Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with XP Home Security 2012


  • This topic is locked This topic is locked
27 replies to this topic

#1 lfockler

lfockler

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 11 January 2012 - 09:22 PM

Dear Bleeping Computer,

My computer was recently infected with XP windows home security 2012. I believe I was able to remove most of it by running FixNCR.reg, rkill.exe, tdsskiller.exe and a full maleware scan. (I also ran combofix unsupervised!). I installed Avast and did a couple of full boot scans until no infected files were found.

However, my computer is still acting suspiciously. Windows security keeps telling me that auto updates are turned off, but the control panel says otherwise. McAfee is also installed and continues to pop up a message that says real-time scanning is turned off, when I turn it on repeatedly. Am I still infected or are various anti-virus software conflicting?

Also, my 2TB Seagate external hard drive is no longer being recognized by my xp machine or my windows 7 laptop. It fails to find a driver and shows up as an unknown USB device. I fear it has become infected when I was trying to back up files to it before removing the virus. Is there any hope to recover the data on the drive? Unfortunately, I don't have another backup.

Please see the DDS log below and attachment. I was only able to run GMER in safe mode - the log has also been attached. GMER crashed my system several times in normal mode (blue screen, memory dump and reboot). My computer has been running extremely slow since GMER crashed it. I'm not sure what processes are bogging it down but I get periodic visual C++ runtime library errors.

Thanks in advance for all your help!

Sincerely,
Leslie


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by HP_Administrator at 19:52:02 on 2012-01-09
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.278 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://att.my.yahoo.com/?_bc=1
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = https://isp.member.yahoo.com/regisp/y/rdx?https://edit.client.yahoo.com/sbc/register?.scrumb=0
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: UberButton Class: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: YahooTaggedBM Class: {65d886a2-7ca7-479b-bb95-14d1efb7946a} - c:\progra~1\yahoo!\common\YIeTagBm.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120108133811.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - blank
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [HLBackupScheduler] c:\program files\verizon v cast media manager\V CAST Backup Scheduler.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [RoxioDragToDisc] "c:\program files\roxio\easy media creator 8\drag to disc\DrgToDsc.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\sharedcom8\RoxWatchTray.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\at&tse~1.lnk - c:\program files\sbc self support tool\bin\matcli.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{b8221906-224a-4494-bb97-55fc63740019}\Icon3E5562ED7.ico
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://download.yahoo.com/dl/installs/yab_af.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - hxxp://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
TCP: DhcpNameServer = 192.168.0.1 192.168.0.1
TCP: Interfaces\{2DA6A13C-BB68-40CF-82B2-2DAC713A671A} : DhcpNameServer = 192.168.0.1 192.168.0.1
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\w3jmaia0.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z134&form=ZGAADF&install_date=20111104&q=
FF - plugin: c:\documents and settings\hp_administrator\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-10-15 464176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-1 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-1 314456]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2012-1-8 84200]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl30845dd9;MpKsl30845dd9;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f62d9a4f-5731-4345-9ff5-09c0e15b0660}\MpKsl30845dd9.sys [2012-1-9 29904]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-1 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-1 44768]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-5-1 181544]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-1-8 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-1-8 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-1-8 271480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-1-8 271480]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-1-8 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2012-1-8 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-1-8 150856]
R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-1-8 56064]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-1-8 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-1-8 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-1-8 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2012-1-8 88736]
S1 MpKsl3a111680;MpKsl3a111680;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f62d9a4f-5731-4345-9ff5-09c0e15b0660}\mpksl3a111680.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f62d9a4f-5731-4345-9ff5-09c0e15b0660}\MpKsl3a111680.sys [?]
S1 MpKsld91721eb;MpKsld91721eb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f62d9a4f-5731-4345-9ff5-09c0e15b0660}\mpksld91721eb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f62d9a4f-5731-4345-9ff5-09c0e15b0660}\MpKsld91721eb.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-1 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-1 136176]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2012-1-8 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-1-8 84488]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2003-8-28 189792]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-01-09 22:21:59 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f62d9a4f-5731-4345-9ff5-09c0e15b0660}\MpKsl30845dd9.sys
2012-01-09 22:20:47 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f62d9a4f-5731-4345-9ff5-09c0e15b0660}\offreg.dll
2012-01-08 18:38:12 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2012-01-08 18:38:09 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-01-08 18:37:44 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2012-01-08 18:37:41 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2012-01-08 18:37:40 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-01-08 18:37:37 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-01-08 18:37:35 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-01-08 18:37:35 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-01-08 18:37:32 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-01-08 18:37:10 -------- d-----w- c:\program files\McAfee.com
2012-01-08 18:35:21 150856 ----a-w- c:\windows\system32\mfevtps.exe
2012-01-08 04:20:50 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f62d9a4f-5731-4345-9ff5-09c0e15b0660}\mpengine.dll
2012-01-08 04:20:50 222080 ------w- c:\windows\system32\MpSigStub.exe
2012-01-08 04:15:04 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-07 15:51:33 -------- d-----w- c:\program files\CCleaner
2012-01-01 21:05:26 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-01 21:04:19 41184 ----a-w- c:\windows\avastSS.scr
2012-01-01 21:03:24 -------- d-----w- c:\program files\AVAST Software
2012-01-01 21:03:24 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-01-01 18:58:54 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-01-01 18:58:54 57600 ----a-w- c:\windows\system32\dllcache\redbook.sys
2012-01-01 18:52:42 -------- d-sha-r- C:\cmdcons
2012-01-01 18:43:47 98816 ----a-w- c:\windows\sed.exe
2012-01-01 18:43:47 518144 ----a-w- c:\windows\SWREG.exe
2012-01-01 18:43:47 256000 ----a-w- c:\windows\PEV.exe
2012-01-01 18:43:47 208896 ----a-w- c:\windows\MBR.exe
2011-12-30 18:37:58 -------- d-----w- C:\TDSSKiller_Quarantine
2011-12-30 17:43:27 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\Nero_AG
2011-12-30 00:33:33 -------- d-----w- c:\documents and settings\hp_administrator\application data\Malwarebytes
2011-12-30 00:31:56 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-30 00:31:52 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-30 00:31:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-18 22:31:58 -------- d-sh--w- c:\documents and settings\hp_administrator\IECompatCache
2011-12-18 20:56:54 -------- d-----w- c:\documents and settings\hp_administrator\application data\vmntemplate
2011-12-18 03:10:51 -------- d-----w- c:\documents and settings\hp_administrator\application data\DDMSettings
2011-12-13 04:02:34 -------- d-----w- c:\program files\iTunes
.
==================== Find3M ====================
.
2012-01-10 00:12:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 00:08:03 21419 ----a-w- c:\windows\system32\drivers\iPassP.sys
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 18:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-20 23:26:22 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-10-15 17:16:16 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-15 17:16:16 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
.
============= FINISH: 19:54:58.42 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:32 AM

Posted 18 January 2012 - 11:20 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/437615 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 lfockler

lfockler
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 18 January 2012 - 09:56 PM

I am still having the problems described above. I have not made any attempt to fix the problems since I posted the original note. I am working on generating new DDS and GMER logs. However, my computer is running very slowly so it may take a couple of days to post new logs. Please let me know if you have any other questions in the meantime.

Thanks,
Leslie

#4 lfockler

lfockler
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 18 January 2012 - 10:38 PM

Please see DDS log below and attachment (run in safe mode):


.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by HP_Administrator at 22:26:58 on 2012-01-18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.677 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://att.my.yahoo.com/?_bc=1
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = https://isp.member.yahoo.com/regisp/y/rdx?https://edit.client.yahoo.com/sbc/register?.scrumb=0
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: UberButton Class: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: YahooTaggedBM Class: {65d886a2-7ca7-479b-bb95-14d1efb7946a} - c:\progra~1\yahoo!\common\YIeTagBm.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120108133811.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - blank
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [HLBackupScheduler] c:\program files\verizon v cast media manager\V CAST Backup Scheduler.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [RoxioDragToDisc] "c:\program files\roxio\easy media creator 8\drag to disc\DrgToDsc.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\sharedcom8\RoxWatchTray.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\at&tse~1.lnk - c:\program files\sbc self support tool\bin\matcli.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{b8221906-224a-4494-bb97-55fc63740019}\Icon3E5562ED7.ico
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://download.yahoo.com/dl/installs/yab_af.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - hxxp://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\w3jmaia0.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z134&form=ZGAADF&install_date=20111104&q=
FF - plugin: c:\documents and settings\hp_administrator\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
.
============= SERVICES / DRIVERS ===============
.
S0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-10-15 464176]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-1 435032]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-1 314456]
S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2012-1-8 84200]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
S1 MpKsl3a111680;MpKsl3a111680;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f62d9a4f-5731-4345-9ff5-09c0e15b0660}\mpksl3a111680.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f62d9a4f-5731-4345-9ff5-09c0e15b0660}\MpKsl3a111680.sys [?]
S1 MpKsl568beaaa;MpKsl568beaaa;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8fc720f7-0433-4fba-84ba-b58bc95bd83c}\MpKsl568beaaa.sys [2012-1-18 29904]
S1 MpKsl87580189;MpKsl87580189;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8fc720f7-0433-4fba-84ba-b58bc95bd83c}\mpksl87580189.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8fc720f7-0433-4fba-84ba-b58bc95bd83c}\MpKsl87580189.sys [?]
S1 MpKsld91721eb;MpKsld91721eb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f62d9a4f-5731-4345-9ff5-09c0e15b0660}\mpksld91721eb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f62d9a4f-5731-4345-9ff5-09c0e15b0660}\MpKsld91721eb.sys [?]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-1 20568]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-1 44768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-5-1 181544]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-1 136176]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-1-8 271480]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-1-8 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-1-8 271480]
S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-1-8 271480]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-1-8 171168]
S2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2012-1-8 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-1-8 150856]
S2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-1-8 56064]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-1 136176]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-1-8 153280]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-1-8 52320]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-1-8 314088]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2012-1-8 88736]
S3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2012-1-8 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-1-8 84488]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2003-8-28 189792]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-01-19 03:03:26 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-01-19 02:57:38 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\PCHealth
2012-01-19 02:08:26 -------- d-----w- C:\5562edb7ff858339c72dd20eafb7
2012-01-19 01:44:21 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8fc720f7-0433-4fba-84ba-b58bc95bd83c}\MpKsl568beaaa.sys
2012-01-19 01:43:49 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8fc720f7-0433-4fba-84ba-b58bc95bd83c}\offreg.dll
2012-01-12 02:43:22 6823496 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8fc720f7-0433-4fba-84ba-b58bc95bd83c}\mpengine.dll
2012-01-08 18:38:12 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2012-01-08 18:38:09 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-01-08 18:37:44 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2012-01-08 18:37:41 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2012-01-08 18:37:40 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-01-08 18:37:37 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-01-08 18:37:35 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-01-08 18:37:35 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-01-08 18:37:32 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-01-08 18:37:10 -------- d-----w- c:\program files\McAfee.com
2012-01-08 18:35:21 150856 ----a-w- c:\windows\system32\mfevtps.exe
2012-01-08 04:20:50 222080 ------w- c:\windows\system32\MpSigStub.exe
2012-01-08 04:15:04 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-07 15:51:33 -------- d-----w- c:\program files\CCleaner
2012-01-01 21:05:26 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-01 21:04:19 41184 ----a-w- c:\windows\avastSS.scr
2012-01-01 21:03:24 -------- d-----w- c:\program files\AVAST Software
2012-01-01 21:03:24 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-01-01 18:58:54 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-01-01 18:58:54 57600 ----a-w- c:\windows\system32\dllcache\redbook.sys
2012-01-01 18:52:42 -------- d-sha-r- C:\cmdcons
2012-01-01 18:43:47 98816 ----a-w- c:\windows\sed.exe
2012-01-01 18:43:47 518144 ----a-w- c:\windows\SWREG.exe
2012-01-01 18:43:47 208896 ----a-w- c:\windows\MBR.exe
2011-12-30 18:37:58 -------- d-----w- C:\TDSSKiller_Quarantine
2011-12-30 17:43:27 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\Nero_AG
2011-12-30 00:33:33 -------- d-----w- c:\documents and settings\hp_administrator\application data\Malwarebytes
2011-12-30 00:31:56 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-30 00:31:52 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-30 00:31:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2012-01-10 00:12:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 00:08:03 21419 ----a-w- c:\windows\system32\drivers\iPassP.sys
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 18:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 22:29:20.06 ===============

Attached Files



#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:32 AM

Posted 19 January 2012 - 02:19 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 lfockler

lfockler
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 19 January 2012 - 08:56 PM

Latest GMER log is attached (run in safe mode).

Attached Files

  • Attached File  gmer.zip   29.97KB   1 downloads


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:32 AM

Posted 19 January 2012 - 09:04 PM

Hello

see post above


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 lfockler

lfockler
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 19 January 2012 - 10:09 PM

Just following up with the GMER log I promised in my first post.

Combofix is still running on my infected computer. I'll post the log when it is finished ...

Thanks,
Leslie

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:32 AM

Posted 19 January 2012 - 10:47 PM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 lfockler

lfockler
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 19 January 2012 - 11:58 PM

Please see combofix log below. I was able to run it while in normal mode. McAfee popped up while it was running, trying to block it, even though I disabled it. Computer is still running very slowly.

Thanks,
Leslie


ComboFix 12-01-19.02 - HP_Administrator 01/19/2012 21:09:02.3.1 - x86
Running from: c:\documents and settings\HP_Administrator\Desktop\anti-virus stuff\Jan18\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2011-12-20 to 2012-01-20 )))))))))))))))))))))))))))))))
.
.
2012-01-20 01:01 . 2012-01-20 01:01 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8FC720F7-0433-4FBA-84BA-B58BC95BD83C}\MpKsl913fbca3.sys
2012-01-20 00:57 . 2012-01-20 00:57 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8FC720F7-0433-4FBA-84BA-B58BC95BD83C}\offreg.dll
2012-01-19 03:03 . 2012-01-19 03:03 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-19 02:57 . 2012-01-19 02:57 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\PCHealth
2012-01-19 02:08 . 2012-01-19 02:53 -------- d-----w- C:\5562edb7ff858339c72dd20eafb7
2012-01-19 01:44 . 2012-01-19 01:44 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8FC720F7-0433-4FBA-84BA-B58BC95BD83C}\MpKsl568beaaa.sys
2012-01-12 02:43 . 2011-11-30 07:21 6823496 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8FC720F7-0433-4FBA-84BA-B58BC95BD83C}\mpengine.dll
2012-01-10 03:41 . 2012-01-10 03:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2012-01-08 18:38 . 2011-04-14 19:01 24376 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll
2012-01-08 18:38 . 2011-04-14 19:01 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-01-08 18:37 . 2011-04-14 19:01 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2012-01-08 18:37 . 2011-04-14 19:01 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2012-01-08 18:37 . 2011-04-14 19:01 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-01-08 18:37 . 2011-04-14 19:01 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-01-08 18:37 . 2011-04-14 19:01 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-01-08 18:37 . 2011-04-14 19:01 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-01-08 18:37 . 2011-04-14 19:01 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-01-08 18:37 . 2012-01-08 18:37 -------- d-----w- c:\program files\McAfee.com
2012-01-08 18:35 . 2011-11-18 21:36 150856 ----a-w- c:\windows\system32\mfevtps.exe
2012-01-08 04:20 . 2011-11-15 19:29 222080 ------w- c:\windows\system32\MpSigStub.exe
2012-01-08 04:15 . 2012-01-08 04:16 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-07 15:51 . 2012-01-07 15:51 -------- d-----w- c:\program files\CCleaner
2012-01-01 21:05 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-01-01 21:05 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-01-01 21:05 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-01-01 21:05 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-01-01 21:05 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-01 21:05 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-01-01 21:05 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-01-01 21:05 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-01-01 21:04 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-01-01 21:04 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2012-01-01 21:03 . 2012-01-01 21:03 -------- d-----w- c:\program files\AVAST Software
2012-01-01 21:03 . 2012-01-01 21:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-01-01 18:58 . 2008-04-13 18:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-01-01 18:58 . 2008-04-13 18:40 57600 ----a-w- c:\windows\system32\dllcache\redbook.sys
2011-12-30 18:37 . 2012-01-04 02:26 -------- d-----w- C:\TDSSKiller_Quarantine
2011-12-30 17:43 . 2011-12-30 17:43 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Nero_AG
2011-12-30 00:33 . 2011-12-30 00:33 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2011-12-30 00:31 . 2011-12-30 00:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-30 00:31 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-30 00:31 . 2011-12-30 00:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-10 00:12 . 2011-05-18 23:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25 . 2004-08-10 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2004-08-10 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-10 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-10 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-10 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-10 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-10 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 00:08 . 2011-10-26 00:08 21419 ----a-w- c:\windows\system32\drivers\iPassP.sys
2011-10-25 13:37 . 2004-08-10 19:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-10 19:00 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-12-21 07:24 . 2011-12-29 23:57 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 19:01 . 2012-01-08 18:38 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-04_04.37.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-20 01:03 . 2012-01-20 01:03 16384 c:\windows\Temp\Perflib_Perfdata_ec4.dat
+ 2005-08-31 12:02 . 2012-01-20 03:24 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-08-31 12:02 . 2012-01-03 05:40 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-08-31 04:51 . 2012-01-03 05:40 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-08-31 04:51 . 2012-01-20 03:24 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-01-08 07:24 . 2012-01-20 03:24 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2012-01-02 04:53 . 2012-01-03 05:40 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-01-10 00:12 . 2012-01-10 00:12 247968 c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
+ 2012-01-10 00:12 . 2012-01-10 00:12 335520 c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.dll
- 2005-08-31 12:05 . 2011-12-18 22:21 407896 c:\windows\system32\FNTCACHE.DAT
+ 2012-01-08 02:29 . 2012-01-08 02:29 407896 c:\windows\system32\FNTCACHE.DAT
+ 2011-04-18 18:18 . 2011-04-18 18:18 165648 c:\windows\system32\drivers\MpFilter.sys
+ 2011-10-15 17:16 . 2011-10-15 17:16 464176 c:\windows\system32\drivers\mfehidk.sys
+ 2011-10-15 17:16 . 2011-10-15 17:16 121256 c:\windows\system32\drivers\mfeapfk.sys
+ 2012-01-08 04:16 . 2012-01-08 04:16 785920 c:\windows\Installer\60ced7.msi
+ 2012-01-08 04:15 . 2012-01-08 04:15 483840 c:\windows\Installer\60ced0.msi
+ 2012-01-08 04:15 . 2012-01-08 04:15 301056 c:\windows\Installer\60ceca.msi
+ 2007-02-26 06:01 . 2007-02-26 06:01 437160 c:\windows\Installer\$PatchCache$\Managed\000021599B0090400000000000F01FEC\12.0.6012\DWTRIG20.EXE
+ 2006-10-26 23:48 . 2006-10-26 23:48 439568 c:\windows\Installer\$PatchCache$\Managed\000021599B0090400000000000F01FEC\12.0.6012\DWDCW20.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HLBackupScheduler"="c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe" [2011-05-05 4950664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2006-10-07 380928]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" [2005-10-21 1687552]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2005-10-21 163840]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-24 1195408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AT&T Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2006-1-18 217088]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
VPN Client.lnk - c:\windows\Installer\{B8221906-224A-4494-BB97-55FC63740019}\Icon3E5562ED7.ico [2011-1-17 6144]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-12 27136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Desktop\\utorrent.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"0:TCP"= 0:TCP:spport
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/1/2012 4:05 PM 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/1/2012 4:05 PM 314456]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [1/8/2012 1:37 PM 84200]
R1 MpKsl568beaaa;MpKsl568beaaa;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8FC720F7-0433-4FBA-84BA-B58BC95BD83C}\MpKsl568beaaa.sys [1/18/2012 8:44 PM 29904]
R1 MpKsl913fbca3;MpKsl913fbca3;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8FC720F7-0433-4FBA-84BA-B58BC95BD83C}\MpKsl913fbca3.sys [1/19/2012 8:01 PM 29904]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/1/2012 4:05 PM 20568]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [5/1/2009 2:35 PM 181544]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/8/2012 1:37 PM 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/8/2012 1:37 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [1/8/2012 1:37 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [1/8/2012 1:38 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [1/8/2012 1:35 PM 150856]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [3/25/2010 2:39 PM 490280]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [1/8/2012 1:37 PM 56064]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [1/8/2012 1:37 PM 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [1/8/2012 1:37 PM 88736]
S1 MpKsl3a111680;MpKsl3a111680;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F62D9A4F-5731-4345-9FF5-09C0E15B0660}\MpKsl3a111680.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F62D9A4F-5731-4345-9FF5-09C0E15B0660}\MpKsl3a111680.sys [?]
S1 MpKsl87580189;MpKsl87580189;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8FC720F7-0433-4FBA-84BA-B58BC95BD83C}\MpKsl87580189.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8FC720F7-0433-4FBA-84BA-B58BC95BD83C}\MpKsl87580189.sys [?]
S1 MpKsld91721eb;MpKsld91721eb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F62D9A4F-5731-4345-9FF5-09C0E15B0660}\MpKsld91721eb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F62D9A4F-5731-4345-9FF5-09C0E15B0660}\MpKsld91721eb.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/1/2012 4:06 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/1/2012 4:06 PM 136176]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [1/8/2012 1:37 PM 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [1/8/2012 1:37 PM 84488]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 10:15 AM 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL913FBCA3
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 17:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-01 21:05]
.
2012-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-01 21:05]
.
2012-01-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/?_bc=1
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = https://isp.member.yahoo.com/regisp/y/rdx?https://edit.client.yahoo.com/sbc/register?.scrumb=0
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\w3jmaia0.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z134&form=ZGAADF&install_date=20111104&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-19 22:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1336)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3080)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\msi.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~4\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-01-19 22:51:36
ComboFix-quarantined-files.txt 2012-01-20 03:51
ComboFix2.txt 2012-01-04 04:50
ComboFix3.txt 2012-01-01 20:03
.
Pre-Run: 148,757,037,056 bytes free
Post-Run: 149,181,255,680 bytes free
.
- - End Of File - - E5D2142B74197195264D2931B578D13C

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:32 AM

Posted 20 January 2012 - 12:12 AM

Hello

let me know if this helps speed things up


I want you to reset the DMA you can do this by this script here - Reset DMA

If you have problems when you click on the link try to right click on the link and select "Save Target As" and then save to your desktop.
Once it is on your desktop right click on the file and select "Run"

If you still can't run it then you can go here "Reset DMA" to see what I want to do



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 lfockler

lfockler
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 21 January 2012 - 11:35 PM

Resetting the DMA seems to have helped a lot! Thanks! Things seem to be running at normal speed and I am no longer getting conflicting anti-virus or automatic update messages.

Unfortunately, I am still unable to access my seagate external hard drive. I fear it was also infected. Windows does not recognize it as a disk drive when I plug it in. It installs an initio default controller driver automatically. I can't seem to change the driver and the lights on the drive just keep blinking. Is there any hope of recovery?

Thanks,
Leslie

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:32 AM

Posted 21 January 2012 - 11:51 PM

Hello

if by the time we finish the external drive still does not work you may have to check in the windows forum

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 lfockler

lfockler
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 22 January 2012 - 12:31 PM

Ran TDSSKiller and no infected files were detected. See report below.

Thanks,
Leslie


12:24:56.0437 5144 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
12:24:58.0437 5144 ============================================================
12:24:58.0437 5144 Current date / time: 2012/01/22 12:24:58.0437
12:24:58.0437 5144 SystemInfo:
12:24:58.0437 5144
12:24:58.0437 5144 OS Version: 5.1.2600 ServicePack: 3.0
12:24:58.0437 5144 Product type: Workstation
12:24:58.0437 5144 ComputerName: LESLIE
12:24:58.0437 5144 UserName: HP_Administrator
12:24:58.0437 5144 Windows directory: C:\WINDOWS
12:24:58.0437 5144 System windows directory: C:\WINDOWS
12:24:58.0437 5144 Processor architecture: Intel x86
12:24:58.0437 5144 Number of processors: 1
12:24:58.0437 5144 Page size: 0x1000
12:24:58.0437 5144 Boot type: Normal boot
12:24:58.0437 5144 ============================================================
12:25:17.0562 5144 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:25:17.0890 5144 Initialize success
12:25:26.0343 2892 ============================================================
12:25:26.0343 2892 Scan started
12:25:26.0343 2892 Mode: Manual;
12:25:26.0343 2892 ============================================================
12:25:27.0031 2892 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
12:25:27.0046 2892 Aavmker4 - ok
12:25:27.0265 2892 Abiosdsk - ok
12:25:27.0546 2892 abp480n5 - ok
12:25:27.0937 2892 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:25:27.0953 2892 ACPI - ok
12:25:28.0500 2892 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:25:28.0515 2892 ACPIEC - ok
12:25:29.0078 2892 adpu160m - ok
12:25:29.0765 2892 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:25:29.0781 2892 aec - ok
12:25:29.0890 2892 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:25:29.0890 2892 AFD - ok
12:25:29.0906 2892 Aha154x - ok
12:25:29.0953 2892 aic78u2 - ok
12:25:30.0000 2892 aic78xx - ok
12:25:30.0171 2892 ALCXWDM (7f26d024355cbadb60838f53dfb171ec) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
12:25:30.0328 2892 ALCXWDM - ok
12:25:30.0359 2892 AliIde - ok
12:25:30.0421 2892 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
12:25:30.0421 2892 AmdK8 - ok
12:25:30.0453 2892 amsint - ok
12:25:30.0562 2892 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys
12:25:30.0562 2892 aracpi - ok
12:25:30.0609 2892 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
12:25:30.0609 2892 arhidfltr - ok
12:25:30.0703 2892 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
12:25:30.0703 2892 arkbcfltr - ok
12:25:30.0718 2892 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
12:25:30.0718 2892 armoucfltr - ok
12:25:30.0781 2892 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:25:30.0781 2892 Arp1394 - ok
12:25:30.0812 2892 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
12:25:30.0812 2892 ARPolicy - ok
12:25:30.0906 2892 asc - ok
12:25:30.0953 2892 asc3350p - ok
12:25:30.0968 2892 asc3550 - ok
12:25:31.0046 2892 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
12:25:31.0046 2892 Aspi32 - ok
12:25:31.0109 2892 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys
12:25:31.0109 2892 aswFsBlk - ok
12:25:31.0156 2892 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
12:25:31.0171 2892 aswMon2 - ok
12:25:31.0234 2892 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
12:25:31.0265 2892 aswRdr - ok
12:25:31.0296 2892 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
12:25:31.0343 2892 aswSnx - ok
12:25:31.0390 2892 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
12:25:31.0421 2892 aswSP - ok
12:25:31.0468 2892 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
12:25:31.0484 2892 aswTdi - ok
12:25:31.0546 2892 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:25:31.0546 2892 AsyncMac - ok
12:25:31.0718 2892 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:25:31.0718 2892 atapi - ok
12:25:31.0765 2892 Atdisk - ok
12:25:32.0343 2892 ati2mtag (7a6cf9f411a9c5bd5c442a1cd46af401) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:25:32.0703 2892 ati2mtag - ok
12:25:33.0156 2892 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:25:33.0187 2892 Atmarpc - ok
12:25:33.0859 2892 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:25:33.0859 2892 audstub - ok
12:25:34.0125 2892 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:25:34.0125 2892 Beep - ok
12:25:34.0390 2892 catchme - ok
12:25:35.0093 2892 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:25:35.0125 2892 cbidf2k - ok
12:25:35.0734 2892 cd20xrnt - ok
12:25:36.0406 2892 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:25:36.0406 2892 Cdaudio - ok
12:25:37.0328 2892 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:25:37.0343 2892 Cdfs - ok
12:25:38.0015 2892 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:25:38.0015 2892 Cdrom - ok
12:25:38.0296 2892 cdudf_xp (168764ee13165440c03b712ce90fd9d9) C:\WINDOWS\system32\drivers\cdudf_xp.sys
12:25:38.0343 2892 cdudf_xp - ok
12:25:38.0453 2892 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\WINDOWS\system32\drivers\cfwids.sys
12:25:38.0562 2892 cfwids - ok
12:25:39.0000 2892 Changer - ok
12:25:39.0078 2892 CmdIde - ok
12:25:39.0171 2892 Cpqarray - ok
12:25:39.0265 2892 CVirtA (cb7d7c0e74adcb7da96d08ec8db86062) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
12:25:39.0265 2892 CVirtA - ok
12:25:39.0593 2892 CVPNDRVA (f7eb6ec14c1f614b89abc3c10beb1054) c:\WINDOWS\system32\Drivers\CVPNDRVA.sys
12:25:39.0984 2892 CVPNDRVA - ok
12:25:40.0187 2892 dac2w2k - ok
12:25:40.0250 2892 dac960nt - ok
12:25:40.0312 2892 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:25:40.0312 2892 Disk - ok
12:25:40.0421 2892 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:25:40.0515 2892 dmboot - ok
12:25:40.0531 2892 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:25:40.0546 2892 dmio - ok
12:25:40.0609 2892 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:25:40.0640 2892 dmload - ok
12:25:40.0703 2892 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:25:40.0765 2892 DMusic - ok
12:25:40.0937 2892 DNE (c86fbf607445bf693450d84b775f168c) C:\WINDOWS\system32\DRIVERS\dne2000.sys
12:25:40.0984 2892 DNE - ok
12:25:41.0125 2892 dpti2o - ok
12:25:41.0234 2892 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:25:41.0250 2892 drmkaud - ok
12:25:41.0343 2892 drvmcdb (7df2e645fbda7cde94fcabba7f0de4c2) C:\WINDOWS\system32\drivers\drvmcdb.sys
12:25:41.0375 2892 drvmcdb - ok
12:25:41.0484 2892 dvd_2K (02bc107fcfff26d756b5df73ad38f98f) C:\WINDOWS\system32\drivers\dvd_2K.sys
12:25:41.0500 2892 dvd_2K - ok
12:25:41.0640 2892 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:25:41.0765 2892 Fastfat - ok
12:25:41.0968 2892 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
12:25:41.0984 2892 Fdc - ok
12:25:42.0125 2892 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:25:42.0140 2892 Fips - ok
12:25:42.0203 2892 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:25:42.0234 2892 Flpydisk - ok
12:25:42.0281 2892 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:25:42.0312 2892 FltMgr - ok
12:25:42.0484 2892 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:25:42.0515 2892 Fs_Rec - ok
12:25:42.0703 2892 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:25:42.0734 2892 Ftdisk - ok
12:25:42.0781 2892 ftsata2 - ok
12:25:42.0843 2892 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
12:25:42.0843 2892 GEARAspiWDM - ok
12:25:42.0921 2892 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:25:42.0921 2892 Gpc - ok
12:25:43.0031 2892 hpn - ok
12:25:43.0093 2892 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:25:43.0093 2892 HPZid412 - ok
12:25:43.0234 2892 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:25:43.0234 2892 HPZipr12 - ok
12:25:43.0453 2892 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:25:43.0468 2892 HPZius12 - ok
12:25:43.0656 2892 HSFHWBS2 (5df616addb75c1ad36c1f9e4de0f7654) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
12:25:43.0812 2892 HSFHWBS2 - ok
12:25:44.0593 2892 HSF_DP (dfa8f86c0dbca7db948043aa3be6793b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
12:25:44.0968 2892 HSF_DP - ok
12:25:45.0453 2892 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:25:45.0500 2892 HTTP - ok
12:25:45.0609 2892 i2omgmt - ok
12:25:45.0656 2892 i2omp - ok
12:25:45.0718 2892 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:25:45.0734 2892 i8042prt - ok
12:25:45.0921 2892 iaStor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\DRIVERS\iaStor.sys
12:25:45.0968 2892 iaStor - ok
12:25:46.0015 2892 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:25:46.0015 2892 Imapi - ok
12:25:46.0046 2892 ini910u - ok
12:25:46.0093 2892 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
12:25:46.0109 2892 IntelIde - ok
12:25:46.0140 2892 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:25:46.0171 2892 intelppm - ok
12:25:46.0203 2892 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:25:46.0203 2892 Ip6Fw - ok
12:25:46.0312 2892 iPassP (095a2aa244434d779208ee083894b708) C:\WINDOWS\system32\DRIVERS\iPassP.sys
12:25:46.0312 2892 iPassP - ok
12:25:46.0390 2892 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:25:46.0406 2892 IpFilterDriver - ok
12:25:46.0484 2892 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:25:46.0484 2892 IpInIp - ok
12:25:46.0578 2892 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:25:46.0609 2892 IpNat - ok
12:25:46.0765 2892 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:25:46.0796 2892 IPSec - ok
12:25:46.0859 2892 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:25:46.0859 2892 IRENUM - ok
12:25:46.0921 2892 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:25:46.0921 2892 isapnp - ok
12:25:46.0968 2892 ivusb (de96bbf842059a67d876b692076d8875) C:\WINDOWS\system32\DRIVERS\ivusb.sys
12:25:46.0984 2892 ivusb - ok
12:25:47.0062 2892 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:25:47.0062 2892 Kbdclass - ok
12:25:47.0078 2892 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:25:47.0093 2892 kmixer - ok
12:25:47.0156 2892 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:25:47.0156 2892 KSecDD - ok
12:25:47.0187 2892 lbrtfdc - ok
12:25:47.0375 2892 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
12:25:47.0375 2892 mdmxsdk - ok
12:25:47.0531 2892 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\WINDOWS\system32\drivers\mfeapfk.sys
12:25:47.0562 2892 mfeapfk - ok
12:25:47.0687 2892 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\WINDOWS\system32\drivers\mfeavfk.sys
12:25:47.0828 2892 mfeavfk - ok
12:25:47.0843 2892 mfeavfk01 - ok
12:25:47.0968 2892 mfebopk (a528b15e330edb83ea649be318d841d5) C:\WINDOWS\system32\drivers\mfebopk.sys
12:25:47.0984 2892 mfebopk - ok
12:25:48.0265 2892 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\WINDOWS\system32\drivers\mfefirek.sys
12:25:48.0343 2892 mfefirek - ok
12:25:48.0750 2892 mfehidk (56d330981866a72f061dd16cc5004513) C:\WINDOWS\system32\drivers\mfehidk.sys
12:25:48.0906 2892 mfehidk - ok
12:25:49.0609 2892 mfendisk (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
12:25:49.0640 2892 mfendisk - ok
12:25:49.0687 2892 mfendiskmp (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
12:25:49.0687 2892 mfendiskmp - ok
12:25:49.0984 2892 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\WINDOWS\system32\drivers\mferkdet.sys
12:25:49.0984 2892 mferkdet - ok
12:25:50.0312 2892 mfetdi2k (25e12c68b49a64ffc873603dfd578236) C:\WINDOWS\system32\drivers\mfetdi2k.sys
12:25:50.0375 2892 mfetdi2k - ok
12:25:50.0656 2892 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
12:25:50.0671 2892 MHNDRV - ok
12:25:51.0218 2892 mmc_2K (1f4a94215f1640695e402697b3045261) C:\WINDOWS\system32\drivers\mmc_2K.sys
12:25:51.0296 2892 mmc_2K - ok
12:25:51.0875 2892 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:25:51.0906 2892 mnmdd - ok
12:25:52.0468 2892 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:25:52.0515 2892 Modem - ok
12:25:53.0093 2892 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:25:53.0125 2892 Mouclass - ok
12:25:54.0093 2892 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:25:54.0109 2892 MountMgr - ok
12:25:54.0890 2892 mraid35x - ok
12:25:55.0984 2892 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:25:55.0984 2892 MRxDAV - ok
12:25:56.0250 2892 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:25:56.0687 2892 MRxSmb - ok
12:25:56.0781 2892 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:25:56.0812 2892 Msfs - ok
12:25:57.0468 2892 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:25:57.0468 2892 MSKSSRV - ok
12:25:57.0671 2892 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:25:57.0687 2892 MSPCLOCK - ok
12:25:58.0250 2892 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:25:58.0250 2892 MSPQM - ok
12:25:58.0546 2892 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:25:58.0546 2892 mssmbios - ok
12:25:58.0625 2892 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:25:58.0625 2892 Mup - ok
12:25:58.0781 2892 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:25:58.0781 2892 NDIS - ok
12:25:58.0890 2892 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:25:58.0906 2892 NdisTapi - ok
12:25:59.0000 2892 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:25:59.0015 2892 Ndisuio - ok
12:25:59.0062 2892 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:25:59.0093 2892 NdisWan - ok
12:26:00.0812 2892 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:26:00.0812 2892 NDProxy - ok
12:26:01.0265 2892 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:26:01.0265 2892 NetBIOS - ok
12:26:01.0375 2892 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:26:01.0390 2892 NetBT - ok
12:26:01.0453 2892 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:26:01.0453 2892 NIC1394 - ok
12:26:01.0515 2892 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:26:01.0515 2892 Npfs - ok
12:26:01.0578 2892 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:26:01.0593 2892 Ntfs - ok
12:26:01.0734 2892 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:26:01.0765 2892 Null - ok
12:26:01.0953 2892 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:26:01.0968 2892 NwlnkFlt - ok
12:26:02.0703 2892 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:26:02.0734 2892 NwlnkFwd - ok
12:26:03.0187 2892 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:26:03.0203 2892 ohci1394 - ok
12:26:03.0843 2892 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:26:03.0859 2892 Parport - ok
12:26:04.0312 2892 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:26:04.0359 2892 PartMgr - ok
12:26:05.0156 2892 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:26:05.0171 2892 ParVdm - ok
12:26:05.0687 2892 PCASp50 - ok
12:26:06.0500 2892 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:26:06.0515 2892 PCI - ok
12:26:07.0031 2892 PCIDump - ok
12:26:07.0750 2892 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:26:07.0781 2892 PCIIde - ok
12:26:08.0468 2892 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:26:08.0500 2892 Pcmcia - ok
12:26:09.0062 2892 PDCOMP - ok
12:26:09.0703 2892 PDFRAME - ok
12:26:10.0171 2892 PDRELI - ok
12:26:11.0031 2892 PDRFRAME - ok
12:26:11.0359 2892 perc2 - ok
12:26:12.0203 2892 perc2hib - ok
12:26:12.0640 2892 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:26:12.0671 2892 PptpMiniport - ok
12:26:13.0218 2892 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
12:26:13.0250 2892 Processor - ok
12:26:13.0859 2892 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
12:26:13.0906 2892 Ps2 - ok
12:26:14.0437 2892 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:26:14.0468 2892 PSched - ok
12:26:15.0218 2892 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:26:15.0234 2892 Ptilink - ok
12:26:15.0828 2892 pwd_2k (2f0e42255bb18fbb4e031b3149ec9d2f) C:\WINDOWS\system32\drivers\pwd_2k.sys
12:26:15.0859 2892 pwd_2k - ok
12:26:16.0609 2892 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:26:16.0640 2892 PxHelp20 - ok
12:26:17.0203 2892 ql1080 - ok
12:26:17.0687 2892 Ql10wnt - ok
12:26:18.0203 2892 ql12160 - ok
12:26:18.0656 2892 ql1240 - ok
12:26:19.0062 2892 ql1280 - ok
12:26:19.0703 2892 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:26:19.0718 2892 RasAcd - ok
12:26:20.0531 2892 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:26:20.0531 2892 Rasl2tp - ok
12:26:21.0468 2892 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:26:21.0484 2892 RasPppoe - ok
12:26:22.0421 2892 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:26:22.0437 2892 Raspti - ok
12:26:23.0296 2892 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:26:23.0437 2892 Rdbss - ok
12:26:24.0078 2892 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:26:24.0093 2892 RDPCDD - ok
12:26:24.0671 2892 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:26:24.0718 2892 rdpdr - ok
12:26:25.0265 2892 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
12:26:25.0281 2892 RDPWD - ok
12:26:25.0921 2892 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:26:25.0937 2892 redbook - ok
12:26:26.0546 2892 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
12:26:26.0562 2892 RTL8023xp - ok
12:26:27.0343 2892 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
12:26:27.0359 2892 rtl8139 - ok
12:26:28.0250 2892 RxFilter (04cc07c9f18b137e17e8a3c3d8b90c23) C:\WINDOWS\system32\DRIVERS\RxFilter.sys
12:26:28.0281 2892 RxFilter - ok
12:26:28.0765 2892 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:26:28.0796 2892 Secdrv - ok
12:26:29.0296 2892 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
12:26:29.0328 2892 Serial - ok
12:26:29.0906 2892 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:26:29.0953 2892 Sfloppy - ok
12:26:30.0453 2892 Simbad - ok
12:26:30.0984 2892 Sparrow - ok
12:26:31.0625 2892 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:26:31.0640 2892 splitter - ok
12:26:32.0953 2892 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:26:32.0984 2892 sr - ok
12:26:33.0609 2892 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:26:33.0765 2892 Srv - ok
12:26:34.0062 2892 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:26:34.0093 2892 swenum - ok
12:26:34.0500 2892 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:26:34.0515 2892 swmidi - ok
12:26:35.0031 2892 symc810 - ok
12:26:35.0484 2892 symc8xx - ok
12:26:36.0031 2892 sym_hi - ok
12:26:36.0375 2892 sym_u3 - ok
12:26:37.0203 2892 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:26:37.0203 2892 sysaudio - ok
12:26:37.0906 2892 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:26:38.0093 2892 Tcpip - ok
12:26:38.0906 2892 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:26:38.0937 2892 TDPIPE - ok
12:26:39.0546 2892 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:26:39.0578 2892 TDTCP - ok
12:26:40.0062 2892 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:26:40.0062 2892 TermDD - ok
12:26:40.0796 2892 TosIde - ok
12:26:41.0375 2892 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:26:41.0406 2892 Udfs - ok
12:26:42.0046 2892 ultra - ok
12:26:42.0953 2892 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:26:43.0187 2892 Update - ok
12:26:44.0140 2892 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:26:44.0187 2892 usbccgp - ok
12:26:44.0718 2892 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:26:44.0734 2892 usbehci - ok
12:26:45.0687 2892 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:26:45.0703 2892 usbhub - ok
12:26:46.0640 2892 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:26:46.0671 2892 usbohci - ok
12:26:48.0281 2892 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:26:48.0312 2892 usbprint - ok
12:26:49.0234 2892 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:26:49.0265 2892 usbscan - ok
12:26:50.0000 2892 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:26:50.0000 2892 usbstor - ok
12:26:50.0656 2892 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:26:50.0687 2892 usbuhci - ok
12:26:51.0000 2892 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:26:51.0031 2892 VgaSave - ok
12:26:51.0546 2892 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
12:26:51.0562 2892 ViaIde - ok
12:26:51.0937 2892 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:26:51.0953 2892 VolSnap - ok
12:26:52.0437 2892 vsdatant (d658e49302c382b88c8e9a08e20b2e82) C:\WINDOWS\system32\vsdatant.sys
12:26:53.0078 2892 vsdatant - ok
12:26:53.0515 2892 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:26:53.0562 2892 Wanarp - ok
12:26:54.0093 2892 WDICA - ok
12:26:54.0531 2892 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:26:54.0562 2892 wdmaud - ok
12:26:55.0203 2892 winachsf (473ee64c368ce2eed110376c11960259) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
12:26:55.0500 2892 winachsf - ok
12:26:55.0890 2892 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:26:55.0906 2892 WS2IFSL - ok
12:26:56.0546 2892 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:26:56.0578 2892 WudfPf - ok
12:26:57.0078 2892 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:26:57.0093 2892 WudfRd - ok
12:26:57.0187 2892 MBR (0x1B8) (0ac6d996bce152aed9600e6d6b797e2e) \Device\Harddisk0\DR0
12:26:57.0250 2892 \Device\Harddisk0\DR0 - ok
12:26:57.0281 2892 Boot (0x1200) (e21e9d4d71f9a153b2c8cb323e237132) \Device\Harddisk0\DR0\Partition0
12:26:57.0281 2892 \Device\Harddisk0\DR0\Partition0 - ok
12:26:57.0281 2892 Boot (0x1200) (17b6f6722245a46a1dcdf3f1994f0992) \Device\Harddisk0\DR0\Partition1
12:26:57.0281 2892 \Device\Harddisk0\DR0\Partition1 - ok
12:26:57.0281 2892 ============================================================
12:26:57.0281 2892 Scan finished
12:26:57.0281 2892 ============================================================
12:26:57.0296 4320 Detected object count: 0
12:26:57.0296 4320 Actual detected object count: 0

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:32 AM

Posted 22 January 2012 - 01:25 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users