d587a71e527b5) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
15:19:40.0296 9524 Ser2pl - ok
15:19:40.0312 9524 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:19:40.0312 9524 serenum - ok
15:19:40.0359 9524 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:19:40.0359 9524 Serial - ok
15:19:40.0437 9524 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:19:40.0437 9524 Sfloppy - ok
15:19:40.0453 9524 Simbad - ok
15:19:40.0500 9524 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:19:40.0500 9524 sisagp - ok
15:19:40.0546 9524 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:19:40.0546 9524 SLIP - ok
15:19:40.0562 9524 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:19:40.0562 9524 Sparrow - ok
15:19:40.0593 9524 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:19:40.0593 9524 splitter - ok
15:19:40.0625 9524 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:19:40.0625 9524 sr - ok
15:19:40.0671 9524 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:19:40.0671 9524 Srv - ok
15:19:40.0750 9524 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
15:19:40.0750 9524 StillCam - ok
15:19:40.0796 9524 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:19:40.0796 9524 streamip - ok
15:19:40.0843 9524 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:19:40.0843 9524 swenum - ok
15:19:40.0843 9524 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:19:40.0843 9524 swmidi - ok
15:19:40.0890 9524 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
15:19:40.0890 9524 symc810 - ok
15:19:40.0921 9524 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:19:40.0921 9524 symc8xx - ok
15:19:40.0953 9524 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:19:40.0953 9524 sym_hi - ok
15:19:41.0015 9524 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:19:41.0015 9524 sym_u3 - ok
15:19:41.0062 9524 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:19:41.0062 9524 sysaudio - ok
15:19:41.0140 9524 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:19:41.0140 9524 Tcpip - ok
15:19:41.0203 9524 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
15:19:41.0203 9524 Tcpip6 - ok
15:19:41.0250 9524 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:19:41.0250 9524 TDPIPE - ok
15:19:41.0312 9524 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:19:41.0312 9524 TDTCP - ok
15:19:41.0359 9524 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:19:41.0359 9524 TermDD - ok
15:19:41.0421 9524 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
15:19:41.0421 9524 tifsfilter - ok
15:19:41.0453 9524 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
15:19:41.0468 9524 timounter - ok
15:19:41.0500 9524 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
15:19:41.0500 9524 TosIde - ok
15:19:41.0593 9524 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
15:19:41.0593 9524 tunmp - ok
15:19:41.0640 9524 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:19:41.0640 9524 Udfs - ok
15:19:41.0687 9524 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
15:19:41.0687 9524 ultra - ok
15:19:41.0734 9524 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:19:41.0734 9524 Update - ok
15:19:41.0843 9524 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
15:19:41.0843 9524 USBAAPL - ok
15:19:41.0906 9524 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
15:19:41.0906 9524 usbaudio - ok
15:19:41.0968 9524 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:19:41.0968 9524 usbccgp - ok
15:19:42.0000 9524 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:19:42.0000 9524 usbehci - ok
15:19:42.0031 9524 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:19:42.0031 9524 usbhub - ok
15:19:42.0093 9524 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:19:42.0093 9524 usbprint - ok
15:19:42.0156 9524 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:19:42.0171 9524 usbscan - ok
15:19:42.0187 9524 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:19:42.0187 9524 USBSTOR - ok
15:19:42.0203 9524 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:19:42.0203 9524 usbuhci - ok
15:19:42.0250 9524 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
15:19:42.0250 9524 usbvideo - ok
15:19:42.0312 9524 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:19:42.0312 9524 VgaSave - ok
15:19:42.0359 9524 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:19:42.0359 9524 viaagp - ok
15:19:42.0421 9524 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:19:42.0421 9524 ViaIde - ok
15:19:42.0468 9524 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:19:42.0468 9524 VolSnap - ok
15:19:42.0546 9524 vusbbus (e40c43c2e46dd15219b217429e4838b9) C:\WINDOWS\system32\DRIVERS\vusbbus.sys
15:19:42.0546 9524 vusbbus - ok
15:19:42.0609 9524 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:19:42.0609 9524 Wanarp - ok
15:19:42.0671 9524 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:19:42.0687 9524 Wdf01000 - ok
15:19:42.0703 9524 WDICA - ok
15:19:42.0734 9524 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:19:42.0734 9524 wdmaud - ok
15:19:42.0828 9524 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:19:42.0828 9524 WSTCODEC - ok
15:19:42.0859 9524 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:19:42.0859 9524 WudfPf - ok
15:19:42.0875 9524 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:19:42.0890 9524 WudfRd - ok
15:19:42.0921 9524 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:19:43.0031 9524 \Device\Harddisk0\DR0 - ok
15:19:43.0046 9524 MBR (0x1B8) (06449e7c4af0550b77e260798769aa40) \Device\Harddisk1\DR3
15:19:43.0046 9524 \Device\Harddisk1\DR3 - ok
15:19:43.0046 9524 Boot (0x1200) (b5ddb26c4b0f02c7b05e48829d75fe95) \Device\Harddisk0\DR0\Partition0
15:19:43.0046 9524 \Device\Harddisk0\DR0\Partition0 - ok
15:19:43.0062 9524 Boot (0x1200) (a3041571a9d569c4d570d00604c94747) \Device\Harddisk1\DR3\Partition0
15:19:43.0062 9524 \Device\Harddisk1\DR3\Partition0 - ok
15:19:43.0062 9524 ============================================================
15:19:43.0062 9524 Scan finished
15:19:43.0062 9524 ============================================================
15:19:43.0062 9444 Detected object count: 0
15:19:43.0062 9444 Actual detected object count: 0
15:20:38.0296 9068 Deinitialize success


******************************************************************************************

ComboFix 11-12-12.02 - Chet 12/12/2011 15:09:43.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2427 [GMT -8:00]
Running from: J:\ComboFix.exe
Command switches used :: c:\documents and settings\Chet\Desktop\Cfscript..txt
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-12 to 2011-12-12 )))))))))))))))))))))))))))))))
.
.
2011-12-12 22:39 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-12-12 22:39 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\dllcache\netbt.sys
2011-12-12 21:46 . 2011-12-12 21:46 -------- d-----w- c:\documents and settings\Chet\fav tst
2011-12-12 20:09 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E49DB2E1-B0A2-4429-887C-9A713F462971}\mpengine.dll
2011-12-12 20:07 . 2011-12-12 20:07 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-12 00:31 . 2011-12-12 18:49 -------- d-----w- c:\program files\Wise PC Doctor
2011-12-11 22:09 . 2011-12-12 20:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-12-11 22:09 . 2011-12-12 18:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-10 20:21 . 2011-12-10 20:21 -------- d-----w- c:\documents and settings\Chet\Application Data\Malwarebytes
2011-12-10 20:21 . 2011-12-10 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-10 20:21 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-10 20:21 . 2011-12-12 20:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-10 18:31 . 2011-12-12 20:07 -------- d-s---w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 10:47 . 2011-09-21 01:52 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-10 14:22 . 2004-08-10 18:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-10 17:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-28 07:06 . 2004-08-10 17:50 599040 ----a-w- c:\windows\system32\crypt32(2)(3)(2).dll
2011-09-26 18:41 . 2010-03-18 17:09 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2004-08-10 17:51 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2004-08-10 17:51 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech BT Wizard"="LBTWiz.exe -silent" [X]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-14 16132608]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-14 138008]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-10-09 100888]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-10-09 100888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-14 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-14 162584]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-29 561213]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2008-9-22 679936]
Snagit 10.lnk - c:\program files\TechSmith\Snagit 10\Snagit32.exe [2010-4-13 7046984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-12-03 17:24 65536 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AirLink101\\IPCamera\\AirLink101 IP Camera Setup Wizard.exe"=
"c:\\Program Files\\AirLink101\\IPView Pro\\IPView Pro.exe"=
"c:\\Program Files\\Affixa\\AffixaTray.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dllhost.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\ArchestrA\\slssvc.exe"=
"c:\\Program Files\\Wonderware\\InTouch\\view.exe"=
"c:\\Program Files\\wLite\\wLite.exe"=
"c:\\Program Files\\wLite\\wService.exe"=
"c:\\Program Files\\Wonderware\\InTouch\\wm.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"502:TCP"= 502:TCP:*:Disabled:Modicon 502
"1434:UDP"= 1434:UDP:*:Disabled:SQL Server Browser 1434
"1433:TCP"= 1433:TCP:*:Disabled:SQL TCP 1433
"5413:TCP"= 5413:TCP:*:Disabled:Port 5413
"9001:TCP"= 9001:TCP:*:Disabled:vista 9001
"9002:TCP"= 9002:TCP:*:Disabled:EnvMngr 9002
"9003:TCP"= 9003:TCP:*:Disabled:MsgMngr 9003
"9004:TCP"= 9004:TCP:*:Disabled:SecMngr 9004
"9006:TCP"= 9006:TCP:*:Disabled:RedMngr 9006
"9007:TCP"= 9007:TCP:*:Disabled:UnilinkMngr 9007
"9011:TCP"= 9011:TCP:*:Disabled:LogMngr 9011
"9012:TCP"= 9012:TCP:*:Disabled:InfoMngr 9012
"9013:UDP"= 9013:UDP:*:Disabled:RedMngrX 9013
"9014:UDP"= 9014:UDP:*:Disabled:RedMngrX2 9014
"9015:TCP"= 9015:TCP:*:Disabled:HistQMngrvista 9015
"9016:TCP"= 9016:TCP:*:Disabled:HistQReader 9016
"44818:TCP"= 44818:TCP:*:Disabled:Logix 44818
"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Disabled:DHCP Discovery Service
.
R1 SD;Shunra WAN Emulator Miniport;c:\windows\system32\drivers\simdrv.sys [9/2/2007 5:26 PM 88728]
S1 MpKsl1a00a8fc;MpKsl1a00a8fc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8E7961E7-C80F-4915-B7C4-43009254A8CB}\MpKsl1a00a8fc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8E7961E7-C80F-4915-B7C4-43009254A8CB}\MpKsl1a00a8fc.sys [?]
S1 MpKslf0b47760;MpKslf0b47760;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{656D048F-9569-4866-B8F6-019503F2C575}\MpKslf0b47760.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{656D048F-9569-4866-B8F6-019503F2C575}\MpKslf0b47760.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/6/2011 11:49 PM 136176]
S3 AZNetsim;Network Simulator;c:\windows\system32\drivers\netsim.sys [7/29/2007 12:54 PM 67677]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [9/17/2008 4:15 PM 37296]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/6/2011 11:49 PM 136176]
S3 Shunra VE Service;Shunra VE Service;c:\program files\Shunra Virtual Enterprise\VE User Automation\Bin\WSManager.exe [8/6/2008 6:47 PM 1754392]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
S3 wxpSvc;webcamXP Service;c:\program files\wLite\wService.exe [8/9/2009 2:26 AM 3476480]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-07 07:49]
.
2011-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-07 07:49]
.
2011-12-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
.
2011-12-12 c:\windows\Tasks\User_Feed_Synchronization-{004E706D-BE83-4AA0-A38C-B3F1A3AAFC8B}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.drudgereport.com/
mStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.0.1
DPF: {0F1B49C0-9894-4696-8E8D-DB1F5D02FBAB} - hxxp://24.43.107.125:50000/UltraMJCamX.cab
FF - ProfilePath - c:\documents and settings\Chet\Application Data\Mozilla\Firefox\Profiles\2gq7q8gf.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-12 15:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wxpSvc]
"ImagePath"="c:\program files\wLite\wService.exe /startedbyscm:5053B757-40E35B3B-webcamSRV"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1044)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(8552)
c:\windows\system32\WININET.dll
c:\program files\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-12-12 15:16:18
ComboFix-quarantined-files.txt 2011-12-12 23:16
ComboFix2.txt 2011-12-12 22:59
.
Pre-Run: 232,246,898,688 bytes free
Post-Run: 232,226,525,184 bytes free
.
- - End Of File - - BD6D558C8A24BBB38F56A61FC92618A3

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:37 PM

Posted 12 December 2011 - 07:51 PM

Hi

Please navigate to C:\Qoobox\ComboFix2.txt and post that log, also was there an earlier TDSSKiller log? (should be on your C:\ drive)


please stay with me till I give the "all clear", there may be leftovers


please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Edited by CatByte, 12 December 2011 - 07:52 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 chettt

chettt
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 13 December 2011 - 02:06 AM

There was an earlier TDSSKiller logfile but I unfortunately overwrote it with another scan. I remember that it did find and fix
some kind of rootkit problem associated with the TCP/IP stack. A

lso an earlier MalwareByte scan also found and removed several items including a nasty little Rogue.FakeHHD virus.
I added those lines to the end of the most recent Malware report.

Also MS Essentials (my primary AVS) found and fixed 30 Trojan.



Thanks again for what you do.

****************************************************************************************************
C:\Qoobox\ComboFix2.txt
ComboFix 11-12-12.02 - Chet 12/12/2011 14:41:33.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2501 [GMT -8:00]
Running from: J:\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Chet\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
c:\documents and settings\Chet\g2mdlhlpx.exe
c:\documents and settings\Chet\GoToAssistDownloadHelper.exe
c:\documents and settings\Chet\WINDOWS
c:\windows\$NtUninstallKB10566$
c:\windows\$NtUninstallKB10566$\3131073452
c:\windows\$NtUninstallKB10566$\3495950617\@
c:\windows\$NtUninstallKB10566$\3495950617\bckfg.tmp
c:\windows\$NtUninstallKB10566$\3495950617\cfg.ini
c:\windows\$NtUninstallKB10566$\3495950617\Desktop.ini
c:\windows\$NtUninstallKB10566$\3495950617\keywords
c:\windows\$NtUninstallKB10566$\3495950617\kwrd.dll
c:\windows\$NtUninstallKB10566$\3495950617\L\odetmngk
c:\windows\$NtUninstallKB10566$\3495950617\lsflt7.ver
c:\windows\$NtUninstallKB10566$\3495950617\U\00000001.@
c:\windows\$NtUninstallKB10566$\3495950617\U\00000002.@
c:\windows\$NtUninstallKB10566$\3495950617\U\00000004.@
c:\windows\$NtUninstallKB10566$\3495950617\U\80000000.@
c:\windows\$NtUninstallKB10566$\3495950617\U\80000004.@
c:\windows\$NtUninstallKB10566$\3495950617\U\80000032.@
c:\windows\dasetup.log
c:\windows\system32\Thumbs.db
c:\windows\XSxS
.
Infected copy of c:\windows\system32\drivers\netbt.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((( Files Created from 2011-11-12 to 2011-12-12 )))))))))))))))))))))))))))))))
.
.
2011-12-12 21:46 . 2011-12-12 21:46 -------- d-----w- c:\documents and settings\Chet\fav tst
2011-12-12 20:09 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E49DB2E1-B0A2-4429-887C-9A713F462971}\mpengine.dll
2011-12-12 20:07 . 2011-12-12 20:07 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-12 00:31 . 2011-12-12 18:49 -------- d-----w- c:\program files\Wise PC Doctor
2011-12-11 22:09 . 2011-12-12 20:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-12-11 22:09 . 2011-12-12 18:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-10 20:21 . 2011-12-10 20:21 -------- d-----w- c:\documents and settings\Chet\Application Data\Malwarebytes
2011-12-10 20:21 . 2011-12-10 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-10 20:21 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-10 20:21 . 2011-12-12 20:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-10 18:31 . 2011-12-12 20:07 -------- d-s---w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 10:47 . 2011-09-21 01:52 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-10 14:22 . 2004-08-10 18:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-10 17:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-28 07:06 . 2004-08-10 17:50 599040 ----a-w- c:\windows\system32\crypt32(2)(3)(2).dll
2011-09-26 18:41 . 2010-03-18 17:09 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2004-08-10 17:51 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2004-08-10 17:51 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech BT Wizard"="LBTWiz.exe -silent" [X]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-14 16132608]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-14 138008]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-10-09 100888]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-10-09 100888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-14 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-14 162584]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-29 561213]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2008-9-22 679936]
Snagit 10.lnk - c:\program files\TechSmith\Snagit 10\Snagit32.exe [2010-4-13 7046984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-12-03 17:24 65536 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AirLink101\\IPCamera\\AirLink101 IP Camera Setup Wizard.exe"=
"c:\\Program Files\\AirLink101\\IPView Pro\\IPView Pro.exe"=
"c:\\Program Files\\Affixa\\AffixaTray.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dllhost.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\ArchestrA\\slssvc.exe"=
"c:\\Program Files\\Wonderware\\InTouch\\view.exe"=
"c:\\Program Files\\wLite\\wLite.exe"=
"c:\\Program Files\\wLite\\wService.exe"=
"c:\\Program Files\\Wonderware\\InTouch\\wm.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"502:TCP"= 502:TCP:*:Disabled:Modicon 502
"1434:UDP"= 1434:UDP:*:Disabled:SQL Server Browser 1434
"1433:TCP"= 1433:TCP:*:Disabled:SQL TCP 1433
"5413:TCP"= 5413:TCP:*:Disabled:Port 5413
"9001:TCP"= 9001:TCP:*:Disabled:vista 9001
"9002:TCP"= 9002:TCP:*:Disabled:EnvMngr 9002
"9003:TCP"= 9003:TCP:*:Disabled:MsgMngr 9003
"9004:TCP"= 9004:TCP:*:Disabled:SecMngr 9004
"9006:TCP"= 9006:TCP:*:Disabled:RedMngr 9006
"9007:TCP"= 9007:TCP:*:Disabled:UnilinkMngr 9007
"9011:TCP"= 9011:TCP:*:Disabled:LogMngr 9011
"9012:TCP"= 9012:TCP:*:Disabled:InfoMngr 9012
"9013:UDP"= 9013:UDP:*:Disabled:RedMngrX 9013
"9014:UDP"= 9014:UDP:*:Disabled:RedMngrX2 9014
"9015:TCP"= 9015:TCP:*:Disabled:HistQMngrvista 9015
"9016:TCP"= 9016:TCP:*:Disabled:HistQReader 9016
"44818:TCP"= 44818:TCP:*:Disabled:Logix 44818
"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Disabled:DHCP Discovery Service
.
R1 SD;Shunra WAN Emulator Miniport;c:\windows\system32\drivers\simdrv.sys [9/2/2007 5:26 PM 88728]
S1 MpKsl1a00a8fc;MpKsl1a00a8fc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8E7961E7-C80F-4915-B7C4-43009254A8CB}\MpKsl1a00a8fc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8E7961E7-C80F-4915-B7C4-43009254A8CB}\MpKsl1a00a8fc.sys [?]
S1 MpKslf0b47760;MpKslf0b47760;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{656D048F-9569-4866-B8F6-019503F2C575}\MpKslf0b47760.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{656D048F-9569-4866-B8F6-019503F2C575}\MpKslf0b47760.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/6/2011 11:49 PM 136176]
S3 AZNetsim;Network Simulator;c:\windows\system32\drivers\netsim.sys [7/29/2007 12:54 PM 67677]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [9/17/2008 4:15 PM 37296]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/6/2011 11:49 PM 136176]
S3 Shunra VE Service;Shunra VE Service;c:\program files\Shunra Virtual Enterprise\VE User Automation\Bin\WSManager.exe [8/6/2008 6:47 PM 1754392]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
S3 wxpSvc;webcamXP Service;c:\program files\wLite\wService.exe [8/9/2009 2:26 AM 3476480]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-07 07:49]
.
2011-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-07 07:49]
.
2011-12-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
.
2011-12-12 c:\windows\Tasks\User_Feed_Synchronization-{004E706D-BE83-4AA0-A38C-B3F1A3AAFC8B}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.drudgereport.com/
mStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.0.1
DPF: {0F1B49C0-9894-4696-8E8D-DB1F5D02FBAB} - hxxp://24.43.107.125:50000/UltraMJCamX.cab
FF - ProfilePath - c:\documents and settings\Chet\Application Data\Mozilla\Firefox\Profiles\2gq7q8gf.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-12 14:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wxpSvc]
"ImagePath"="c:\program files\wLite\wService.exe /startedbyscm:5053B757-40E35B3B-webcamSRV"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1044)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(1392)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\program files\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\ArchestrA\aaLogger.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\crypserv.exe
c:\program files\Common Files\ArchestrA\NTServApp.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Common Files\ArchestrA\slssvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\SetPoint\LBTWiz.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
c:\program files\TechSmith\Snagit 10\TSCHelp.exe
c:\program files\TechSmith\Snagit 10\SnagPriv.exe
c:\program files\TechSmith\Snagit 10\snagiteditor.exe
.
**************************************************************************
.
Completion time: 2011-12-12 14:59:40 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-12 22:59
.
Pre-Run: 230,163,906,560 bytes free
Post-Run: 232,232,919,040 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - F3281062CC0C82F27B7C37BBB26E0077

*******************************************************************************



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8362

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/12/2011 5:43:38 PM
mbam-log-2011-12-12 (17-43-38).txt

Scan type: Quick scan
Objects scanned: 216246
Time elapsed: 7 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

****************************************************************************************************
**** The following lines are from earlier Malwarebytes scans ***************


Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\funwebproducts\Installr\1.bin\F3EZSETP.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\1.bin\F3PLUGIN.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\1.bin\NPFUNWEB.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.

c:\documents and settings\Chet\application data\Sun\Java\deployment\cache\6.0\57\64bc2e79-212161bb (Rogue.FakeHDD) -> Quarantined and deleted successfully.


Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

**************************************************************************************************************
ESETSCAN.TXT


C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\netbt.sys.vir a variant of Win32/Rootkit.Kryptik.GG trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1471\A0108706.sys a variant of Win32/Rootkit.Kryptik.GG trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1471\A0109706.sys a variant of Win32/Rootkit.Kryptik.GG trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1472\A0110706.sys a variant of Win32/Rootkit.Kryptik.GG trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1473\A0111706.sys a variant of Win32/Rootkit.Kryptik.GG trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1474\A0111815.sys a variant of Win32/Rootkit.Kryptik.GG trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1477\A0111854.exe multiple threats
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1477\A0111900.sys a variant of Win32/Rootkit.Kryptik.GG trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1477\A0111922.sys a variant of Win32/Rootkit.Kryptik.GG trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1477\A0112922.sys a variant of Win32/Rootkit.Kryptik.GG trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1479\A0113922.sys a variant of Win32/Rootkit.Kryptik.GG trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1480\A0114168.sys a variant of Win32/Rootkit.Kryptik.GG trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1482\A0114272.sys a variant of Win32/Rootkit.Kryptik.GG trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1482\A0115271.sys a variant of Win32/Rootkit.Kryptik.GG trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1482\A0117271.sys a variant of Win32/Rootkit.Kryptik.GG trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1482\A0118271.sys a variant of Win32/Rootkit.Kryptik.GG trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1483\A0119342.sys a variant of Win32/Rootkit.Kryptik.GG trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1484\A0119809.exe multiple threats
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1484\A0119849.sys a variant of Win32/Rootkit.Kryptik.GG trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1485\A0120723.sys a variant of Win32/Rootkit.Kryptik.GG trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1487\A0121723.sys a variant of Win32/Rootkit.Kryptik.GG trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1488\A0121807.sys a variant of Win32/Rootkit.Kryptik.GG trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1489\A0121927.exe multiple threats
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1489\A0122784.sys a variant of Win32/Rootkit.Kryptik.GG trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1489\A0123131.sys a variant of Win32/Rootkit.Kryptik.GG trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1490\A0125131.sys a variant of Win32/Rootkit.Kryptik.GG trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1492\A0125183.exe multiple threats
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1492\A0126682.sys a variant of Win32/Rootkit.Kryptik.GG trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1492\A0126695.sys a variant of Win32/Rootkit.Kryptik.GG trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1492\A0127044.exe Win32/PrcView application
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1492\A0127108.sys a variant of Win32/Rootkit.Kryptik.GG trojan
I:\RECYCLER\S-1-5-21-1547161642-1580436667-839522115-1004\Dh37.dll a variant of Win32/Adware.Toolbar.Shopper.AA application
I:\Rick\PerfectUninstaller_Setup.exe a variant of Win32/PerfectUninstaller application

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:37 PM

Posted 13 December 2011 - 09:31 AM

OK, good,

the items ESET found are in old restore points or quarantine already, which we will clean up shortly.

Please run the following:


(note: disable your security programs first before running TFC)

Download TFC to your desktop
Mirror
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean


NEXT



Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 and Save it to your Desktop.
  • Scroll down to where it says Java SE 6 Update 29
  • Click the Download button under JRE to the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u29-windows-i586.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


NEXT



Please post a fresh DDS Log and advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 chettt

chettt
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 13 December 2011 - 01:34 PM

Hi There

1) Ran TFC.
2) Loaded ner Adobe Reader.
3) Deleted Old Java.
4) Loaded newest JAVA version ( This is ver JRE-7u2)
In this Java version there are 3 check boxes in the delete file section. I checked the 2 you suggested an left the third one unchecked.(Installed applications and applets?). Should I delete these too?

The computer seems to be running very well, thanks.

Question... I think I got messed up when I uploaded some pictures from my friends USB thumb drive. I'd like to verify the drive is compromised but I'm afraid to plug it back in to scan it. Any suggestions?

Love the curls - Chet


*******************************************************************************************
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.2.0
Run by Chet at 10:19:06 on 2011-12-13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2078 [GMT -8:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
svchost.exe
C:\Program Files\Common Files\ArchestrA\aaLogger.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
svchost.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\ArchestrA\NTServApp.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Common Files\ArchestrA\slssvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\SetPoint\LBTWiz.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\TechSmith\Snagit 10\Snagit32.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\TechSmith\Snagit 10\TSCHelp.exe
C:\Program Files\TechSmith\Snagit 10\SnagPriv.exe
C:\Program Files\TechSmith\Snagit 10\snagiteditor.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.drudgereport.com/
mStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"
mRun: [Logitech BT Wizard] LBTWiz.exe -silent
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 10\Snagit32.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {0F1B49C0-9894-4696-8E8D-DB1F5D02FBAB} - hxxp://24.43.107.125:50000/UltraMJCamX.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226620039843
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{A9DF4117-B3DF-42D1-8C01-D42A0F46BC3F} : DhcpNameServer = 192.168.1.1 68.238.64.12
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\chet\application data\mozilla\firefox\profiles\2gq7q8gf.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 SD;Shunra WAN Emulator Miniport;c:\windows\system32\drivers\simdrv.sys [2007-9-2 88728]
S1 MpKsl1a00a8fc;MpKsl1a00a8fc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8e7961e7-c80f-4915-b7c4-43009254a8cb}\mpksl1a00a8fc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8e7961e7-c80f-4915-b7c4-43009254a8cb}\MpKsl1a00a8fc.sys [?]
S1 MpKslf0b47760;MpKslf0b47760;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{656d048f-9569-4866-b8f6-019503f2c575}\mpkslf0b47760.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{656d048f-9569-4866-b8f6-019503f2c575}\MpKslf0b47760.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-6 136176]
S3 AZNetsim;Network Simulator;c:\windows\system32\drivers\netsim.sys [2007-7-29 67677]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2008-9-17 37296]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-6 136176]
S3 Shunra VE Service;Shunra VE Service;c:\program files\shunra virtual enterprise\ve user automation\bin\WSManager.exe [2008-8-6 1754392]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-12-13 18:15:13 -------- d-----w- c:\documents and settings\chet\local settings\application data\Sun
2011-12-13 18:11:25 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2011-12-13 18:11:25 141312 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-13 18:09:06 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1e06528c-7c21-4f25-9f80-a972b7ac1a43}\offreg.dll
2011-12-13 02:06:57 -------- d-----w- c:\program files\ESET
2011-12-12 23:57:10 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1e06528c-7c21-4f25-9f80-a972b7ac1a43}\mpengine.dll
2011-12-12 22:39:01 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-12-12 22:39:01 162816 ----a-w- c:\windows\system32\dllcache\netbt.sys
2011-12-12 22:37:08 -------- d-sha-r- C:\cmdcons
2011-12-12 22:34:05 98816 ----a-w- c:\windows\sed.exe
2011-12-12 22:34:05 518144 ----a-w- c:\windows\SWREG.exe
2011-12-12 22:34:05 256000 ----a-w- c:\windows\PEV.exe
2011-12-12 22:34:05 208896 ----a-w- c:\windows\MBR.exe
2011-12-12 21:46:20 -------- d-----w- c:\documents and settings\chet\fav tst
2011-12-12 20:07:36 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-12-12 20:07:36 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-12 00:31:23 -------- d-----w- c:\program files\Wise PC Doctor
2011-12-11 22:09:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-11 22:09:43 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-12-10 20:21:47 -------- d-----w- c:\documents and settings\chet\application data\Malwarebytes
2011-12-10 20:21:32 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-10 20:21:29 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-10 20:21:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-12-13 18:11:08 567184 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-13 01:01:31 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32(2)(3)(2).dll
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 10:19:57.15 ===============

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:37 PM

Posted 13 December 2011 - 02:39 PM

Yes, that could be, Use the following program on the USB drive, but if there is nothing really important on it, then just reformat it completely rather than take the risk


Download Flash_Disinfector.exe from HERE and save it to your desktop.

  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

You can then run an online scanner on the drive, just don't open the drive.


the rest of your computer is clean,

Installed applications and applets

as long as you have the up to date version, then you should be fine


we just have some housekeeping to do now,

please do the following:


You can delete the TDSSKiller, DDS and GMER logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 chettt

chettt
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 13 December 2011 - 03:07 PM

should I run the ESET scan again and let it get rid of the items in the restore files?

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:37 PM

Posted 13 December 2011 - 03:23 PM

no need, that will be done when you perform the cleanup routine with ComboFix

If you want to be certain, manually set a new restore point and remove the old:


Click Start > Run > copy and paste the following into the run box:

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next.
Name it (something you'll remember) and click Create,
when the confirmation screen shows the restore point has been created click Close.

Now remove all previous Restore Points:
Click Start > Run > copy and paste the following into the run box:

cleanmgr

Choose to scan drive C:\ (if C:\ is your main drive) At the top, click on More Options tab. Click the Clean up button in the System Restore box.
Click on the Yes button.
When finished, click on Cancel button to exit.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 chettt

chettt
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 13 December 2011 - 09:59 PM

I think everything's as good as it gets!

Thanks again - Chet

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:37 PM

Posted 13 December 2011 - 11:05 PM

you are welcome

stay safe :hello:

~CB

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:37 PM

Posted 13 December 2011 - 11:06 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users