Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Infestation v. No Internet


  • This topic is locked This topic is locked
30 replies to this topic

#1 Mhylland

Mhylland

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 18 January 2012 - 12:59 PM

A brief History of the issues:

Running Windows XP Version 2002 SP3
Pentium 4, 2.80GHz

12/21/2011:

Infested with XP Security 2012, first malware/virus ever.
Followed instructions from bleeping forums and removed.
Purchased full version of anti-malware as a thank you.

12/22/2011:
Computer running crazy slow
see that ping.exe is running
download Windows Security essentials
finds and quarantined sirefef.n but with error code 0x800704ec
computer seems to work again

1/11/2012:
XP security returns, remove again
Adds the scour.com redirect
run combo fix, locates a severe rootkit infestation of some kind
breaks the internet with the all too common windsock issues.
run everything I can find on the forums trying to fix to no avail.
restore the computer to 1/10/2012 and it fixes the internet issue.

1/12/2012:
re-run the protocol for removing the Windows XP 2012 issue
Computer barely runs, 30 minutes to open a program.
follow PC tools instructions for removing sirefef.n, including purchasing spyware doctor.
Computer still moving at glacial speeds.

1/17/2012:
Can't take it anymore so run combo fix again!
Have three security programs, all disabled, spyware doctor, anti-malware and Microsoft Security essentials.
Computer now runs great without the internet.

1/18/2012:
Run MSE for giggles and it locates sifefef.n and exploit:Java/cve-2010-0840.ns
Wasn't going to do anything else before posting, but MSE decided to remove/disinfect on its own.


So the good news is I can actually work on the computer, if we could actually get it to connect to the internet it would be a bonus.
THere's the scoop, any help would be much appreciated.

BC AdBot (Login to Remove)

 


#2 Mhylland

Mhylland
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 18 January 2012 - 01:34 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Run by Michael at 13:21:19 on 2012-01-18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.272 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\Program Files\PC Tools Security\BDT\FGuard.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAPM5LAK.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\CAPM5RSK.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM5SWK.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Tools Security\TFEngine\TFService.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.sportsline.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [TomcatStartup 2.5] c:\program files\hewlett-packard\toolbox\hpbpsttp.exe
mRun: [HPLJ Config] c:\program files\hewlett-packard\hp laserjet 3015_3020_3030_3380\SetConfig.exe -c Direct -p DOT4_001 -pn "" -n 1 -l 1033 -sl 120000
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\canoni~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\CAPM5LAK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: garmin.com
Trusted Zone: missdig.org\newtina
Trusted Zone: missdig.org\newtinb
Trusted Zone: musicmatch.com\online
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} - hxxps://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,96/mcinsctl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {673204A0-F8B3-4090-8506-80658C5D02C6} - hxxp://fieldhousecam.monashores.net/nwcv3setup.exe
DPF: {6989A24E-9716-11D5-AFC3-0060978DD938} - hxxps://onestop.michigan.gov/mitrip/trkview.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237317749390
DPF: {7A16F968-8E79-11D4-AFC3-0060978DD938} - hxxps://onestop.michigan.gov/mitrip/slactvx.cab
DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} - hxxp://66.255.192.247:50000/bl_camera.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {B49C4597-8721-4789-9250-315DFBD9F525} - hxxp://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2005\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\michael\application data\mozilla\firefox\profiles\jt8ti320.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-1-13 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-1-13 338880]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-1-13 51984]
R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-1-13 69392]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2012-1-13 251560]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2012-1-13 247760]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-30 652872]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2012-1-13 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2012-1-13 1150936]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-30 20464]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2012-1-13 70536]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-1-13 33552]
R3 ThreatFire;ThreatFire;c:\program files\pc tools security\tfengine\tfservice.exe service --> c:\program files\pc tools security\tfengine\TFService.exe service [?]
S1 MpKsl4fe2a738;MpKsl4fe2a738;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{268c6cb1-720a-4101-8e34-de2a12d822ce}\mpksl4fe2a738.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{268c6cb1-720a-4101-8e34-de2a12d822ce}\MpKsl4fe2a738.sys [?]
S1 MpKsl982d5f6c;MpKsl982d5f6c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3cbb6bc7-59eb-4642-aac9-b87487c33d73}\mpksl982d5f6c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3cbb6bc7-59eb-4642-aac9-b87487c33d73}\MpKsl982d5f6c.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-18 133104]
S2 RapidPortM5;RapidPortM5;c:\windows\system32\drivers\CAPM5LP.SYS [2006-2-7 23232]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-9-18 133104]
S3 ubloxusb;ubloxusb;c:\windows\system32\drivers\ubloxusb.sys [2009-9-18 75264]
.
=============== Created Last 30 ================
.
2012-01-17 16:12:42 64512 ----a-w- c:\windows\system32\drivers\Serial.sys
2012-01-17 16:12:42 64512 ----a-w- c:\windows\system32\dllcache\serial.sys
2012-01-17 15:23:27 -------- d-sha-r- C:\cmdcons
2012-01-17 15:15:32 256000 ----a-w- c:\windows\PEV.exe
2012-01-17 15:15:32 208896 ----a-w- c:\windows\MBR.exe
2012-01-17 15:15:31 98816 ----a-w- c:\windows\sed.exe
2012-01-17 15:15:31 518144 ----a-w- c:\windows\SWREG.exe
2012-01-17 15:14:25 -------- d-----w- C:\ComboFix
2012-01-16 19:30:16 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c9c27f5d-52e4-4d06-ade8-b848949c71b2}\offreg.dll
2012-01-16 19:29:39 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c9c27f5d-52e4-4d06-ade8-b848949c71b2}\mpengine.dll
2012-01-16 19:10:03 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-01-16 19:10:02 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-16 18:39:58 -------- d-----w- c:\documents and settings\michael\application data\TestApp
2012-01-13 18:55:17 -------- d-----w- c:\documents and settings\michael\application data\PCTools
2012-01-13 17:05:08 -------- d-----w- c:\documents and settings\michael\local settings\application data\Threat Expert
2012-01-13 16:51:04 69392 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2012-01-13 16:51:04 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2012-01-13 16:51:03 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2012-01-13 16:45:02 767952 ----a-w- c:\windows\BDTSupport.dll
2012-01-13 16:45:02 2000848 ----a-w- c:\windows\PCTBDCore.dll
2012-01-13 16:45:02 1533904 ----a-w- c:\windows\PCTBDRes.dll
2012-01-13 16:45:02 149456 ----a-w- c:\windows\SGDetectionTool.dll
2012-01-13 16:12:01 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-01-13 16:12:01 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-01-13 16:12:01 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-01-13 16:11:56 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-01-13 16:11:56 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-01-13 16:11:50 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-01-13 16:03:47 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2012-01-12 22:06:24 -------- d-----w- C:\Temp
2012-01-12 18:06:02 -------- d-----w- c:\windows\system32\CatRoot2
2012-01-11 20:56:49 -------- d-----w- C:\ERDNT
2012-01-11 19:39:12 -------- d-----w- C:\RECYCLER(2)
2012-01-11 15:54:32 664 ----a-w- c:\documents and settings\michael\local settings\application data\d3d9caps.tmp
2012-01-03 14:47:22 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-01-03 13:22:02 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-01-03 13:22:02 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-12-30 15:41:53 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-29 18:35:25 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-28 19:05:10 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2011-12-28 19:05:10 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2011-12-28 19:05:10 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2011-12-28 19:05:10 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2011-12-28 17:29:36 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{0c80dc51-4b5c-48e5-9797-2225d399472c}\mpengine.dll
2011-12-28 15:51:05 -------- d-----w- c:\program files\common files\PC Tools
2011-12-22 16:41:10 -------- d-----w- c:\documents and settings\michael\application data\Malwarebytes
2011-12-22 16:40:41 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-22 16:40:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-21 20:39:03 -------- d-----w- c:\program files\PC Tools Security
2011-12-19 19:43:40 -------- d-----w- c:\program files\iPod
2011-12-19 19:43:17 -------- d-----w- c:\program files\iTunes
.
==================== Find3M ====================
.
2012-01-03 14:27:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv(2).dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 18:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2006-10-09 17:51:40 1212416 ----a-w- c:\program files\UDJF.dll
2006-10-09 17:49:12 376832 ----a-w- c:\program files\MXEDIT.exe
2006-10-09 17:39:50 2551808 ----a-w- c:\program files\MXM07G.dll
2006-10-09 17:39:48 401408 ----a-w- c:\program files\MXM07M.dll
2006-10-09 17:39:46 241664 ----a-w- c:\program files\MXMGUI.dll
2006-10-09 17:39:46 110592 ----a-w- c:\program files\MXM07S.dll
2006-10-09 17:39:44 225280 ----a-w- c:\program files\MXTD.dll
2006-10-09 17:39:44 110592 ----a-w- c:\program files\MXTFS.dll
2006-10-09 17:39:42 69632 ----a-w- c:\program files\MXTI.dll
2006-10-09 17:39:42 57344 ----a-w- c:\program files\MXTG.dll
2006-10-09 17:39:42 319488 ----a-w- c:\program files\MXTJ.dll
2006-10-09 17:39:40 45056 ----a-w- c:\program files\MXTL.dll
2006-07-25 19:28:54 249856 ----a-w- c:\program files\JCOM.dll
2006-02-16 16:06:50 499712 ----a-w- c:\program files\MXEditor.exe
2005-09-23 06:16:14 1093632 ----a-w- c:\program files\mfc80.dll
2005-09-23 04:05:58 626688 ----a-w- c:\program files\msvcr80.dll
2005-09-23 04:05:58 548864 ----a-w- c:\program files\msvcp80.dll
2005-02-09 20:54:32 45056 ----a-w- c:\program files\UJFS.dll
.
============= FINISH: 13:25:04.51 ===============

Attached Files



#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:10 PM

Posted 21 January 2012 - 11:16 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Mhylland

Mhylland
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 23 January 2012 - 12:09 PM

Thanks for the help.

Ran Combofix, log is below. After running combofix, tried iexplorer, said there is a problem with the winsock provider cataog.

ComboFix 12-01-23.02 - Michael 01/23/2012 11:20:06.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.151 [GMT -5:00]
Running from: F:\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-23 to 2012-01-23 )))))))))))))))))))))))))))))))
.
.
2012-01-17 16:12 . 2008-04-13 20:15 64512 ----a-w- c:\windows\system32\drivers\Serial.sys
2012-01-17 16:12 . 2008-04-13 20:15 64512 ----a-w- c:\windows\system32\dllcache\serial.sys
2012-01-16 19:30 . 2012-01-23 14:20 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C9C27F5D-52E4-4D06-ADE8-B848949C71B2}\offreg.dll
2012-01-16 19:29 . 2011-11-21 07:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C9C27F5D-52E4-4D06-ADE8-B848949C71B2}\mpengine.dll
2012-01-16 19:10 . 2012-01-16 19:10 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-16 18:39 . 2012-01-16 18:39 -------- d-----w- c:\documents and settings\Michael\Application Data\TestApp
2012-01-13 18:55 . 2012-01-13 18:55 -------- d-----w- c:\documents and settings\Michael\Application Data\PCTools
2012-01-13 17:05 . 2012-01-13 17:05 -------- d-----w- c:\documents and settings\Michael\Local Settings\Application Data\Threat Expert
2012-01-13 16:51 . 2010-12-31 14:36 69392 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2012-01-13 16:51 . 2010-12-31 14:36 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2012-01-13 16:51 . 2010-12-31 14:36 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2012-01-13 16:45 . 2011-01-07 19:54 149456 ----a-w- c:\windows\SGDetectionTool.dll
2012-01-13 16:45 . 2011-01-07 19:54 1533904 ----a-w- c:\windows\PCTBDRes.dll
2012-01-13 16:45 . 2011-01-07 19:54 2000848 ----a-w- c:\windows\PCTBDCore.dll
2012-01-13 16:45 . 2011-01-07 19:54 767952 ----a-w- c:\windows\BDTSupport.dll
2012-01-13 16:12 . 2011-01-17 14:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-01-13 16:12 . 2010-07-16 19:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-01-13 16:12 . 2010-07-16 19:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-01-13 16:11 . 2010-12-10 21:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-01-13 16:11 . 2010-12-10 18:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-01-13 16:11 . 2010-12-16 13:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-01-13 16:07 . 2012-01-23 16:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2012-01-13 16:03 . 2012-01-16 19:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-01-13 15:52 . 2012-01-16 19:10 -------- d-----w- c:\documents and settings\Administrator
2012-01-13 14:43 . 2012-01-13 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2012-01-12 22:06 . 2012-01-12 22:08 -------- d-----w- C:\Temp
2012-01-12 18:06 . 2012-01-23 16:16 -------- d-----w- c:\windows\system32\CatRoot2
2012-01-11 20:56 . 2012-01-13 14:42 -------- d-----w- C:\ERDNT
2012-01-11 19:39 . 2012-01-13 14:43 -------- d-----w- C:\RECYCLER(2)
2012-01-11 18:52 . 2012-01-11 18:52 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2012-01-11 15:54 . 2012-01-11 15:54 664 ----a-w- c:\documents and settings\Michael\Local Settings\Application Data\d3d9caps.tmp
2012-01-03 14:47 . 2011-11-21 07:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-03 13:22 . 2012-01-03 13:22 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 13:22 . 2012-01-03 13:22 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-12-30 15:41 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-29 18:35 . 2011-12-29 18:36 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-28 19:05 . 2011-12-28 19:05 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2011-12-28 19:05 . 2011-12-28 19:05 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2011-12-28 19:05 . 2011-12-28 19:05 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2011-12-28 19:05 . 2011-12-28 19:05 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2011-12-28 17:29 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{0C80DC51-4B5C-48E5-9797-2225D399472C}\mpengine.dll
2011-12-28 15:51 . 2012-01-13 16:26 -------- d-----w- c:\program files\Common Files\PC Tools
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-03 14:27 . 2011-05-24 13:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57 . 2004-08-04 10:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-25 21:57 . 2004-08-04 10:00 293376 ----a-w- c:\windows\system32\winsrv(2).dll
2011-11-23 13:25 . 2004-08-04 10:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 10:47 . 2006-08-03 19:13 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-11-18 12:35 . 2004-08-04 10:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-04 19:20 . 2004-08-04 10:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-04 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2004-08-04 10:00 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2004-08-04 10:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-08-04 10:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-04 10:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2006-10-09 17:51 . 2006-10-09 17:51 1212416 ----a-w- c:\program files\UDJF.dll
2006-10-09 17:49 . 2006-10-09 17:49 376832 ----a-w- c:\program files\MXEDIT.exe
2006-10-09 17:39 . 2006-10-09 17:39 2551808 ----a-w- c:\program files\MXM07G.dll
2006-10-09 17:39 . 2006-10-09 17:39 401408 ----a-w- c:\program files\MXM07M.dll
2006-10-09 17:39 . 2006-10-09 17:39 241664 ----a-w- c:\program files\MXMGUI.dll
2006-10-09 17:39 . 2006-10-09 17:39 110592 ----a-w- c:\program files\MXM07S.dll
2006-10-09 17:39 . 2006-10-09 17:39 225280 ----a-w- c:\program files\MXTD.dll
2006-10-09 17:39 . 2006-10-09 17:39 110592 ----a-w- c:\program files\MXTFS.dll
2006-10-09 17:39 . 2006-10-09 17:39 69632 ----a-w- c:\program files\MXTI.dll
2006-10-09 17:39 . 2006-10-09 17:39 57344 ----a-w- c:\program files\MXTG.dll
2006-10-09 17:39 . 2006-10-09 17:39 319488 ----a-w- c:\program files\MXTJ.dll
2006-10-09 17:39 . 2006-10-09 17:39 45056 ----a-w- c:\program files\MXTL.dll
2006-07-25 19:28 . 2006-07-25 19:28 249856 ----a-w- c:\program files\JCOM.dll
2006-02-16 16:06 . 2006-02-16 16:06 499712 ----a-w- c:\program files\MXEditor.exe
2005-09-23 06:16 . 2005-09-23 06:16 1093632 ----a-w- c:\program files\mfc80.dll
2005-09-23 04:05 . 2005-09-23 04:05 626688 ----a-w- c:\program files\msvcr80.dll
2005-09-23 04:05 . 2005-09-23 04:05 548864 ----a-w- c:\program files\msvcp80.dll
2005-02-09 20:54 . 2005-02-09 20:54 45056 ----a-w- c:\program files\UJFS.dll
2011-12-28 19:05 . 2011-09-23 13:43 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-24 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-23 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-05-20 188416]
"HPLJ Config"="c:\program files\Hewlett-Packard\hp LaserJet 3015_3020_3030_3380\SetConfig.exe" [2003-03-31 28672]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [BU]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-06-15 1532760]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2011-01-13 1589208]
"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-01-07 108496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Canon iC D800 Status Window.LNK - c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAPM5LAK.EXE [2006-2-7 30208]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-12-22 984936]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1120229029\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\1120229029\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2005\\QBDBMgrN.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Westell\\Diagnostic Icon\\DGNIcon.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\AOL Desktop 9.6\\waol.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [1/13/2012 11:11 AM 239168]
R0 pctDS;PC Tools Data Store;c:\windows\SYSTEM32\DRIVERS\pctDS.sys [1/13/2012 11:12 AM 338880]
R0 TfFsMon;TfFsMon;c:\windows\SYSTEM32\DRIVERS\TfFsMon.sys [1/13/2012 11:51 AM 51984]
R0 TFSysMon;TfSysMon;c:\windows\SYSTEM32\DRIVERS\TfSysMon.sys [1/13/2012 11:51 AM 69392]
R1 pctgntdi;pctgntdi;c:\windows\SYSTEM32\DRIVERS\pctgntdi.sys [1/13/2012 11:12 AM 251560]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [1/13/2012 11:45 AM 247760]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/30/2011 10:41 AM 652872]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [1/13/2012 11:11 AM 366840]
R3 MBAMProtector;MBAMProtector;c:\windows\SYSTEM32\DRIVERS\mbam.sys [12/30/2011 10:41 AM 20464]
R3 pctplsg;pctplsg;c:\windows\SYSTEM32\DRIVERS\pctplsg.sys [1/13/2012 11:11 AM 70536]
R3 TfNetMon;TfNetMon;c:\windows\SYSTEM32\DRIVERS\TfNetMon.sys [1/13/2012 11:51 AM 33552]
R3 ThreatFire;ThreatFire;c:\program files\PC Tools Security\TFEngine\TFService.exe service --> c:\program files\PC Tools Security\TFEngine\TFService.exe service [?]
S1 MpKsl4fe2a738;MpKsl4fe2a738;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{268C6CB1-720A-4101-8E34-DE2A12D822CE}\MpKsl4fe2a738.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{268C6CB1-720A-4101-8E34-DE2A12D822CE}\MpKsl4fe2a738.sys [?]
S1 MpKsl982d5f6c;MpKsl982d5f6c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3CBB6BC7-59EB-4642-AAC9-B87487C33D73}\MpKsl982d5f6c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3CBB6BC7-59EB-4642-AAC9-B87487C33D73}\MpKsl982d5f6c.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/18/2009 9:41 AM 133104]
S2 RapidPortM5;RapidPortM5;c:\windows\SYSTEM32\DRIVERS\CAPM5LP.SYS [2/7/2006 2:29 PM 23232]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/18/2009 9:41 AM 133104]
S3 ubloxusb;ubloxusb;c:\windows\SYSTEM32\DRIVERS\ubloxusb.sys [9/18/2009 9:15 AM 75264]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PCTSDInjDriver32
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-01-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-05 14:32]
.
2012-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-18 14:41]
.
2012-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-18 14:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sportsline.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: garmin.com
Trusted Zone: missdig.org\newtina
Trusted Zone: missdig.org\newtinb
Trusted Zone: musicmatch.com\online
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
DPF: {673204A0-F8B3-4090-8506-80658C5D02C6} - hxxp://fieldhousecam.monashores.net/nwcv3setup.exe
DPF: {6989A24E-9716-11D5-AFC3-0060978DD938} - hxxps://onestop.michigan.gov/mitrip/trkview.cab
DPF: {7A16F968-8E79-11D4-AFC3-0060978DD938} - hxxps://onestop.michigan.gov/mitrip/slactvx.cab
FF - ProfilePath - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\jt8ti320.default\
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-23 11:47
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(636)
c:\program files\PC Tools Security\TFEngine\TFWAH.dll
c:\program files\PC Tools Security\TFEngine\TFNI.dll
c:\program files\PC Tools Security\TFEngine\TFMon.dll
c:\program files\PC Tools Security\TFEngine\TFRK.dll
.
- - - - - - - > 'lsass.exe'(692)
c:\program files\PC Tools Security\TFEngine\TFWAH.dll
.
- - - - - - - > 'explorer.exe'(3456)
c:\windows\system32\WININET.dll
c:\program files\PC Tools Security\TFEngine\TfWah.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-01-23 11:58:58
ComboFix-quarantined-files.txt 2012-01-23 16:58
ComboFix2.txt 2012-01-17 16:36
ComboFix3.txt 2012-01-11 19:38
.
Pre-Run: 35,152,920,576 bytes free
Post-Run: 35,106,451,456 bytes free
.
- - End Of File - - CB05AFF1782BF3F8CAD68DC8506977DE

#5 Mhylland

Mhylland
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 23 January 2012 - 12:16 PM

Just noticed I ran combofix with QuickBooks open. Let me know if you want me to re-run it.
Thanks Again.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:10 PM

Posted 23 January 2012 - 04:52 PM

Hello

Lets check your internet connection

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure all the boxes are checked
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Mhylland

Mhylland
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 24 January 2012 - 09:32 AM

Farbar Service Scanner Version: 18-01-2012 01
Ran by Michael (administrator) on 24-01-2012 at 09:33:48
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) pctgntdi(9) PSched(7) Tcpip(3)
0x09000000040000000100000002000000030000000900000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:10 PM

Posted 24 January 2012 - 05:28 PM

Hello

here is what I want you to try next

1. Locate the file - C:\Windows\inf\Nettcpip.inf
  • It's important that you first make a copy of the file. Place the copy on your Desktop.
  • Once you have done that, use Notepad open the original file for editing.

Posted Image

2. Locate the [MS_TCPIP.PrimaryInstall] section.

3. Edit the Characteristics = 0xa0 entry and replace 0xa0 with 0×80.

Posted Image

4. Save the file, and then exit Notepad.

Posted Image

5. In Control Panel, double-click Network Connections, right-click Local Area Connection, and then select Properties.

Posted Image Posted Image

6. On the General tab, click Install, select Protocol, and then click Add.

Posted Image

7. In the Select Network Protocols window, click Have Disk.

Posted Image

8. In the Copy manufacturer’s files from: text box, type c:\windows\inf, and then click OK.

Posted Image

9. Select Internet Protocol (TCP/IP), and then click OK.

Posted Image

Note This step will return you to the Local Area Connection Properties screen, but now the Uninstall button is available.

10. Select Internet Protocol (TCP/IP), click Uninstall, and then click Yes.

11. It is important that you restart the computer to complete the uninstall.

------------

Step #2 - Reinstall of TCP/IP

Posted Image

Take the nettcpip.inf which you have earlier copied to Desktop. Move it back to the directory C:\Windows\INF\ overwriting the existing copy. The file shall now look exactly like the sample above.

Redo sub-steps 4-11 to re-install TCP/IP
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Mhylland

Mhylland
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 25 January 2012 - 09:49 AM

Couldn't complete the last post. The nettcpip file was not located in windows/inf. I found it in windows/servicepackfiles/i386.

I then followed the same steps until step # 8 where I replaced the path with the location of nettcpip on my computer.
When I get to Internet protocol (tcp/ip) the uninstall box is still greyed out.

Thoughts?

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:10 PM

Posted 25 January 2012 - 10:02 AM

Hello


move the file that is here windows/servicepackfiles/i386 to the windows/inf folder check the internet and then try to do the instructions



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Mhylland

Mhylland
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 25 January 2012 - 01:35 PM

My windows folder doesn't have an /inf directory. I took a screen shot of the WINDOWS folder I can send if you want, but I can't paste the image in the post.

#12 Mhylland

Mhylland
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 26 January 2012 - 10:29 AM

Interesting development. When I started up this morning it looks like I have an Internet connection. The altered nettcpip file is in the /i386 directory. I was never able to uninstall the tc/pip protocol, but the restart with the altered file restored my connection. However, the CPU usage is now at 80% to 100% and I can't do anything.

What's the next step? Thanks again for the help.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:10 PM

Posted 26 January 2012 - 10:42 AM

Hello

That is very good!! looks like it needed a restart.

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Mhylland

Mhylland
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 26 January 2012 - 04:38 PM

16:39:13.0265 3788 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
16:39:13.0890 3788 ============================================================
16:39:13.0890 3788 Current date / time: 2012/01/26 16:39:13.0890
16:39:13.0890 3788 SystemInfo:
16:39:13.0890 3788
16:39:13.0890 3788 OS Version: 5.1.2600 ServicePack: 3.0
16:39:13.0890 3788 Product type: Workstation
16:39:13.0890 3788 ComputerName: DELL
16:39:13.0890 3788 UserName: Michael
16:39:13.0890 3788 Windows directory: C:\WINDOWS
16:39:13.0890 3788 System windows directory: C:\WINDOWS
16:39:13.0890 3788 Processor architecture: Intel x86
16:39:13.0890 3788 Number of processors: 2
16:39:13.0890 3788 Page size: 0x1000
16:39:13.0890 3788 Boot type: Normal boot
16:39:13.0890 3788 ============================================================
16:39:15.0953 3788 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:39:16.0046 3788 Initialize success
16:39:30.0734 2108 ============================================================
16:39:30.0734 2108 Scan started
16:39:30.0734 2108 Mode: Manual;
16:39:30.0734 2108 ============================================================
16:39:31.0203 2108 Abiosdsk - ok
16:39:31.0265 2108 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
16:39:31.0265 2108 abp480n5 - ok
16:39:31.0296 2108 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:39:31.0296 2108 ACPI - ok
16:39:31.0343 2108 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:39:31.0343 2108 ACPIEC - ok
16:39:31.0390 2108 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
16:39:31.0390 2108 adpu160m - ok
16:39:31.0421 2108 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:39:31.0421 2108 aec - ok
16:39:31.0468 2108 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:39:31.0484 2108 AFD - ok
16:39:31.0515 2108 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
16:39:31.0515 2108 agp440 - ok
16:39:31.0562 2108 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
16:39:31.0562 2108 agpCPQ - ok
16:39:31.0609 2108 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
16:39:31.0625 2108 Aha154x - ok
16:39:31.0625 2108 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
16:39:31.0640 2108 aic78u2 - ok
16:39:31.0671 2108 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
16:39:31.0687 2108 aic78xx - ok
16:39:31.0703 2108 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
16:39:31.0703 2108 AliIde - ok
16:39:31.0718 2108 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
16:39:31.0718 2108 alim1541 - ok
16:39:31.0750 2108 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
16:39:31.0750 2108 amdagp - ok
16:39:31.0765 2108 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
16:39:31.0781 2108 amsint - ok
16:39:31.0812 2108 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
16:39:31.0812 2108 asc - ok
16:39:31.0828 2108 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
16:39:31.0843 2108 asc3350p - ok
16:39:31.0843 2108 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
16:39:31.0859 2108 asc3550 - ok
16:39:31.0937 2108 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:39:31.0937 2108 AsyncMac - ok
16:39:31.0984 2108 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:39:31.0984 2108 atapi - ok
16:39:32.0000 2108 Atdisk - ok
16:39:32.0031 2108 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:39:32.0031 2108 Atmarpc - ok
16:39:32.0078 2108 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:39:32.0078 2108 audstub - ok
16:39:32.0093 2108 bcm4sbxp (e727776a56a51b7e6b7c87c02ea8b405) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
16:39:32.0093 2108 bcm4sbxp - ok
16:39:32.0125 2108 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:39:32.0125 2108 Beep - ok
16:39:32.0187 2108 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
16:39:32.0187 2108 cbidf - ok
16:39:32.0203 2108 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:39:32.0203 2108 cbidf2k - ok
16:39:32.0218 2108 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
16:39:32.0234 2108 cd20xrnt - ok
16:39:32.0234 2108 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:39:32.0250 2108 Cdaudio - ok
16:39:32.0265 2108 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:39:32.0281 2108 Cdfs - ok
16:39:32.0328 2108 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:39:32.0328 2108 Cdrom - ok
16:39:32.0390 2108 Changer - ok
16:39:32.0468 2108 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
16:39:32.0468 2108 CmdIde - ok
16:39:32.0515 2108 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
16:39:32.0515 2108 Cpqarray - ok
16:39:32.0562 2108 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
16:39:32.0562 2108 dac2w2k - ok
16:39:32.0578 2108 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
16:39:32.0578 2108 dac960nt - ok
16:39:32.0625 2108 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:39:32.0640 2108 Disk - ok
16:39:32.0687 2108 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:39:32.0718 2108 dmboot - ok
16:39:32.0750 2108 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:39:32.0750 2108 dmio - ok
16:39:32.0765 2108 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:39:32.0781 2108 dmload - ok
16:39:32.0828 2108 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:39:32.0828 2108 DMusic - ok
16:39:32.0890 2108 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
16:39:32.0890 2108 dot4 - ok
16:39:32.0921 2108 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
16:39:32.0937 2108 Dot4Print - ok
16:39:32.0953 2108 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
16:39:32.0953 2108 dot4usb - ok
16:39:32.0984 2108 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
16:39:32.0984 2108 dpti2o - ok
16:39:33.0015 2108 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:39:33.0015 2108 drmkaud - ok
16:39:33.0046 2108 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
16:39:33.0046 2108 drvmcdb - ok
16:39:33.0078 2108 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
16:39:33.0078 2108 drvnddm - ok
16:39:33.0250 2108 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
16:39:33.0250 2108 DSproct - ok
16:39:33.0375 2108 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
16:39:33.0390 2108 dsunidrv - ok
16:39:33.0437 2108 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
16:39:33.0437 2108 E100B - ok
16:39:33.0531 2108 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:39:33.0531 2108 Fastfat - ok
16:39:33.0578 2108 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:39:33.0578 2108 Fdc - ok
16:39:33.0609 2108 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:39:33.0609 2108 Fips - ok
16:39:33.0640 2108 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:39:33.0640 2108 Flpydisk - ok
16:39:33.0687 2108 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:39:33.0687 2108 FltMgr - ok
16:39:33.0718 2108 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:39:33.0718 2108 Fs_Rec - ok
16:39:33.0750 2108 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:39:33.0750 2108 Ftdisk - ok
16:39:33.0796 2108 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
16:39:33.0796 2108 GEARAspiWDM - ok
16:39:33.0843 2108 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:39:33.0843 2108 Gpc - ok
16:39:33.0875 2108 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:39:33.0890 2108 HidUsb - ok
16:39:33.0937 2108 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
16:39:33.0953 2108 hpn - ok
16:39:33.0984 2108 HSFHWICH (140ba850417896b6b3322048de280368) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
16:39:33.0984 2108 HSFHWICH - ok
16:39:34.0093 2108 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
16:39:34.0125 2108 HSF_DP - ok
16:39:34.0250 2108 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:39:34.0265 2108 HTTP - ok
16:39:34.0296 2108 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
16:39:34.0312 2108 i2omgmt - ok
16:39:34.0343 2108 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
16:39:34.0343 2108 i2omp - ok
16:39:34.0359 2108 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:39:34.0375 2108 i8042prt - ok
16:39:34.0453 2108 ialm (737da0be27652c4482ac5cde099bfce9) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
16:39:34.0484 2108 ialm - ok
16:39:34.0515 2108 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:39:34.0515 2108 Imapi - ok
16:39:34.0546 2108 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
16:39:34.0546 2108 ini910u - ok
16:39:34.0562 2108 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:39:34.0562 2108 IntelIde - ok
16:39:34.0609 2108 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:39:34.0625 2108 intelppm - ok
16:39:34.0656 2108 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:39:34.0656 2108 Ip6Fw - ok
16:39:34.0703 2108 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:39:34.0703 2108 IpFilterDriver - ok
16:39:34.0750 2108 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:39:34.0750 2108 IpInIp - ok
16:39:34.0781 2108 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:39:34.0796 2108 IpNat - ok
16:39:34.0812 2108 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:39:34.0812 2108 IPSec - ok
16:39:34.0843 2108 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:39:34.0859 2108 IRENUM - ok
16:39:34.0875 2108 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:39:34.0875 2108 isapnp - ok
16:39:34.0921 2108 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:39:34.0921 2108 Kbdclass - ok
16:39:34.0937 2108 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:39:34.0937 2108 kbdhid - ok
16:39:34.0984 2108 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:39:35.0000 2108 kmixer - ok
16:39:35.0046 2108 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:39:35.0062 2108 KSecDD - ok
16:39:35.0078 2108 lbrtfdc - ok
16:39:35.0125 2108 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
16:39:35.0156 2108 MBAMProtector - ok
16:39:35.0234 2108 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
16:39:35.0234 2108 mdmxsdk - ok
16:39:35.0281 2108 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:39:35.0281 2108 mnmdd - ok
16:39:35.0328 2108 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:39:35.0328 2108 Modem - ok
16:39:35.0359 2108 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:39:35.0359 2108 Mouclass - ok
16:39:35.0406 2108 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:39:35.0421 2108 mouhid - ok
16:39:35.0437 2108 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:39:35.0437 2108 MountMgr - ok
16:39:35.0484 2108 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
16:39:35.0484 2108 MpFilter - ok
16:39:35.0578 2108 MpKsl4fe2a738 - ok
16:39:35.0578 2108 MpKsl982d5f6c - ok
16:39:35.0625 2108 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
16:39:35.0640 2108 mraid35x - ok
16:39:35.0671 2108 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:39:35.0671 2108 MRxDAV - ok
16:39:35.0734 2108 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:39:35.0734 2108 MRxSmb - ok
16:39:35.0765 2108 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:39:35.0781 2108 Msfs - ok
16:39:35.0812 2108 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:39:35.0812 2108 MSKSSRV - ok
16:39:35.0859 2108 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:39:35.0859 2108 MSPCLOCK - ok
16:39:35.0875 2108 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:39:35.0875 2108 MSPQM - ok
16:39:35.0921 2108 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:39:35.0953 2108 mssmbios - ok
16:39:36.0140 2108 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:39:36.0171 2108 Mup - ok
16:39:36.0250 2108 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:39:36.0250 2108 NDIS - ok
16:39:36.0312 2108 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:39:36.0312 2108 NdisTapi - ok
16:39:36.0359 2108 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:39:36.0359 2108 Ndisuio - ok
16:39:36.0375 2108 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:39:36.0375 2108 NdisWan - ok
16:39:36.0437 2108 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:39:36.0437 2108 NDProxy - ok
16:39:36.0468 2108 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:39:36.0468 2108 NetBIOS - ok
16:39:36.0500 2108 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:39:36.0515 2108 NetBT - ok
16:39:36.0578 2108 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:39:36.0578 2108 Npfs - ok
16:39:36.0625 2108 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:39:36.0656 2108 Ntfs - ok
16:39:36.0703 2108 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:39:36.0718 2108 Null - ok
16:39:36.0812 2108 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:39:36.0875 2108 nv - ok
16:39:36.0906 2108 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:39:36.0906 2108 NwlnkFlt - ok
16:39:36.0921 2108 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:39:36.0937 2108 NwlnkFwd - ok
16:39:36.0968 2108 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
16:39:36.0968 2108 omci - ok
16:39:37.0000 2108 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:39:37.0015 2108 Parport - ok
16:39:37.0046 2108 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:39:37.0062 2108 PartMgr - ok
16:39:37.0093 2108 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:39:37.0093 2108 ParVdm - ok
16:39:37.0109 2108 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:39:37.0109 2108 PCI - ok
16:39:37.0125 2108 PCIDump - ok
16:39:37.0140 2108 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:39:37.0156 2108 PCIIde - ok
16:39:37.0171 2108 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:39:37.0171 2108 Pcmcia - ok
16:39:37.0203 2108 PCTCore (995e6bc3bb92bb4a9eb49a663c43b6cb) C:\WINDOWS\system32\drivers\PCTCore.sys
16:39:37.0218 2108 PCTCore - ok
16:39:37.0265 2108 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\WINDOWS\system32\drivers\pctDS.sys
16:39:37.0265 2108 pctDS - ok
16:39:37.0343 2108 pctgntdi (5be722c8c9bba995693c8cd524d83b27) C:\WINDOWS\SYSTEM32\DRIVERS\pctgntdi.sys
16:39:37.0359 2108 pctgntdi - ok
16:39:37.0390 2108 pctplsg (1ea4b41d30f28ff5e186a49b4a1d36d9) C:\WINDOWS\SYSTEM32\DRIVERS\pctplsg.sys
16:39:37.0390 2108 pctplsg - ok
16:39:37.0406 2108 PDCOMP - ok
16:39:37.0421 2108 PDFRAME - ok
16:39:37.0437 2108 PDRELI - ok
16:39:37.0453 2108 PDRFRAME - ok
16:39:37.0484 2108 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
16:39:37.0500 2108 perc2 - ok
16:39:37.0515 2108 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
16:39:37.0531 2108 perc2hib - ok
16:39:37.0593 2108 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:39:37.0593 2108 PptpMiniport - ok
16:39:37.0609 2108 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:39:37.0625 2108 PSched - ok
16:39:37.0671 2108 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:39:37.0671 2108 Ptilink - ok
16:39:37.0703 2108 PxHelp20 (db3b30c3a4cdcf07e164c14584d9d0f2) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:39:37.0718 2108 PxHelp20 - ok
16:39:37.0734 2108 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
16:39:37.0750 2108 ql1080 - ok
16:39:37.0781 2108 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
16:39:37.0781 2108 Ql10wnt - ok
16:39:37.0796 2108 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
16:39:37.0796 2108 ql12160 - ok
16:39:37.0812 2108 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
16:39:37.0812 2108 ql1240 - ok
16:39:37.0828 2108 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
16:39:37.0843 2108 ql1280 - ok
16:39:37.0890 2108 RapidPortM5 (f356179731961a0812884cc31d8e6a59) C:\WINDOWS\system32\Drivers\CAPM5LP.SYS
16:39:37.0890 2108 RapidPortM5 - ok
16:39:37.0921 2108 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:39:37.0921 2108 RasAcd - ok
16:39:37.0953 2108 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:39:37.0953 2108 Rasl2tp - ok
16:39:37.0968 2108 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:39:37.0984 2108 RasPppoe - ok
16:39:38.0000 2108 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:39:38.0000 2108 Raspti - ok
16:39:38.0015 2108 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:39:38.0031 2108 Rdbss - ok
16:39:38.0046 2108 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:39:38.0046 2108 RDPCDD - ok
16:39:38.0093 2108 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:39:38.0093 2108 rdpdr - ok
16:39:38.0156 2108 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:39:38.0156 2108 RDPWD - ok
16:39:38.0203 2108 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:39:38.0203 2108 redbook - ok
16:39:38.0296 2108 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:39:38.0296 2108 Secdrv - ok
16:39:38.0375 2108 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
16:39:38.0390 2108 senfilt - ok
16:39:38.0453 2108 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:39:38.0453 2108 serenum - ok
16:39:38.0531 2108 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:39:38.0531 2108 Sfloppy - ok
16:39:38.0546 2108 Simbad - ok
16:39:38.0593 2108 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
16:39:38.0593 2108 sisagp - ok
16:39:38.0625 2108 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
16:39:38.0640 2108 smwdm - ok
16:39:38.0671 2108 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
16:39:38.0687 2108 Sparrow - ok
16:39:38.0718 2108 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:39:38.0734 2108 splitter - ok
16:39:38.0765 2108 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:39:38.0765 2108 sr - ok
16:39:38.0843 2108 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:39:38.0843 2108 Srv - ok
16:39:38.0890 2108 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
16:39:38.0890 2108 sscdbhk5 - ok
16:39:38.0906 2108 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
16:39:38.0921 2108 ssrtln - ok
16:39:38.0953 2108 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
16:39:38.0953 2108 StillCam - ok
16:39:39.0000 2108 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:39:39.0015 2108 swenum - ok
16:39:39.0031 2108 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:39:39.0031 2108 swmidi - ok
16:39:39.0062 2108 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
16:39:39.0062 2108 symc810 - ok
16:39:39.0078 2108 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
16:39:39.0078 2108 symc8xx - ok
16:39:39.0093 2108 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
16:39:39.0093 2108 sym_hi - ok
16:39:39.0109 2108 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
16:39:39.0109 2108 sym_u3 - ok
16:39:39.0156 2108 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:39:39.0156 2108 sysaudio - ok
16:39:39.0234 2108 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:39:39.0250 2108 Tcpip - ok
16:39:39.0296 2108 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:39:39.0296 2108 TDPIPE - ok
16:39:39.0359 2108 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:39:39.0359 2108 TDTCP - ok
16:39:39.0406 2108 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:39:39.0406 2108 TermDD - ok
16:39:39.0453 2108 TfFsMon (1c7be4e77d42a93e6cd82ef742a50524) C:\WINDOWS\system32\drivers\TfFsMon.sys
16:39:39.0500 2108 TfFsMon - ok
16:39:39.0531 2108 TfNetMon (40d1ad5741204ea83661e1b4d3d0d0c5) C:\WINDOWS\system32\drivers\TfNetMon.sys
16:39:39.0531 2108 TfNetMon - ok
16:39:39.0562 2108 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
16:39:39.0562 2108 tfsnboio - ok
16:39:39.0578 2108 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
16:39:39.0578 2108 tfsncofs - ok
16:39:39.0593 2108 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
16:39:39.0593 2108 tfsndrct - ok
16:39:39.0609 2108 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
16:39:39.0609 2108 tfsndres - ok
16:39:39.0625 2108 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
16:39:39.0640 2108 tfsnifs - ok
16:39:39.0640 2108 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
16:39:39.0656 2108 tfsnopio - ok
16:39:39.0656 2108 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
16:39:39.0671 2108 tfsnpool - ok
16:39:39.0687 2108 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
16:39:39.0687 2108 tfsnudf - ok
16:39:39.0703 2108 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
16:39:39.0703 2108 tfsnudfa - ok
16:39:39.0718 2108 TFSysMon (5d30e224ac2183357cb478b5cb73bd31) C:\WINDOWS\system32\drivers\TfSysMon.sys
16:39:39.0734 2108 TFSysMon - ok
16:39:39.0781 2108 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
16:39:39.0796 2108 TosIde - ok
16:39:39.0843 2108 ubloxusb (83b5f085421bd9d4df1026fe76962f35) C:\WINDOWS\system32\DRIVERS\ubloxusb.sys
16:39:39.0843 2108 ubloxusb - ok
16:39:39.0875 2108 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:39:39.0875 2108 Udfs - ok
16:39:39.0937 2108 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
16:39:39.0937 2108 ultra - ok
16:39:40.0015 2108 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:39:40.0031 2108 Update - ok
16:39:40.0109 2108 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
16:39:40.0109 2108 USBAAPL - ok
16:39:40.0171 2108 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:39:40.0171 2108 usbccgp - ok
16:39:40.0218 2108 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:39:40.0218 2108 usbehci - ok
16:39:40.0250 2108 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:39:40.0250 2108 usbhub - ok
16:39:40.0265 2108 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:39:40.0281 2108 usbprint - ok
16:39:40.0312 2108 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:39:40.0328 2108 usbscan - ok
16:39:40.0343 2108 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:39:40.0343 2108 USBSTOR - ok
16:39:40.0375 2108 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:39:40.0375 2108 usbuhci - ok
16:39:40.0390 2108 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:39:40.0406 2108 VgaSave - ok
16:39:40.0437 2108 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
16:39:40.0437 2108 viaagp - ok
16:39:40.0484 2108 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
16:39:40.0500 2108 ViaIde - ok
16:39:40.0531 2108 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:39:40.0531 2108 VolSnap - ok
16:39:40.0593 2108 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:39:40.0593 2108 Wanarp - ok
16:39:40.0640 2108 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
16:39:40.0640 2108 wanatw - ok
16:39:40.0671 2108 WDICA - ok
16:39:40.0718 2108 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:39:40.0718 2108 wdmaud - ok
16:39:40.0812 2108 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
16:39:40.0828 2108 winachsf - ok
16:39:40.0953 2108 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
16:39:40.0968 2108 WpdUsb - ok
16:39:41.0000 2108 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:39:41.0000 2108 WS2IFSL - ok
16:39:41.0062 2108 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:39:41.0062 2108 WudfPf - ok
16:39:41.0109 2108 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:39:41.0109 2108 WudfRd - ok
16:39:41.0140 2108 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
16:39:41.0171 2108 \Device\Harddisk0\DR0 - ok
16:39:41.0265 2108 Boot (0x1200) (62f06ff1399bc528233058fba45e7dd5) \Device\Harddisk0\DR0\Partition0
16:39:41.0281 2108 \Device\Harddisk0\DR0\Partition0 - ok
16:39:41.0281 2108 ============================================================
16:39:41.0281 2108 Scan finished
16:39:41.0281 2108 ============================================================
16:39:41.0296 2252 Detected object count: 0
16:39:41.0296 2252 Actual detected object count: 0

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:10 PM

Posted 26 January 2012 - 08:08 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users