Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Comp possible regsitry errors


  • This topic is locked This topic is locked
22 replies to this topic

#1 seanbateman7

seanbateman7

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rochester NY
  • Local time:10:43 AM

Posted 08 February 2012 - 11:03 AM

Well, this computer is running into issues, whever it boots up, I get a svchost error. then it logs into windows and loads for around an hour before it can do anything! the desktop looks clear, but when you move the curser to the window bar at the bottom a loading sign appears and its wicked slow! I'm attatching my hijack log, any help is appreciated!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:55:29 AM, on 2/8/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.endicia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [NA1Messenger] C:\UPS\WSTD\UPSNA1Msgr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\UPS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Spotify] "C:\Documents and Settings\UPS\Application Data\Spotify\Spotify.exe" /uri spotify:autostart
O4 - Startup: Shortcut to rkill.lnk = C:\Documents and Settings\UPS\Desktop\rkill.scr
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 4076 bytes

Edited by hamluis, 08 February 2012 - 11:22 AM.
Moved from XP to Malware Removal Logs.


BC AdBot (Login to Remove)

 


#2 seanbateman7

seanbateman7
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rochester NY
  • Local time:10:43 AM

Posted 08 February 2012 - 11:04 AM

should also say that avast turned up 2 things on a deep scan but they were removed, malware bytes didn't find anything, and a registry cleaner was ran in hopes it would remove the corrupted ones, but it hasn't improved.

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 08 February 2012 - 07:08 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


I want you to reset the DMA you can do this by this script here - Reset DMA

If you have problems when you click on the link try to right click on the link and select "Save Target As" and then save to your desktop.
Once it is on your desktop right click on the file and select "Run"

If you still can't run it then you can go here "Reset DMA" to see what I want to do


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 seanbateman7

seanbateman7
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rochester NY
  • Local time:10:43 AM

Posted 09 February 2012 - 04:59 PM

Gringo,
Hey I tried doing the reset dma, but I could not get the script to run, so i tried doing it manually and it looked like I was ok. I then ran the Defogger, that worked fine, and then the Diagnostic tool, afterwords I tried dma again only to have it run so I think I'm going to reboot and then runn the diagnostic again so that it gets everything I'll post both though.


Current (before DMA):
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by UPS at 16:54:06 on 2012-02-09
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.735.373 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\UPS\My Documents\Downloads\Defogger.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.endicia.com/
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\ups\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Spotify] "c:\documents and settings\ups\application data\spotify\Spotify.exe" /uri spotify:autostart
mRun: [Smapp] c:\program files\analog devices\soundmax\SMTray.exe
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [NA1Messenger] c:\ups\wstd\UPSNA1Msgr.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\docume~1\ups\startm~1\programs\startup\shortc~1.lnk - c:\documents and settings\ups\desktop\rkill.scr
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F7A5646E-47E7-479B-B230-889716CAC2D1} : DhcpNameServer = 192.168.1.1
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ups\application data\mozilla\firefox\profiles\ypntd1x9.default\
FF - prefs.js: browser.startup.homepage - sellercentral.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\ups\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\ups\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\ups\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-10-20 435032]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-3 314456]
S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2010-10-3 2909536]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-3 20568]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-2-3 44768]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
S2 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER;c:\ups\wstd\mssql$upswsdbserver\binn\sqlservr.exe -supswsdbserver --> c:\ups\wstd\mssql$upswsdbserver\binn\sqlservr.exe -sUPSWSDBSERVER [?]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
S3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2010-10-3 72808]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 SQLAgent$UPSWSDBSERVER;SQLAgent$UPSWSDBSERVER;c:\ups\wstd\mssql$upswsdbserver\binn\sqlagent.exe -i upswsdbserver --> c:\ups\wstd\mssql$upswsdbserver\binn\sqlagent.EXE -i UPSWSDBSERVER [?]
.
=============== Created Last 30 ================
.
2/9/2012 21:53 -------- d--h--w- c:\windows\PIF
2/7/2012 22:08 -------- d-----w- C:\## aswSnx private storage
2/3/2012 19:01 -------- d-----w- c:\documents and settings\ups\local settings\application data\Secunia PSI
2/3/2012 18:29 -------- d-----w- c:\program files\Secunia
2/3/2012 18:07 -------- d-----w- c:\program files\AVAST Software
2/3/2012 17:41 -------- d-----w- c:\windows\system32\newpass
2/3/2012 17:14 487424 ----a-w- c:\windows\system32\msvcp70.dll
2/3/2012 17:14 974848 ----a-w- c:\windows\system32\mfc70.dll
2/3/2012 17:14 608448 ----a-w- c:\windows\system32\comctl32.ocx
2/3/2012 17:14 -------- d-----w- c:\program files\AML Products
2/2/2012 16:02 19416 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2/2/2012 16:02 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2/2/2012 16:02 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2/2/2012 16:02 125912 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2/2/2012 16:02 97240 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2/2/2012 16:02 924632 ----a-w- c:\program files\mozilla firefox\firefox.exe
2/2/2012 16:02 269272 ----a-w- c:\program files\mozilla firefox\freebl3.dll
2/2/2012 16:02 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2/2/2012 16:02 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
.
==================== Find3M ====================
.
12/10/2011 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
11/28/2011 18:01 41184 ----a-w- c:\windows\avastSS.scr
11/28/2011 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
11/23/2011 13:25 1859584 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 16:54:53.00 ===============

Attached Files



#5 seanbateman7

seanbateman7
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rochester NY
  • Local time:10:43 AM

Posted 09 February 2012 - 05:06 PM

After Reboot:

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by UPS at 17:02:27 on 2012-02-09
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.735.444 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\mspaint.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.endicia.com/
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\ups\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Spotify] "c:\documents and settings\ups\application data\spotify\Spotify.exe" /uri spotify:autostart
mRun: [Smapp] c:\program files\analog devices\soundmax\SMTray.exe
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [NA1Messenger] c:\ups\wstd\UPSNA1Msgr.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\docume~1\ups\startm~1\programs\startup\shortc~1.lnk - c:\documents and settings\ups\desktop\rkill.scr
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F7A5646E-47E7-479B-B230-889716CAC2D1} : DhcpNameServer = 192.168.1.1
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ups\application data\mozilla\firefox\profiles\ypntd1x9.default\
FF - prefs.js: browser.startup.homepage - sellercentral.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\ups\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\ups\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\ups\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-10-20 435032]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-3 314456]
S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2010-10-3 2909536]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-3 20568]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-2-3 44768]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
S2 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER;c:\ups\wstd\mssql$upswsdbserver\binn\sqlservr.exe -supswsdbserver --> c:\ups\wstd\mssql$upswsdbserver\binn\sqlservr.exe -sUPSWSDBSERVER [?]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
S3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2010-10-3 72808]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 SQLAgent$UPSWSDBSERVER;SQLAgent$UPSWSDBSERVER;c:\ups\wstd\mssql$upswsdbserver\binn\sqlagent.exe -i upswsdbserver --> c:\ups\wstd\mssql$upswsdbserver\binn\sqlagent.EXE -i UPSWSDBSERVER [?]
.
=============== Created Last 30 ================
.
2/9/2012 21:53 -------- d--h--w- c:\windows\PIF
2/7/2012 22:08 -------- d-----w- C:\## aswSnx private storage
2/3/2012 19:01 -------- d-----w- c:\documents and settings\ups\local settings\application data\Secunia PSI
2/3/2012 18:29 -------- d-----w- c:\program files\Secunia
2/3/2012 18:07 -------- d-----w- c:\program files\AVAST Software
2/3/2012 17:41 -------- d-----w- c:\windows\system32\newpass
2/3/2012 17:14 487424 ----a-w- c:\windows\system32\msvcp70.dll
2/3/2012 17:14 974848 ----a-w- c:\windows\system32\mfc70.dll
2/3/2012 17:14 608448 ----a-w- c:\windows\system32\comctl32.ocx
2/3/2012 17:14 -------- d-----w- c:\program files\AML Products
2/2/2012 16:02 19416 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2/2/2012 16:02 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2/2/2012 16:02 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2/2/2012 16:02 125912 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2/2/2012 16:02 97240 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2/2/2012 16:02 924632 ----a-w- c:\program files\mozilla firefox\firefox.exe
2/2/2012 16:02 269272 ----a-w- c:\program files\mozilla firefox\freebl3.dll
2/2/2012 16:02 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2/2/2012 16:02 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
.
==================== Find3M ====================
.
12/10/2011 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
11/28/2011 18:01 41184 ----a-w- c:\windows\avastSS.scr
11/28/2011 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
11/23/2011 13:25 1859584 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 17:03:33.92 ===============





I just realized that this pc does not have winzip. so sorry for not zipping attatchments

Attached Files



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 09 February 2012 - 09:22 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 seanbateman7

seanbateman7
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rochester NY
  • Local time:10:43 AM

Posted 10 February 2012 - 10:50 AM

ComboFix 12-02-10.01 - UPS 02/10/2012 10:34:57.2.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.735.570 [GMT -5:00]
Running from: c:\documents and settings\UPS\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\EventSystem.log
c:\windows\system32\msssc.dll
c:\windows\system32\OLD22.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-01-10 to 2012-02-10 )))))))))))))))))))))))))))))))
.
.
2012-02-09 21:53 . 2012-02-09 21:53 -------- d--h--w- c:\windows\PIF
2012-02-07 22:08 . 2012-02-07 22:08 -------- d-----w- C:\## aswSnx private storage
2012-02-03 19:01 . 2012-02-03 19:01 -------- d-----w- c:\documents and settings\UPS\Local Settings\Application Data\Secunia PSI
2012-02-03 18:29 . 2012-02-03 18:29 -------- d-----w- c:\program files\Secunia
2012-02-03 18:07 . 2012-02-03 18:07 -------- d-----w- c:\program files\AVAST Software
2012-02-03 17:46 . 2012-02-03 17:46 -------- d-----w- c:\documents and settings\Administrator
2012-02-03 17:41 . 2012-02-03 17:42 -------- d-----w- c:\windows\system32\newpass
2012-02-03 17:14 . 2002-01-05 10:40 487424 ----a-w- c:\windows\system32\msvcp70.dll
2012-02-03 17:14 . 2002-01-05 11:48 974848 ----a-w- c:\windows\system32\mfc70.dll
2012-02-03 17:14 . 2000-05-22 21:58 608448 ----a-w- c:\windows\system32\comctl32.ocx
2012-02-03 17:14 . 2012-02-03 17:14 -------- d-----w- c:\program files\AML Products
2012-02-02 16:02 . 2012-02-02 16:02 19416 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2012-02-02 16:02 . 2012-02-02 16:02 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-02-02 16:02 . 2012-02-02 16:02 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-02-02 16:02 . 2012-02-02 16:02 125912 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
2012-02-02 16:02 . 2012-02-02 16:02 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-02-02 16:02 . 2012-02-02 16:02 97240 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2012-02-02 16:02 . 2012-02-02 16:02 924632 ----a-w- c:\program files\Mozilla Firefox\firefox.exe
2012-02-02 16:02 . 2012-02-02 16:02 269272 ----a-w- c:\program files\Mozilla Firefox\freebl3.dll
2012-02-02 16:02 . 2012-02-02 16:02 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2009-12-01 19:03 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-28 18:01 . 2010-10-04 01:23 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2010-10-04 01:18 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-10-20 16:46 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2010-10-04 01:19 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2010-10-04 01:19 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2010-10-04 01:19 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2010-10-04 01:19 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2010-10-04 01:19 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2010-10-04 01:19 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2010-10-04 01:19 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-23 13:25 . 2005-10-06 00:05 1859584 ----a-w- c:\windows\system32\win32k.sys
2012-02-02 16:02 . 2012-02-02 16:02 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[7] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ksuser.dll
[-] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
[-] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\ksuser.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"SiSPower"="SiSPower.dll" [2005-01-04 49152]
"NA1Messenger"="c:\ups\WSTD\UPSNA1Msgr.exe" [2010-12-09 24576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
c:\documents and settings\UPS\Start Menu\Programs\Startup\
Shortcut to rkill.lnk - c:\documents and settings\UPS\Desktop\rkill.scr [2012-1-7 1008141]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hotplug]
2004-08-11 22:29 266240 -c----w- c:\program files\Silicon Integrated Systems\SiSRaidPackage\Hot_Plug.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\UPS\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Envelope Manager\\DAZzle\\DAZZLE.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:Dial-A-Zip
.
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/20/2011 11:46 AM 435032]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/3/2010 8:19 PM 314456]
S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [10/3/2010 2:44 PM 2909536]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/3/2010 8:19 PM 20568]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [12/10/2010 5:29 PM 29293408]
S2 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -sUPSWSDBSERVER --> c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -sUPSWSDBSERVER [?]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10/14/2011 1:01 AM 994360]
S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [10/3/2010 2:44 PM 72808]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]
S3 SQLAgent$UPSWSDBSERVER;SQLAgent$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -i UPSWSDBSERVER --> c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -i UPSWSDBSERVER [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1677128483-839522115-1003Core.job
- c:\documents and settings\UPS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-15 22:06]
.
2012-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1677128483-839522115-1003UA.job
- c:\documents and settings\UPS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-15 22:06]
.
2012-02-07 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.endicia.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\UPS\Application Data\Mozilla\Firefox\Profiles\ypntd1x9.default\
FF - prefs.js: browser.startup.homepage - sellercentral.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Spotify - c:\documents and settings\UPS\Application Data\Spotify\Spotify.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-10 10:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-02-10 10:42:06
ComboFix-quarantined-files.txt 2012-02-10 15:42
ComboFix2.txt 2010-07-06 22:02
.
Pre-Run: 57,158,606,848 bytes free
Post-Run: 57,510,637,568 bytes free
.
- - End Of File - - 890F6C77834DA89D51509A868749813E


Well so far it seems pretty nice, but I am still in safemode... I'm going to reboot it to normal and that will be the real test! also I had trouble disabling avast but ran the combofix anyways.

#8 seanbateman7

seanbateman7
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rochester NY
  • Local time:10:43 AM

Posted 10 February 2012 - 11:11 AM

Error Messages at Boot:
Generic Host Process for Win32 Services -
Generic Host Process for Win32 has encountered a problem and needs to close. We are sorry for the inconvenience.
If you were in the middle of something, the information you were working on might be lost.
Please tell Microsoft about this problem.
We have created an error report that you can send to help us improve Generic Host Process for Win32 SErvices. We will treat this report as confidential and anonymous
To see what data this error report contains, Click here
<click>
Error signatrue
EventType: InPageError P1 : c000009c
P2 : 00000003

Reporting Details
This error report includes: information regarding the condition of GeNERIC hOST pROCESS FOR wIN32 Services when the problem ocurred, the operating system version and computerh ardware in use, and the IP address of your computer. (tired of typing, I'm sure you know what its saying)

Options: Debug, Send error Report, Don't send

Other Error:
svchost.exe Application Error
The instruction at "0x7db4e0f3" referenced memorty at "0x7db4e0f3" The required data was not placed into memory because of an I/O error status of "0xc000009c"
Click on ok to terminate the program
Cancel to debug


And there has been a significant amount of improvement to the computer however I don't believe its all there yet, at least close though.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 10 February 2012 - 02:41 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 seanbateman7

seanbateman7
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rochester NY
  • Local time:10:43 AM

Posted 10 February 2012 - 03:25 PM

TDSkiller:
15:24:07.0993 0192 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
15:24:08.0493 0192 ============================================================
15:24:08.0493 0192 Current date / time: 2012/02/10 15:24:08.0493
15:24:08.0493 0192 SystemInfo:
15:24:08.0493 0192
15:24:08.0493 0192 OS Version: 5.1.2600 ServicePack: 3.0
15:24:08.0493 0192 Product type: Workstation
15:24:08.0493 0192 ComputerName: UPS-BACKUP
15:24:08.0493 0192 UserName: UPS
15:24:08.0493 0192 Windows directory: C:\WINDOWS
15:24:08.0493 0192 System windows directory: C:\WINDOWS
15:24:08.0493 0192 Processor architecture: Intel x86
15:24:08.0493 0192 Number of processors: 1
15:24:08.0493 0192 Page size: 0x1000
15:24:08.0493 0192 Boot type: Normal boot
15:24:08.0493 0192 ============================================================
15:24:11.0696 0192 Drive \Device\Harddisk0\DR0 - Size: 0x12A1E0DE00 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:24:11.0712 0192 \Device\Harddisk0\DR0:
15:24:11.0712 0192 MBR used
15:24:11.0712 0192 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
15:24:11.0805 0192 Initialize success
15:24:11.0805 0192 ============================================================
15:24:19.0102 3828 ============================================================
15:24:19.0102 3828 Scan started
15:24:19.0118 3828 Mode: Manual;
15:24:19.0118 3828 ============================================================
15:24:19.0508 3828 a2acc (2d1e1a70041319338035c3df51bfd200) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
15:24:19.0508 3828 a2acc - ok
15:24:19.0649 3828 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
15:24:19.0680 3828 Aavmker4 - ok
15:24:19.0758 3828 Abiosdsk - ok
15:24:19.0821 3828 abp480n5 - ok
15:24:19.0914 3828 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:24:19.0914 3828 ACPI - ok
15:24:19.0977 3828 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:24:19.0977 3828 ACPIEC - ok
15:24:20.0008 3828 adpu160m - ok
15:24:20.0055 3828 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
15:24:20.0055 3828 aeaudio - ok
15:24:20.0102 3828 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:24:20.0102 3828 aec - ok
15:24:20.0164 3828 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:24:20.0164 3828 AFD - ok
15:24:20.0196 3828 Aha154x - ok
15:24:20.0211 3828 aic78u2 - ok
15:24:20.0242 3828 aic78xx - ok
15:24:20.0289 3828 AliIde - ok
15:24:20.0321 3828 amsint - ok
15:24:20.0352 3828 asc - ok
15:24:20.0383 3828 asc3350p - ok
15:24:20.0414 3828 asc3550 - ok
15:24:20.0461 3828 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys
15:24:20.0477 3828 aswFsBlk - ok
15:24:20.0524 3828 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
15:24:20.0524 3828 aswMon2 - ok
15:24:20.0586 3828 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
15:24:20.0586 3828 aswRdr - ok
15:24:20.0680 3828 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
15:24:20.0696 3828 aswSnx - ok
15:24:20.0758 3828 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
15:24:20.0758 3828 aswSP - ok
15:24:20.0805 3828 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
15:24:20.0805 3828 aswTdi - ok
15:24:20.0867 3828 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:24:20.0867 3828 AsyncMac - ok
15:24:20.0914 3828 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:24:20.0914 3828 atapi - ok
15:24:20.0946 3828 Atdisk - ok
15:24:20.0977 3828 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:24:20.0992 3828 Atmarpc - ok
15:24:21.0039 3828 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:24:21.0055 3828 audstub - ok
15:24:21.0133 3828 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:24:21.0133 3828 Beep - ok
15:24:21.0289 3828 catchme - ok
15:24:21.0383 3828 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:24:21.0383 3828 cbidf2k - ok
15:24:21.0430 3828 cd20xrnt - ok
15:24:21.0461 3828 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:24:21.0477 3828 Cdaudio - ok
15:24:21.0508 3828 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:24:21.0524 3828 Cdfs - ok
15:24:21.0555 3828 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:24:21.0571 3828 Cdrom - ok
15:24:21.0586 3828 Changer - ok
15:24:21.0649 3828 CmdIde - ok
15:24:21.0696 3828 Cpqarray - ok
15:24:21.0727 3828 dac2w2k - ok
15:24:21.0758 3828 dac960nt - ok
15:24:21.0805 3828 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:24:21.0805 3828 Disk - ok
15:24:21.0930 3828 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:24:21.0961 3828 dmboot - ok
15:24:22.0024 3828 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:24:22.0024 3828 dmio - ok
15:24:22.0055 3828 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:24:22.0055 3828 dmload - ok
15:24:22.0102 3828 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
15:24:22.0102 3828 DMusic - ok
15:24:22.0149 3828 dpti2o - ok
15:24:22.0211 3828 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
15:24:22.0211 3828 drmkaud - ok
15:24:22.0289 3828 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:24:22.0289 3828 Fastfat - ok
15:24:22.0352 3828 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:24:22.0352 3828 Fdc - ok
15:24:22.0383 3828 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:24:22.0383 3828 Fips - ok
15:24:22.0414 3828 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:24:22.0430 3828 Flpydisk - ok
15:24:22.0492 3828 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:24:22.0492 3828 FltMgr - ok
15:24:22.0524 3828 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:24:22.0524 3828 Fs_Rec - ok
15:24:22.0571 3828 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:24:22.0571 3828 Ftdisk - ok
15:24:22.0617 3828 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
15:24:22.0617 3828 gagp30kx - ok
15:24:22.0711 3828 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:24:22.0711 3828 Gpc - ok
15:24:22.0758 3828 hpn - ok
15:24:22.0821 3828 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:24:22.0821 3828 HTTP - ok
15:24:22.0867 3828 i2omgmt - ok
15:24:22.0883 3828 i2omp - ok
15:24:22.0930 3828 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:24:22.0930 3828 i8042prt - ok
15:24:22.0977 3828 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:24:22.0977 3828 Imapi - ok
15:24:23.0024 3828 ini910u - ok
15:24:23.0055 3828 IntelIde - ok
15:24:23.0117 3828 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:24:23.0117 3828 Ip6Fw - ok
15:24:23.0180 3828 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:24:23.0180 3828 IpFilterDriver - ok
15:24:23.0211 3828 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:24:23.0211 3828 IpInIp - ok
15:24:23.0242 3828 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:24:23.0258 3828 IpNat - ok
15:24:23.0305 3828 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:24:23.0305 3828 IPSec - ok
15:24:23.0352 3828 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:24:23.0352 3828 IRENUM - ok
15:24:23.0383 3828 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:24:23.0383 3828 isapnp - ok
15:24:23.0414 3828 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:24:23.0430 3828 Kbdclass - ok
15:24:23.0477 3828 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:24:23.0477 3828 kmixer - ok
15:24:23.0524 3828 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:24:23.0524 3828 KSecDD - ok
15:24:23.0570 3828 lbrtfdc - ok
15:24:23.0649 3828 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:24:23.0680 3828 mnmdd - ok
15:24:23.0727 3828 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:24:23.0742 3828 Modem - ok
15:24:23.0758 3828 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:24:23.0758 3828 Mouclass - ok
15:24:23.0805 3828 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:24:23.0805 3828 MountMgr - ok
15:24:23.0836 3828 mraid35x - ok
15:24:23.0852 3828 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:24:23.0867 3828 MRxDAV - ok
15:24:23.0930 3828 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:24:23.0945 3828 MRxSmb - ok
15:24:24.0008 3828 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:24:24.0008 3828 Msfs - ok
15:24:24.0055 3828 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:24:24.0055 3828 MSKSSRV - ok
15:24:24.0117 3828 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:24:24.0117 3828 MSPCLOCK - ok
15:24:24.0149 3828 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:24:24.0149 3828 MSPQM - ok
15:24:24.0211 3828 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:24:24.0227 3828 mssmbios - ok
15:24:24.0289 3828 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:24:24.0305 3828 Mup - ok
15:24:24.0336 3828 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:24:24.0352 3828 NDIS - ok
15:24:24.0383 3828 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:24:24.0383 3828 NdisTapi - ok
15:24:24.0445 3828 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:24:24.0461 3828 Ndisuio - ok
15:24:24.0477 3828 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:24:24.0492 3828 NdisWan - ok
15:24:24.0539 3828 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:24:24.0539 3828 NDProxy - ok
15:24:24.0586 3828 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:24:24.0586 3828 NetBIOS - ok
15:24:24.0633 3828 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:24:24.0633 3828 NetBT - ok
15:24:24.0711 3828 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:24:24.0727 3828 Npfs - ok
15:24:24.0789 3828 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:24:24.0805 3828 Ntfs - ok
15:24:24.0852 3828 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:24:24.0852 3828 Null - ok
15:24:24.0914 3828 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:24:24.0914 3828 NwlnkFlt - ok
15:24:24.0961 3828 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:24:24.0961 3828 NwlnkFwd - ok
15:24:25.0024 3828 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:24:25.0024 3828 Parport - ok
15:24:25.0055 3828 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:24:25.0055 3828 PartMgr - ok
15:24:25.0102 3828 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:24:25.0102 3828 ParVdm - ok
15:24:25.0133 3828 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:24:25.0133 3828 PCI - ok
15:24:25.0164 3828 PCIDump - ok
15:24:25.0211 3828 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:24:25.0211 3828 PCIIde - ok
15:24:25.0258 3828 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:24:25.0258 3828 Pcmcia - ok
15:24:25.0289 3828 PDCOMP - ok
15:24:25.0320 3828 PDFRAME - ok
15:24:25.0336 3828 PDRELI - ok
15:24:25.0367 3828 PDRFRAME - ok
15:24:25.0399 3828 perc2 - ok
15:24:25.0414 3828 perc2hib - ok
15:24:25.0508 3828 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:24:25.0524 3828 PptpMiniport - ok
15:24:25.0586 3828 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
15:24:25.0586 3828 Processor - ok
15:24:25.0617 3828 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:24:25.0617 3828 PSched - ok
15:24:25.0695 3828 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
15:24:25.0695 3828 PSI - ok
15:24:25.0727 3828 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:24:25.0727 3828 Ptilink - ok
15:24:25.0758 3828 ql1080 - ok
15:24:25.0774 3828 Ql10wnt - ok
15:24:25.0805 3828 ql12160 - ok
15:24:25.0836 3828 ql1240 - ok
15:24:25.0852 3828 ql1280 - ok
15:24:25.0899 3828 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:24:25.0899 3828 RasAcd - ok
15:24:25.0945 3828 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:24:25.0945 3828 Rasl2tp - ok
15:24:25.0977 3828 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:24:25.0977 3828 RasPppoe - ok
15:24:26.0008 3828 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:24:26.0008 3828 Raspti - ok
15:24:26.0055 3828 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:24:26.0070 3828 Rdbss - ok
15:24:26.0102 3828 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:24:26.0102 3828 RDPCDD - ok
15:24:26.0133 3828 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:24:26.0149 3828 rdpdr - ok
15:24:26.0211 3828 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
15:24:26.0211 3828 RDPWD - ok
15:24:26.0258 3828 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:24:26.0258 3828 redbook - ok
15:24:26.0367 3828 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:24:26.0383 3828 Secdrv - ok
15:24:26.0461 3828 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:24:26.0461 3828 serenum - ok
15:24:26.0492 3828 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:24:26.0492 3828 Serial - ok
15:24:26.0555 3828 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:24:26.0555 3828 Sfloppy - ok
15:24:26.0602 3828 Simbad - ok
15:24:26.0680 3828 SiS315 (a644954c7114cf03d1e5c717e11f87a9) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
15:24:26.0695 3828 SiS315 - ok
15:24:26.0773 3828 SiSGbeXP (df75f4a15e69ec197beb7c7e78df0eae) C:\WINDOWS\system32\DRIVERS\SiSGbeXP.sys
15:24:26.0773 3828 SiSGbeXP - ok
15:24:26.0852 3828 SiSkp (f7376bbf4ee1fd62243021739d8f4931) C:\WINDOWS\system32\DRIVERS\srvkp.sys
15:24:26.0852 3828 SiSkp - ok
15:24:26.0930 3828 SiSRaid2 (84d3bf925a0447cf218a4ebf7dce4622) C:\WINDOWS\system32\DRIVERS\SiSRaid2.sys
15:24:26.0930 3828 SiSRaid2 - ok
15:24:27.0023 3828 smwdm (bf208c85119770e6a9b6577019a3d810) C:\WINDOWS\system32\drivers\smwdm.sys
15:24:27.0055 3828 smwdm - ok
15:24:27.0086 3828 Sparrow - ok
15:24:27.0133 3828 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:24:27.0133 3828 splitter - ok
15:24:27.0227 3828 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:24:27.0227 3828 sr - ok
15:24:27.0305 3828 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:24:27.0305 3828 Srv - ok
15:24:27.0383 3828 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:24:27.0383 3828 swenum - ok
15:24:27.0414 3828 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
15:24:27.0430 3828 swmidi - ok
15:24:27.0477 3828 symc810 - ok
15:24:27.0492 3828 symc8xx - ok
15:24:27.0523 3828 sym_hi - ok
15:24:27.0555 3828 sym_u3 - ok
15:24:27.0586 3828 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
15:24:27.0586 3828 sysaudio - ok
15:24:27.0711 3828 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:24:27.0727 3828 Tcpip - ok
15:24:27.0773 3828 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:24:27.0789 3828 TDPIPE - ok
15:24:27.0852 3828 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:24:27.0852 3828 TDTCP - ok
15:24:27.0914 3828 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:24:27.0914 3828 TermDD - ok
15:24:27.0977 3828 TosIde - ok
15:24:28.0039 3828 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:24:28.0039 3828 Udfs - ok
15:24:28.0070 3828 ultra - ok
15:24:28.0133 3828 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:24:28.0164 3828 Update - ok
15:24:28.0242 3828 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:24:28.0242 3828 usbehci - ok
15:24:28.0289 3828 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:24:28.0289 3828 usbhub - ok
15:24:28.0320 3828 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:24:28.0320 3828 usbohci - ok
15:24:28.0367 3828 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:24:28.0367 3828 usbprint - ok
15:24:28.0398 3828 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:24:28.0398 3828 USBSTOR - ok
15:24:28.0430 3828 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:24:28.0430 3828 VgaSave - ok
15:24:28.0461 3828 ViaIde - ok
15:24:28.0492 3828 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:24:28.0508 3828 VolSnap - ok
15:24:28.0570 3828 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:24:28.0570 3828 Wanarp - ok
15:24:28.0602 3828 WDICA - ok
15:24:28.0648 3828 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:24:28.0664 3828 wdmaud - ok
15:24:28.0820 3828 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:24:28.0820 3828 WS2IFSL - ok
15:24:28.0867 3828 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:24:29.0023 3828 \Device\Harddisk0\DR0 - ok
15:24:29.0023 3828 Boot (0x1200) (50907f6b5043eb144d4a33d2d914d270) \Device\Harddisk0\DR0\Partition0
15:24:29.0023 3828 \Device\Harddisk0\DR0\Partition0 - ok
15:24:29.0039 3828 ============================================================
15:24:29.0039 3828 Scan finished
15:24:29.0039 3828 ============================================================
15:24:29.0055 1864 Detected object count: 0
15:24:29.0055 1864 Actual detected object count: 0

#11 seanbateman7

seanbateman7
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rochester NY
  • Local time:10:43 AM

Posted 10 February 2012 - 03:48 PM

computer has frozen during aswmbr scan. I'm going to see if it will work itself out within the hour, if not than I will reboot into safemode and try running it then.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 10 February 2012 - 04:00 PM

Ok let me know


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 seanbateman7

seanbateman7
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rochester NY
  • Local time:10:43 AM

Posted 10 February 2012 - 04:34 PM

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-10 16:25:43
-----------------------------
16:25:43.593 OS Version: Windows 5.1.2600 Service Pack 3
16:25:43.593 Number of processors: 1 586 0x2C02
16:25:43.593 ComputerName: UPS-BACKUP UserName: UPS
16:25:44.218 Initialize success
16:25:45.250 AVAST engine defs: 12020400
16:25:48.484 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:25:48.515 Disk 0 Vendor: WDC_WD800JB-00JJC0 05.01C05 Size: 76318MB BusType: 3
16:25:48.562 Disk 0 MBR read successfully
16:25:48.593 Disk 0 MBR scan
16:25:49.015 Disk 0 Windows XP default MBR code
16:25:49.062 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
16:25:49.390 Disk 0 scanning sectors +156280320
16:25:49.687 Disk 0 scanning C:\WINDOWS\system32\drivers
16:26:06.343 Service scanning
16:26:09.750 Modules scanning
16:26:19.859 Disk 0 trace - called modules:
16:26:19.953 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
16:26:19.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8376dab8]
16:26:21.781 3 CLASSPNP.SYS[f7a1bfd7] -> nt!IofCallDriver -> \Device\0000005c[0x837712e0]
16:26:21.875 5 ACPI.sys[f7992620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x83791d98]
16:26:22.187 AVAST engine scan C:\WINDOWS
16:26:41.093 AVAST engine scan C:\WINDOWS\system32
16:29:02.437 AVAST engine scan C:\WINDOWS\system32\drivers
16:29:18.093 AVAST engine scan C:\Documents and Settings\UPS
16:30:33.312 AVAST engine scan C:\Documents and Settings\All Users
16:30:49.218 Scan finished successfully
16:31:34.984 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\UPS\Desktop\MBR.dat"
16:31:35.046 The log file has been saved successfully to "C:\Documents and Settings\UPS\Desktop\aswMBR.txt"


I didn't hit fix MBR because I did not see it mentioned in your instructions. If I need to let me know.
Thanks!

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 10 February 2012 - 04:44 PM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 seanbateman7

seanbateman7
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rochester NY
  • Local time:10:43 AM

Posted 11 February 2012 - 10:43 AM

Log:
ComboFix 12-02-10.01 - UPS 02/11/2012 10:30:59.3.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.735.550 [GMT -5:00]
Running from: c:\documents and settings\UPS\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\UPS\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-11 to 2012-02-11 )))))))))))))))))))))))))))))))
.
.
2012-02-10 20:21 . 2012-02-10 21:18 -------- d-----w- C:\## aswSnx private storage
2012-02-09 21:53 . 2012-02-09 21:53 -------- d--h--w- c:\windows\PIF
2012-02-03 19:01 . 2012-02-03 19:01 -------- d-----w- c:\documents and settings\UPS\Local Settings\Application Data\Secunia PSI
2012-02-03 18:29 . 2012-02-03 18:29 -------- d-----w- c:\program files\Secunia
2012-02-03 18:07 . 2012-02-03 18:07 -------- d-----w- c:\program files\AVAST Software
2012-02-03 17:46 . 2012-02-03 17:46 -------- d-----w- c:\documents and settings\Administrator
2012-02-03 17:41 . 2012-02-03 17:42 -------- d-----w- c:\windows\system32\newpass
2012-02-03 17:14 . 2002-01-05 10:40 487424 ----a-w- c:\windows\system32\msvcp70.dll
2012-02-03 17:14 . 2002-01-05 11:48 974848 ----a-w- c:\windows\system32\mfc70.dll
2012-02-03 17:14 . 2000-05-22 21:58 608448 ----a-w- c:\windows\system32\comctl32.ocx
2012-02-03 17:14 . 2012-02-03 17:14 -------- d-----w- c:\program files\AML Products
2012-02-02 16:02 . 2012-02-11 15:20 19416 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2012-02-02 16:02 . 2012-02-11 15:20 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-02-02 16:02 . 2012-02-11 15:20 125912 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
2012-02-02 16:02 . 2012-02-02 16:02 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-02-02 16:02 . 2012-02-11 15:20 924632 ----a-w- c:\program files\Mozilla Firefox\firefox.exe
2012-02-02 16:02 . 2012-02-11 15:20 269272 ----a-w- c:\program files\Mozilla Firefox\freebl3.dll
2012-02-02 16:02 . 2012-02-11 15:20 97240 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2012-02-02 16:02 . 2012-02-02 16:02 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-02-02 16:02 . 2012-02-11 15:20 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-10 20:23 . 2011-08-23 12:31 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 20:24 . 2009-12-01 19:03 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-28 18:01 . 2010-10-04 01:23 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2010-10-04 01:18 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-10-20 16:46 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2010-10-04 01:19 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2010-10-04 01:19 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2010-10-04 01:19 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2010-10-04 01:19 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2010-10-04 01:19 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2010-10-04 01:19 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2010-10-04 01:19 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-23 13:25 . 2005-10-06 00:05 1859584 ----a-w- c:\windows\system32\win32k.sys
2012-02-11 15:20 . 2012-02-02 16:02 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[7] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ksuser.dll
[-] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
[-] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\ksuser.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= "c:\windows\system32\ieframe.dll" [2011-11-04 11081728]
.
[HKEY_CLASSES_ROOT\clsid\{cfbfae00-17a6-11d0-99cb-00c04fd64497}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}"= "c:\windows\system32\browseui.dll" [2008-04-14 1025024]
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}"= "c:\windows\system32\SHELL32.dll" [2011-01-21 8462336]
.
[HKEY_CLASSES_ROOT\clsid\{01e04581-4eee-11d0-bfe9-00aa005b4383}]
.
[HKEY_CLASSES_ROOT\clsid\{0e5cbf21-d15f-11d0-8301-00aa005b4383}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"SiSPower"="SiSPower.dll" [2005-01-04 49152]
"NA1Messenger"="c:\ups\WSTD\UPSNA1Msgr.exe" [2010-12-09 24576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
c:\documents and settings\UPS\Start Menu\Programs\Startup\
Shortcut to rkill.lnk - c:\documents and settings\UPS\Desktop\rkill.scr [2012-1-7 1008141]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hotplug]
2004-08-11 22:29 266240 -c----w- c:\program files\Silicon Integrated Systems\SiSRaidPackage\Hot_Plug.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\UPS\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Envelope Manager\\DAZzle\\DAZZLE.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:Dial-A-Zip
.
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/20/2011 11:46 AM 435032]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/3/2010 8:19 PM 314456]
S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [10/3/2010 2:44 PM 2909536]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/3/2010 8:19 PM 20568]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [12/10/2010 5:29 PM 29293408]
S2 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -sUPSWSDBSERVER --> c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -sUPSWSDBSERVER [?]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10/14/2011 1:01 AM 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [10/14/2011 1:01 AM 399416]
S3 93920964;93920964; [x]
S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [10/3/2010 2:44 PM 72808]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]
S3 SQLAgent$UPSWSDBSERVER;SQLAgent$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -i UPSWSDBSERVER --> c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -i UPSWSDBSERVER [?]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1677128483-839522115-1003Core.job
- c:\documents and settings\UPS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-15 22:06]
.
2012-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1677128483-839522115-1003UA.job
- c:\documents and settings\UPS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-15 22:06]
.
2012-02-10 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.endicia.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\UPS\Application Data\Mozilla\Firefox\Profiles\ypntd1x9.default\
FF - prefs.js: browser.startup.homepage - sellercentral.com
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-11 10:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.EXE'(1700)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
Completion time: 2012-02-11 10:41:06
ComboFix-quarantined-files.txt 2012-02-11 15:41
ComboFix2.txt 2012-02-10 15:42
ComboFix3.txt 2010-07-06 22:02
.
Pre-Run: 57,371,107,328 bytes free
Post-Run: 57,389,830,144 bytes free
.
- - End Of File - - 28195D68E5A61362375A9B1ABBABFEC6

I got a Pev.exe encountered a problem and needs to close error a bunch of times, I would say maybe like 20. I sent the report in once. and this was run in safemode because the regular kept freezing up on me. Should I be running it normal?

but safemode seems to be fine.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users