Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Alureon removal


  • This topic is locked This topic is locked
70 replies to this topic

#1 mkat

mkat

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 03 March 2012 - 12:14 PM

Nasdaq,

This is the information that you requested for my second computer. Thank you for all your help. I really appreciate it.

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:20 AM

Posted 03 March 2012 - 01:18 PM

The ComboFix log looks the same as your computer.
Did you send me the wrong log for your son's computer?
===

Critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.10 and earlier versions... being exploited in the wild in active targeted attacks...

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

#3 mkat

mkat
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 03 March 2012 - 07:35 PM

I will double check the log I attached, but I am positive that I attached the correct one as one was labeled laptop and the one for this computer was labeled simply combofix. The one for the laptop seemed way shorter and this one seemed to have much more information. I have re=attached it below.

I'm getting to the point that I'm thinking I may do a clean reinstall of the operating system on this computer as well, but I want to make sure that I have all the correct drivers, etc and I'm not sure if I do. This computer is so slow and they have downloaded so many unnecessary things. iTunes doesn't work and on and on... Do you have any suggestions regarding that?

I wanted to respond back to you as quick as possible, but will not be able to do any work on either computer until Monday.

Thank you

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:20 AM

Posted 04 March 2012 - 10:19 AM

I'm getting to the point that I'm thinking I may do a clean reinstall of the operating system on this computer as well, but I want to make sure that I have all the correct drivers, etc and I'm not sure if I do.

Reinstalling should be the last option.

To check for the proper operating files execute this.
From the Start menu, select Run.
In the Open field, type sfc /scannow (Note: There is a space between sfc and /scannow)
Select the OK button.
Follow the prompts throughout the System File Checker process.
Reboot the computer when System File Checker completes.
===

First I suggest you delete the Sony Rootkit.

Follow the removal instruction listed on this page.

How To Remove The Sony Drm Rootkit
http://www.bleepingcomputer.com/forums/topic34904.html

If at any time you need assistance please ask.
===

Open notepad and copy/paste the text in the quote box below into it:

Driver::
Updater Service for ooVoo Toolbar
npggsvc

DDS::
Trusted Zone: ketsujin.com\fighterace
Trusted Zone: ketsujin.com\primary
Trusted Zone: ketsujin.com\update
Trusted Zone: ketsujin.com\www
Trusted Zone: stormofaces.com\www



Save this as CFScript on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===

Can you remember what was installed from Norton/Symantec?
I have difficulties finding information on the SMR250.SYS file.
R0 SMR250;Symantec SMR Utility Service 2.5.0;c:\windows\system32\drivers\SMR250.SYS [2/28/2012 10:23 AM 83064]
===

Please post the Combofix log and include this one for my review.

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

If needed.
The scan will also create this Attach.txt log I would also like to see the content.
Please post it in a other post for my review, do not attach the file.

Posted Image

#5 mkat

mkat
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 05 March 2012 - 06:58 AM

If this is a duplicate reply - disregard, it doesn't look as if my first reply posted?

I was unable to run the scf /scannow. when prompted to insert the xpcd it told me that the cd was not the correct version. it is the only cd I have available. This computer was purchased from my husbands old company and windows was already installed, a cd copied and included with it. What do you want me to do?

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:20 AM

Posted 05 March 2012 - 10:24 AM

Forget about the SFC scan.

Continue with the fix.

#7 mkat

mkat
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 05 March 2012 - 11:05 AM

ok, before I complete the tasks above, after reviewing how to remove the sony rootkit, there is one last item that states :

Delete C:\%WinDir%\system32\$sys$filesystem\aries.sys (Replace %WinDir% with the directory that Windows is installed on your computer)


how do I do this? and what do I replace it with?

Also, to answer your question about the norton/symantec it was a scanner/remover that was suggested to do to remove the alureon by Comcast - my ISP. It isn't something that I use and when all this is complete - id love instructions to remove any/all unnecessary stuff on my computer

#8 mkat

mkat
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 05 March 2012 - 11:59 AM

I am posting from another computer - I tried to remove the Sony, but in the cmd box it stated that it wasn't installed? I am currently running combofix, but had a warning pop up first stating that Avast real-time is running in the background. I had completely removed this and don't know why it is still there - it doesn't show up anywhere in my drives or on add/remove programs. I moved forward with the combofix scan, but wanted to let you know.

Once done i will post the log and in another post, will paste the dds logs you requested as well.

#9 mkat

mkat
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 05 March 2012 - 01:19 PM

here is the combofix log:

ComboFix 12-03-04.02 - Stephen 03/05/2012 11:57:38.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.336 [GMT -5:00]
Running from: c:\documents and settings\Stephen\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Stephen\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Bsecure Endpoint Security *Disabled/Updated* {BBA75CBF-065F-45F0-AAFA-2AD00C61EED9}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_UPDATER_SERVICE_FOR_OOVOO_TOOLBAR
-------\Service_npggsvc
-------\Service_Updater Service for ooVoo Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2012-02-05 to 2012-03-05 )))))))))))))))))))))))))))))))
.
.
2012-03-05 00:01 . 2012-02-20 06:05 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CD2DEFF7-B516-4A96-9A5E-CA5ED9A6C78E}\mpengine.dll
2012-02-28 19:18 . 2012-02-20 06:05 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-27 20:20 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-27 20:12 . 2012-02-27 20:12 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-27 18:42 . 2012-02-27 18:42 262546 ----a-w- c:\documents and settings\All Users\Application Data\1330367773.bdinstall.bin
2012-02-27 03:15 . 2012-02-27 03:15 -------- d-----w- c:\documents and settings\Stephen\Application Data\ElevatedDiagnostics
2012-02-22 18:45 . 2012-02-27 18:44 -------- dc----w- C:\sh4ldr
2012-02-22 18:45 . 2012-02-22 18:45 -------- d-----w- c:\program files\Enigma Software Group
2012-02-22 15:58 . 2012-02-23 12:14 -------- d-----w- c:\documents and settings\Stephen\Local Settings\Application Data\PMB Files
2012-02-22 15:58 . 2012-02-22 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2012-02-22 15:38 . 2004-03-29 20:23 90112 ----a-w- c:\windows\unvise32.exe
2012-02-22 15:38 . 2012-02-22 15:38 -------- dc----w- C:\Psfonts
2012-02-22 15:38 . 2012-02-22 15:38 -------- d-----w- c:\program files\Finale NotePad 2005a
2012-02-22 14:51 . 2012-02-22 15:00 -------- d-----w- c:\program files\UltraVPN
2012-02-21 20:27 . 2012-02-27 18:43 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-02-21 20:27 . 2012-02-21 20:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-02-19 01:33 . 2012-02-19 01:33 -------- d-----w- c:\program files\Common Files\Windows Microsoft Shared
2012-02-19 00:18 . 2012-02-28 15:45 -------- d-----w- c:\documents and settings\Stephen\Local Settings\Application Data\NPE
2012-02-19 00:18 . 2012-02-19 00:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2012-02-15 21:07 . 2012-02-15 21:07 -------- d-----w- c:\documents and settings\Stephen\Local Settings\Application Data\bdch
2012-02-15 03:56 . 2012-02-15 03:56 -------- d-----w- c:\program files\iPod
2012-02-11 00:49 . 2012-02-11 00:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ID Vault
2012-02-11 00:49 . 2012-02-11 00:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\ID Vault
2012-02-10 23:48 . 2012-02-10 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\IsolatedStorage
2012-02-10 23:47 . 2012-02-15 02:40 -------- d-----w- c:\documents and settings\Stephen\Local Settings\Application Data\ID Vault
2012-02-10 23:47 . 2012-02-15 02:40 -------- d-----w- c:\documents and settings\Stephen\Application Data\ID Vault
2012-02-10 23:42 . 2012-02-10 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\White Sky, Inc
2012-02-07 14:39 . 2012-02-07 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\BDLogging
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-22 22:06 . 2011-08-28 23:09 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-04 00:40 . 2011-11-28 22:34 446696 ----a-w- c:\windows\system32\drivers\avckf.sys
2012-01-27 06:32 . 2012-01-27 06:32 204 -c--a-w- C:\__suicide.bat
2012-01-12 16:53 . 2008-04-14 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-23 03:10 . 2010-12-20 04:21 270240 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-12-23 03:10 . 2010-12-20 04:11 270240 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-12-18 02:58 . 2010-12-20 04:11 138056 ----a-w- c:\documents and settings\Stephen\Application Data\PnkBstrK.sys
2011-12-17 19:46 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
1997-04-09 01:08 299520 -cshatr- c:\windows\uninst.exe
2010-02-22 14:23 231288 -cshatr- c:\windows\$NtUninstallKB2121546$\spuninst\spuninst.exe
2010-02-22 14:23 231288 -cshatr- c:\windows\$NtUninstallKB2141007$\spuninst\spuninst.exe
2010-02-22 14:23 231288 -cshatr- c:\windows\$NtUninstallKB2158563$\spuninst\spuninst.exe
2010-02-22 14:23 231288 -cshatr- c:\windows\$NtUninstallKB2160329$\spuninst\spuninst.exe
2009-05-26 09:01 231288 -cshatr- c:\windows\$NtUninstallKB2259922$\spuninst\spuninst.exe
2010-02-22 14:23 231288 -cshatr- c:\windows\$NtUninstallKB2279986$\spuninst\spuninst.exe
2010-02-22 14:23 231288 -cshatr- c:\windows\$NtUninstallKB2286198$\spuninst\spuninst.exe
2009-05-26 09:01 231288 -cshatr- c:\windows\$NtUninstallKB2296011$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB2296199$\spuninst\spuninst.exe
2010-02-22 14:23 231288 -cshatr- c:\windows\$NtUninstallKB2345886$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB2347290$\spuninst\spuninst.exe
2010-02-22 14:23 231288 -cshatr- c:\windows\$NtUninstallKB2360937$\spuninst\spuninst.exe
2007-07-28 03:11 231288 -cshatr- c:\windows\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe
2010-02-22 14:23 231288 -cshatr- c:\windows\$NtUninstallKB2387149$\spuninst\spuninst.exe
2010-02-22 14:23 231288 -cshatr- c:\windows\$NtUninstallKB2419632$\spuninst\spuninst.exe
2010-02-22 14:23 231288 -cshatr- c:\windows\$NtUninstallKB2423089$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB2436673$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB2440591$\spuninst\spuninst.exe
2010-02-22 14:23 231288 -cshatr- c:\windows\$NtUninstallKB2443105$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB2443685$\spuninst\spuninst.exe
2007-07-28 04:11 231288 -cshatr- c:\windows\$NtUninstallKB2447961_WM9L$\spuninst\spuninst.exe
2010-02-22 14:23 231288 -cshatr- c:\windows\$NtUninstallKB2467659$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2476490$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2478971$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2479628$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2483185$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2485376$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2485663$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2503658$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2503665$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2506212$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2506223$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2507618$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2507938$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2508272$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2508429$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2509553$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2511455$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2535512$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2536276-v2$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2541763$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2544893$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2544893-v2$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2555917$\spuninst\spuninst.exe
2011-08-12 17:51 231288 -cshatr- c:\windows\$NtUninstallKB2564958$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2566454$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2567053$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2567680$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2570222$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2570791$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2570947$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2592799$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2603381$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2607712$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2616676$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2618451$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2619339$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2620712$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2624667$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2633171$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2633952$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2639417$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2641690$\spuninst\spuninst.exe
2007-03-06 01:22 213216 -cshatr- c:\windows\$NtUninstallKB926139-v2$\spuninst\spuninst.exe
2007-11-30 12:39 231288 -cshatr- c:\windows\$NtUninstallKB938759$\spuninst\spuninst.exe
2007-07-27 14:41 231288 -cshatr- c:\windows\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe
2008-07-08 13:02 231288 -cshatr- c:\windows\$NtUninstallKB971029$\spuninst\spuninst.exe
2008-07-08 13:02 231288 -cshatr- c:\windows\$NtUninstallKB971468$\spuninst\spuninst.exe
2007-07-28 03:11 231288 -cshatr- c:\windows\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB975560$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB975713$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB977165$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB977816$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB977914$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB978037$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB978251$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB978262$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB978338$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB978542$\spuninst\spuninst.exe
2008-07-08 13:02 231288 -cshatr- c:\windows\$NtUninstallKB978601$\spuninst\spuninst.exe
2007-07-28 03:11 231288 -cshatr- c:\windows\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB978706$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB979306$\spuninst\spuninst.exe
2008-07-08 13:02 231288 -cshatr- c:\windows\$NtUninstallKB979309$\spuninst\spuninst.exe
2007-07-28 03:11 231288 -cshatr- c:\windows\$NtUninstallKB979332_WM9L$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB979482$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB979683$\spuninst\spuninst.exe
2009-05-26 09:01 231288 -cshatr- c:\windows\$NtUninstallKB979687$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB980218$\spuninst\spuninst.exe
2009-05-26 09:01 231288 -cshatr- c:\windows\$NtUninstallKB980232$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB980436$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB981322$\spuninst\spuninst.exe
2009-05-26 09:01 231288 -cshatr- c:\windows\$NtUninstallKB981793$\spuninst\spuninst.exe
2010-02-22 14:23 231288 -cshatr- c:\windows\$NtUninstallKB981957$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB982132$\spuninst\spuninst.exe
2010-02-22 14:23 231288 -cshatr- c:\windows\$NtUninstallKB982214$\spuninst\spuninst.exe
2010-02-22 14:23 231288 -cshatr- c:\windows\$NtUninstallKB982665$\spuninst\spuninst.exe
2010-02-22 14:23 231288 -cshatr- c:\windows\$NtUninstallKB982802$\spuninst\spuninst.exe
2008-11-07 23:55 231456 -cshatr- c:\windows\$NtUninstallWdf01009$\spuninst\spuninst.exe
2010-08-20 04:46 222584 --shatr- c:\windows\Downloaded Program Files\BFHUpdater.dll
2002-07-26 11:13 196608 --shatr- c:\windows\Downloaded Program Files\dwusplay.exe
2010-03-24 21:56 143968 --shatr- c:\windows\Downloaded Program Files\ijjiSetup1010.dll
2005-02-17 11:15 401408 -cshatr- c:\windows\Downloaded Program Files\isusweb.dll
2010-09-30 19:20 151352 --shatr- c:\windows\Downloaded Program Files\npsoe.dll
2009-01-07 23:20 231456 -cshatr- c:\windows\ie8\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\ie8updates\KB2598845-IE8\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\ie8updates\KB2618444-IE8\spuninst\spuninst.exe
2008-07-08 13:02 231288 -cshatr- c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
2006-10-27 01:13 764800 --sha-r- c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACECNF.DLL
2006-10-27 20:35 436512 --sha-r- c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\UMOUTLOOKADDIN.DLL
2008-10-25 10:18 172880 --sha-r- c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\IEAWSDC.DLL
2006-07-24 15:50 92976 --sha-r- c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\MSADDNDR.DLL
2011-08-04 00:53 17324928 --sha-r- c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\MSO.DLL
2009-02-26 19:24 97680 --sha-r- c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\ONENOTEM.EXE
2009-10-10 03:10 2594632 --sha-r- c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\VBE6.DLL
2003-03-19 04:38 110592 -cshatr- c:\windows\Microsoft.NET\Framework\VJSharp\VJSWfcHost.dll
2010-02-22 23:48 107888 --shatr- c:\windows\system32\CmdLineExt.dll
2011-08-31 04:05 73064 --shatr- c:\windows\system32\dnssd.dll
2011-08-31 04:05 178536 --shatr- c:\windows\system32\dnssdX.dll
2011-07-07 07:28 1193320 --shatr- c:\windows\system32\FM20.DLL
2009-01-29 15:53 87472 --shatr- c:\windows\system32\ijjiChannelingPlugin.dll
2008-06-12 19:08 58800 --shatr- c:\windows\system32\ijjiPlugin2.dll
2009-02-27 08:42 31640 --shatr- c:\windows\system32\msonpmon.dll
2009-07-21 05:05 1348432 --shatr- c:\windows\system32\msxml4.dll
2009-08-06 23:23 274288 --shatr- c:\windows\system32\mucltui.dll
2009-08-06 23:23 215920 --shatr- c:\windows\system32\muweb.dll
2002-03-07 04:19 454656 --shatr- c:\windows\system32\PaintX.dll
2009-08-17 11:48 158952 --shatr- c:\windows\system32\PubPlugin.dll
2005-07-04 10:51 11904 --shatr- c:\windows\system32\$sys$filesystem\crater.sys
2011-08-16 10:34 279480 --shatr- c:\windows\system32\Adobe\Director\SwDir.dll
2011-08-16 10:35 112568 --shatr- c:\windows\system32\Adobe\Director\SWDNLD.EXE
2010-08-02 23:19 497016 --shatr- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe
2011-08-16 10:34 1040824 --shatr- c:\windows\system32\Adobe\Shockwave 11\SwHelper_1161629.exe
2011-09-21 16:52 87940 --shatr- c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
2005-07-04 12:52 18432 --shatr- c:\windows\system32\drivers\$sys$cor.sys
2011-11-25 18:59 240184 --shatr- c:\windows\system32\drivers\avchv.sys
2011-08-16 18:59 360976 --shatr- c:\windows\system32\drivers\bdfsfltr.sys
2010-02-05 17:40 21624 --shatr- c:\windows\system32\drivers\BSecACFltr.sys
2010-04-26 19:23 49088 --shatr- c:\windows\system32\drivers\BsecFltr.sys
2009-08-19 21:49 49904 --shatr- c:\windows\system32\drivers\BVRPMPR5.SYS
2008-04-14 04:16 17024 --shatr- c:\windows\system32\drivers\CCDECODE.sys
2009-05-18 17:17 26600 --shatr- c:\windows\system32\drivers\GEARAspiWDM.sys
2008-04-14 04:16 85248 --shatr- c:\windows\system32\drivers\NABTSFEC.sys
2008-04-14 04:16 10880 --shatr- c:\windows\system32\drivers\NdisIP.sys
2007-01-18 14:24 26496 --shatr- c:\windows\system32\drivers\RimSerial.sys
2008-04-14 04:16 11136 --shatr- c:\windows\system32\drivers\SLIP.sys
2008-04-14 04:16 15232 --shatr- c:\windows\system32\drivers\StreamIP.sys
2011-10-27 19:07 340624 --shatr- c:\windows\system32\drivers\trufos.sys
2011-08-02 22:38 42496 --shatr- c:\windows\system32\drivers\usbaapl.sys
2008-04-14 04:15 60032 --shatr- c:\windows\system32\drivers\USBAUDIO.sys
2008-04-14 04:15 15104 --shatr- c:\windows\system32\drivers\usbscan.sys
2008-04-14 04:16 121984 --shatr- c:\windows\system32\drivers\usbvideo.sys
2008-04-14 04:16 19200 --shatr- c:\windows\system32\drivers\WSTCODEC.SYS
2010-09-23 20:29 232912 --shatr- c:\windows\system32\Macromed\Flash\FlashUtil10k_Plugin.exe
2006-10-27 00:56 33104 --shatr- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\yt.dll" [2011-11-02 2015544]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ToktumiClient"="c:\program files\Toktumi\Toktumi.exe" [2011-04-22 5904224]
"Facebook Update"="c:\documents and settings\Stephen\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2011-08-27 137536]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-10-11 1179648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-11 16267776]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"CloudCare"="c:\program files\Bsecure\BsecTray.exe" [2011-06-25 96040]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"AClntUsr"="c:\altiris\AClient\AClntUsr.EXE" [2012-03-05 184320]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"{90120000-0030-0000-0000-0000000FF1CE}"="del" [X]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Stephen\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\REACTOR\\REACTOR.exe"=
"c:\\Program Files\\REACTOR\\ijjiOptimizer.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds Trial\\Game\\battlegrounds_trial.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Toktumi\\Toktumi.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Stephen\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Altiris\\AClient\\AClntUsr.EXE"=
"c:\\Program Files\\Bsecure\\InetCtrl.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"d:\\LeagueOfLegends\\0x0409.ini.downloading"=
"d:\\LeagueOfLegends\\data1.cab.downloading"=
"d:\\LeagueOfLegends\\data1.hdr.downloading"=
"d:\\LeagueOfLegends\\data2.cab.downloading"=
"d:\\LeagueOfLegends\\ISSetup.dll.downloading"=
"d:\\LeagueOfLegends\\layout.bin.downloading"=
"d:\\LeagueOfLegends\\setup.exe.downloading"=
"d:\\LeagueOfLegends\\setup.ini.downloading"=
"d:\\LeagueOfLegends\\setup.inx.downloading"=
"d:\\LeagueOfLegends\\setup.isn.downloading"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56128:TCP"= 56128:TCP:Pando Media Booster
"56128:UDP"= 56128:UDP:Pando Media Booster
"57227:TCP"= 57227:TCP:Pando Media Booster
"57227:UDP"= 57227:UDP:Pando Media Booster
"58022:TCP"= 58022:TCP:Pando Media Booster
"58022:UDP"= 58022:UDP:Pando Media Booster
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
"57148:TCP"= 57148:TCP:Pando Media Booster
"57148:UDP"= 57148:UDP:Pando Media Booster
.
R0 $sys$cor;$sys$cor;c:\windows\system32\drivers\$sys$cor.sys [10/6/2004 9:11 AM 18432]
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [9/13/2006 10:06 AM 3840]
R1 $sys$crater;$sys$crater;c:\windows\system32\$sys$filesystem\crater.sys [10/7/2004 2:57 AM 11904]
R2 Bsecure;CloudCare;c:\program files\Bsecure\InetCtrl.exe [1/27/2012 8:17 AM 66344]
R2 BsecureAV;CloudCare AntiVirus;c:\program files\Bsecure\BsecAV.exe [1/27/2012 8:17 AM 161776]
R3 BSecACFltr;BSecACFltr;c:\windows\system32\drivers\BSecACFltr.sys [1/27/2012 8:17 AM 21624]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 MpKsl736e4abf;MpKsl736e4abf;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CD2DEFF7-B516-4A96-9A5E-CA5ED9A6C78E}\MpKsl736e4abf.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CD2DEFF7-B516-4A96-9A5E-CA5ED9A6C78E}\MpKsl736e4abf.sys [?]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys --> c:\windows\system32\drivers\SBREDrv.sys [?]
S2 aswFsBlk;aswFsBlk; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 1:08 PM 133104]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 1:08 PM 133104]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - BsecureFilter
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2012-01-26 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 03:09]
.
2012-03-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-495646872-2163096131-2442913983-1006Core.job
- c:\documents and settings\Stephen\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-08-27 03:21]
.
2012-03-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-495646872-2163096131-2442913983-1006UA.job
- c:\documents and settings\Stephen\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-08-27 03:21]
.
2012-03-05 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2012-01-28 19:24]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cce08a6c257baa.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 18:08]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 18:08]
.
2012-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-495646872-2163096131-2442913983-1006Core1cce13095620c94.job
- c:\documents and settings\Stephen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-28 09:49]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-495646872-2163096131-2442913983-1006UA.job
- c:\documents and settings\Stephen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-28 09:49]
.
2010-08-03 c:\windows\Tasks\Install.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2010-08-02 23:19]
.
2012-03-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
2012-03-05 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: %ProgramFiles%\Bsecure\InetCtrl57.dll
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-05 12:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(820)
c:\program files\Bsecure\InetCtrl57.dll
.
- - - - - - - > 'explorer.exe'(2816)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\hnetcfg.dll
c:\program files\Bsecure\InetCtrl57.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\altiris\AClient\AClient.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Bsecure\BSecAMX.exe
c:\windows\RTHDCPL.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-03-05 12:56:31 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-05 17:56
ComboFix2.txt 2012-02-28 16:57
ComboFix3.txt 2012-02-15 00:17
.
Pre-Run: 7,320,641,536 bytes free
Post-Run: 7,363,698,688 bytes free
.
- - End Of File - - 83FC38B58C1ADD477B5C3EF6A2FA9980

#10 mkat

mkat
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 05 March 2012 - 01:47 PM

I have attempted to run dds several times from a previously downloaded one, with my antivirus disabled and a new dowloaded version with and without my microsoft essentials enabled. Nothing works. The window pops up it goes through it's scan until almost finished, and then just quits, no log pops up.

Edited by mkat, 05 March 2012 - 01:47 PM.


#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:20 AM

Posted 06 March 2012 - 09:44 AM

Delete C:\%WinDir%\system32\$sys$filesystem\aries.sys (Replace %WinDir% with the directory that Windows is installed on your computer)


ComboFix will take care of it.

===

Open notepad and copy/paste the text in the quote box below into it:

File::
c:\windows\system32\drivers\$sys$cor.sys
c:\windows\system32\$sys$filesystem\crater.sys

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56128:TCP"=-
"56128:UDP"=-
"57227:TCP"=-
"57227:UDP"=-
"58022:TCP"=-
"58022:UDP"=-
"443:TCP"=-
"443:UDP"=-
"37674:TCP"=-
"37674:UDP"=-
"37675:UDP"= -
"57148:TCP"= -
"57148:UDP"= -
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"{90120000-0030-0000-0000-0000000FF1CE}"=-

Drivers::
$sys$cor
$sys$crater

ClearJavaCache::


Save this as CFScript on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===

Further checks.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.
===

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know what problem persists.

#12 mkat

mkat
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 06 March 2012 - 01:10 PM

FYI I have avast completely uninstalled - no files anywhere that I am able to find, but when running combofix, i always get a warning that the real-time shields are running and to run combo. at your own risk. When I open up outlook I get a message that the shields have been disabled and the file cannot be found. I can't find anything anywhere to stop this, so i continued to run the combofix. I don't know if it will ruin the results. I do plan to uninstall microsoft security ess. as I prefer Avast, but didn't know if i should take care of this first?

Here is the combofix log:
ComboFix 12-03-04.02 - Stephen 03/06/2012 12:39:42.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.471 [GMT -5:00]
Running from: c:\documents and settings\Stephen\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Stephen\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Bsecure Endpoint Security *Disabled/Updated* {BBA75CBF-065F-45F0-AAFA-2AD00C61EED9}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\windows\system32\$sys$filesystem\crater.sys"
"c:\windows\system32\drivers\$sys$cor.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\$sys$filesystem\crater.sys
c:\windows\system32\drivers\$sys$cor.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_$sys$cor
-------\Service_$sys$crater
.
.
((((((((((((((((((((((((( Files Created from 2012-02-06 to 2012-03-06 )))))))))))))))))))))))))))))))
.
.
2012-03-05 18:46 . 2012-02-20 06:05 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FFBAE584-1298-4D7F-9B54-250276560B20}\mpengine.dll
2012-02-28 19:18 . 2012-02-20 06:05 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-27 20:20 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-27 20:12 . 2012-02-27 20:12 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-27 18:42 . 2012-02-27 18:42 262546 ----a-w- c:\documents and settings\All Users\Application Data\1330367773.bdinstall.bin
2012-02-27 03:15 . 2012-02-27 03:15 -------- d-----w- c:\documents and settings\Stephen\Application Data\ElevatedDiagnostics
2012-02-22 18:45 . 2012-02-27 18:44 -------- dc----w- C:\sh4ldr
2012-02-22 18:45 . 2012-02-22 18:45 -------- d-----w- c:\program files\Enigma Software Group
2012-02-22 15:58 . 2012-02-23 12:14 -------- d-----w- c:\documents and settings\Stephen\Local Settings\Application Data\PMB Files
2012-02-22 15:58 . 2012-02-22 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2012-02-22 15:38 . 2004-03-29 20:23 90112 ----a-w- c:\windows\unvise32.exe
2012-02-22 15:38 . 2012-02-22 15:38 -------- dc----w- C:\Psfonts
2012-02-22 15:38 . 2012-02-22 15:38 -------- d-----w- c:\program files\Finale NotePad 2005a
2012-02-22 14:51 . 2012-02-22 15:00 -------- d-----w- c:\program files\UltraVPN
2012-02-21 20:27 . 2012-02-27 18:43 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-02-21 20:27 . 2012-02-21 20:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-02-19 01:33 . 2012-02-19 01:33 -------- d-----w- c:\program files\Common Files\Windows Microsoft Shared
2012-02-19 00:18 . 2012-02-28 15:45 -------- d-----w- c:\documents and settings\Stephen\Local Settings\Application Data\NPE
2012-02-19 00:18 . 2012-02-19 00:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2012-02-15 21:07 . 2012-02-15 21:07 -------- d-----w- c:\documents and settings\Stephen\Local Settings\Application Data\bdch
2012-02-15 03:56 . 2012-02-15 03:56 -------- d-----w- c:\program files\iPod
2012-02-11 00:49 . 2012-02-11 00:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ID Vault
2012-02-11 00:49 . 2012-02-11 00:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\ID Vault
2012-02-10 23:48 . 2012-02-10 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\IsolatedStorage
2012-02-10 23:47 . 2012-02-15 02:40 -------- d-----w- c:\documents and settings\Stephen\Local Settings\Application Data\ID Vault
2012-02-10 23:47 . 2012-02-15 02:40 -------- d-----w- c:\documents and settings\Stephen\Application Data\ID Vault
2012-02-10 23:42 . 2012-02-10 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\White Sky, Inc
2012-02-07 14:39 . 2012-02-07 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\BDLogging
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-22 22:06 . 2011-08-28 23:09 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-04 00:40 . 2011-11-28 22:34 446696 ----a-w- c:\windows\system32\drivers\avckf.sys
2012-01-27 06:32 . 2012-01-27 06:32 204 -c--a-w- C:\__suicide.bat
2012-01-12 16:53 . 2008-04-14 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-23 03:10 . 2010-12-20 04:21 270240 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-12-23 03:10 . 2010-12-20 04:11 270240 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-12-18 02:58 . 2010-12-20 04:11 138056 ----a-w- c:\documents and settings\Stephen\Application Data\PnkBstrK.sys
2011-12-17 19:46 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
1997-04-09 01:08 299520 -cshatr- c:\windows\uninst.exe
2010-02-22 14:23 231288 -cshatr- c:\windows\$NtUninstallKB2121546$\spuninst\spuninst.exe
2010-02-22 14:23 231288 -cshatr- c:\windows\$NtUninstallKB2141007$\spuninst\spuninst.exe
2010-02-22 14:23 231288 -cshatr- c:\windows\$NtUninstallKB2158563$\spuninst\spuninst.exe
2010-02-22 14:23 231288 -cshatr- c:\windows\$NtUninstallKB2160329$\spuninst\spuninst.exe
2009-05-26 09:01 231288 -cshatr- c:\windows\$NtUninstallKB2259922$\spuninst\spuninst.exe
2010-02-22 14:23 231288 -cshatr- c:\windows\$NtUninstallKB2279986$\spuninst\spuninst.exe
2010-02-22 14:23 231288 -cshatr- c:\windows\$NtUninstallKB2286198$\spuninst\spuninst.exe
2009-05-26 09:01 231288 -cshatr- c:\windows\$NtUninstallKB2296011$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB2296199$\spuninst\spuninst.exe
2010-02-22 14:23 231288 -cshatr- c:\windows\$NtUninstallKB2345886$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB2347290$\spuninst\spuninst.exe
2010-02-22 14:23 231288 -cshatr- c:\windows\$NtUninstallKB2360937$\spuninst\spuninst.exe
2007-07-28 03:11 231288 -cshatr- c:\windows\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe
2010-02-22 14:23 231288 -cshatr- c:\windows\$NtUninstallKB2387149$\spuninst\spuninst.exe
2010-02-22 14:23 231288 -cshatr- c:\windows\$NtUninstallKB2419632$\spuninst\spuninst.exe
2010-02-22 14:23 231288 -cshatr- c:\windows\$NtUninstallKB2423089$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB2436673$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB2440591$\spuninst\spuninst.exe
2010-02-22 14:23 231288 -cshatr- c:\windows\$NtUninstallKB2443105$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB2443685$\spuninst\spuninst.exe
2007-07-28 04:11 231288 -cshatr- c:\windows\$NtUninstallKB2447961_WM9L$\spuninst\spuninst.exe
2010-02-22 14:23 231288 -cshatr- c:\windows\$NtUninstallKB2467659$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2476490$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2478971$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2479628$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2483185$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2485376$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2485663$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2503658$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2503665$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2506212$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2506223$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2507618$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2507938$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2508272$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2508429$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2509553$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2511455$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2535512$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2536276-v2$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2541763$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2544893$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2544893-v2$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2555917$\spuninst\spuninst.exe
2011-08-12 17:51 231288 -cshatr- c:\windows\$NtUninstallKB2564958$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2566454$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2567053$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2567680$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2570222$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2570791$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2570947$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2592799$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2603381$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2607712$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2616676$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2618451$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2619339$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2620712$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2624667$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2633171$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2633952$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2639417$\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\$NtUninstallKB2641690$\spuninst\spuninst.exe
2007-03-06 01:22 213216 -cshatr- c:\windows\$NtUninstallKB926139-v2$\spuninst\spuninst.exe
2007-11-30 12:39 231288 -cshatr- c:\windows\$NtUninstallKB938759$\spuninst\spuninst.exe
2007-07-27 14:41 231288 -cshatr- c:\windows\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe
2008-07-08 13:02 231288 -cshatr- c:\windows\$NtUninstallKB971029$\spuninst\spuninst.exe
2008-07-08 13:02 231288 -cshatr- c:\windows\$NtUninstallKB971468$\spuninst\spuninst.exe
2007-07-28 03:11 231288 -cshatr- c:\windows\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB975560$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB975713$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB977165$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB977816$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB977914$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB978037$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB978251$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB978262$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB978338$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB978542$\spuninst\spuninst.exe
2008-07-08 13:02 231288 -cshatr- c:\windows\$NtUninstallKB978601$\spuninst\spuninst.exe
2007-07-28 03:11 231288 -cshatr- c:\windows\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB978706$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB979306$\spuninst\spuninst.exe
2008-07-08 13:02 231288 -cshatr- c:\windows\$NtUninstallKB979309$\spuninst\spuninst.exe
2007-07-28 03:11 231288 -cshatr- c:\windows\$NtUninstallKB979332_WM9L$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB979482$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB979683$\spuninst\spuninst.exe
2009-05-26 09:01 231288 -cshatr- c:\windows\$NtUninstallKB979687$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB980218$\spuninst\spuninst.exe
2009-05-26 09:01 231288 -cshatr- c:\windows\$NtUninstallKB980232$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB980436$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB981322$\spuninst\spuninst.exe
2009-05-26 09:01 231288 -cshatr- c:\windows\$NtUninstallKB981793$\spuninst\spuninst.exe
2010-02-22 14:23 231288 -cshatr- c:\windows\$NtUninstallKB981957$\spuninst\spuninst.exe
2009-05-26 11:40 231288 -cshatr- c:\windows\$NtUninstallKB982132$\spuninst\spuninst.exe
2010-02-22 14:23 231288 -cshatr- c:\windows\$NtUninstallKB982214$\spuninst\spuninst.exe
2010-02-22 14:23 231288 -cshatr- c:\windows\$NtUninstallKB982665$\spuninst\spuninst.exe
2010-02-22 14:23 231288 -cshatr- c:\windows\$NtUninstallKB982802$\spuninst\spuninst.exe
2008-11-07 23:55 231456 -cshatr- c:\windows\$NtUninstallWdf01009$\spuninst\spuninst.exe
2010-08-20 04:46 222584 --shatr- c:\windows\Downloaded Program Files\BFHUpdater.dll
2002-07-26 11:13 196608 --shatr- c:\windows\Downloaded Program Files\dwusplay.exe
2010-03-24 21:56 143968 --shatr- c:\windows\Downloaded Program Files\ijjiSetup1010.dll
2005-02-17 11:15 401408 -cshatr- c:\windows\Downloaded Program Files\isusweb.dll
2010-09-30 19:20 151352 --shatr- c:\windows\Downloaded Program Files\npsoe.dll
2009-01-07 23:20 231456 -cshatr- c:\windows\ie8\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\ie8updates\KB2598845-IE8\spuninst\spuninst.exe
2010-07-05 13:15 231288 -cshatr- c:\windows\ie8updates\KB2618444-IE8\spuninst\spuninst.exe
2008-07-08 13:02 231288 -cshatr- c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
2006-10-27 01:13 764800 --sha-r- c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACECNF.DLL
2006-10-27 20:35 436512 --sha-r- c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\UMOUTLOOKADDIN.DLL
2008-10-25 10:18 172880 --sha-r- c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\IEAWSDC.DLL
2006-07-24 15:50 92976 --sha-r- c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\MSADDNDR.DLL
2011-08-04 00:53 17324928 --sha-r- c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\MSO.DLL
2009-02-26 19:24 97680 --sha-r- c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\ONENOTEM.EXE
2009-10-10 03:10 2594632 --sha-r- c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\VBE6.DLL
2003-03-19 04:38 110592 -cshatr- c:\windows\Microsoft.NET\Framework\VJSharp\VJSWfcHost.dll
2010-02-22 23:48 107888 --shatr- c:\windows\system32\CmdLineExt.dll
2011-08-31 04:05 73064 --shatr- c:\windows\system32\dnssd.dll
2011-08-31 04:05 178536 --shatr- c:\windows\system32\dnssdX.dll
2011-07-07 07:28 1193320 --shatr- c:\windows\system32\FM20.DLL
2009-01-29 15:53 87472 --shatr- c:\windows\system32\ijjiChannelingPlugin.dll
2008-06-12 19:08 58800 --shatr- c:\windows\system32\ijjiPlugin2.dll
2009-02-27 08:42 31640 --shatr- c:\windows\system32\msonpmon.dll
2009-07-21 05:05 1348432 --shatr- c:\windows\system32\msxml4.dll
2009-08-06 23:23 274288 --shatr- c:\windows\system32\mucltui.dll
2009-08-06 23:23 215920 --shatr- c:\windows\system32\muweb.dll
2002-03-07 04:19 454656 --shatr- c:\windows\system32\PaintX.dll
2009-08-17 11:48 158952 --shatr- c:\windows\system32\PubPlugin.dll
2011-08-16 10:34 279480 --shatr- c:\windows\system32\Adobe\Director\SwDir.dll
2011-08-16 10:35 112568 --shatr- c:\windows\system32\Adobe\Director\SWDNLD.EXE
2010-08-02 23:19 497016 --shatr- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe
2011-08-16 10:34 1040824 --shatr- c:\windows\system32\Adobe\Shockwave 11\SwHelper_1161629.exe
2011-09-21 16:52 87940 --shatr- c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
2011-11-25 18:59 240184 --shatr- c:\windows\system32\drivers\avchv.sys
2011-08-16 18:59 360976 --shatr- c:\windows\system32\drivers\bdfsfltr.sys
2010-02-05 17:40 21624 --shatr- c:\windows\system32\drivers\BSecACFltr.sys
2010-04-26 19:23 49088 --shatr- c:\windows\system32\drivers\BsecFltr.sys
2009-08-19 21:49 49904 --shatr- c:\windows\system32\drivers\BVRPMPR5.SYS
2008-04-14 04:16 17024 --shatr- c:\windows\system32\drivers\CCDECODE.sys
2009-05-18 17:17 26600 --shatr- c:\windows\system32\drivers\GEARAspiWDM.sys
2008-04-14 04:16 85248 --shatr- c:\windows\system32\drivers\NABTSFEC.sys
2008-04-14 04:16 10880 --shatr- c:\windows\system32\drivers\NdisIP.sys
2007-01-18 14:24 26496 --shatr- c:\windows\system32\drivers\RimSerial.sys
2008-04-14 04:16 11136 --shatr- c:\windows\system32\drivers\SLIP.sys
2008-04-14 04:16 15232 --shatr- c:\windows\system32\drivers\StreamIP.sys
2011-10-27 19:07 340624 --shatr- c:\windows\system32\drivers\trufos.sys
2011-08-02 22:38 42496 --shatr- c:\windows\system32\drivers\usbaapl.sys
2008-04-14 04:15 60032 --shatr- c:\windows\system32\drivers\USBAUDIO.sys
2008-04-14 04:15 15104 --shatr- c:\windows\system32\drivers\usbscan.sys
2008-04-14 04:16 121984 --shatr- c:\windows\system32\drivers\usbvideo.sys
2008-04-14 04:16 19200 --shatr- c:\windows\system32\drivers\WSTCODEC.SYS
2010-09-23 20:29 232912 --shatr- c:\windows\system32\Macromed\Flash\FlashUtil10k_Plugin.exe
2006-10-27 00:56 33104 --shatr- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\yt.dll" [2011-11-02 2015544]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ToktumiClient"="c:\program files\Toktumi\Toktumi.exe" [2011-04-22 5904224]
"Facebook Update"="c:\documents and settings\Stephen\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2011-08-27 137536]
"InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-10-11 1179648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-11 16267776]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"CloudCare"="c:\program files\Bsecure\BsecTray.exe" [2011-06-25 96040]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"AClntUsr"="c:\altiris\AClient\AClntUsr.EXE" [2012-03-05 184320]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Stephen\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\REACTOR\\REACTOR.exe"=
"c:\\Program Files\\REACTOR\\ijjiOptimizer.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds Trial\\Game\\battlegrounds_trial.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Toktumi\\Toktumi.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Stephen\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Altiris\\AClient\\AClntUsr.EXE"=
"c:\\Program Files\\Bsecure\\InetCtrl.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"d:\\LeagueOfLegends\\0x0409.ini.downloading"=
"d:\\LeagueOfLegends\\data1.cab.downloading"=
"d:\\LeagueOfLegends\\data1.hdr.downloading"=
"d:\\LeagueOfLegends\\data2.cab.downloading"=
"d:\\LeagueOfLegends\\ISSetup.dll.downloading"=
"d:\\LeagueOfLegends\\layout.bin.downloading"=
"d:\\LeagueOfLegends\\setup.exe.downloading"=
"d:\\LeagueOfLegends\\setup.ini.downloading"=
"d:\\LeagueOfLegends\\setup.inx.downloading"=
"d:\\LeagueOfLegends\\setup.isn.downloading"=
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [9/13/2006 10:06 AM 3840]
R2 Bsecure;CloudCare;c:\program files\Bsecure\InetCtrl.exe [1/27/2012 8:17 AM 66344]
R2 BsecureAV;CloudCare AntiVirus;c:\program files\Bsecure\BsecAV.exe [1/27/2012 8:17 AM 161776]
R3 BSecACFltr;BSecACFltr;c:\windows\system32\drivers\BSecACFltr.sys [1/27/2012 8:17 AM 21624]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 MpKslbb62453d;MpKslbb62453d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FFBAE584-1298-4D7F-9B54-250276560B20}\MpKslbb62453d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FFBAE584-1298-4D7F-9B54-250276560B20}\MpKslbb62453d.sys [?]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys --> c:\windows\system32\drivers\SBREDrv.sys [?]
S2 aswFsBlk;aswFsBlk; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 1:08 PM 133104]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 1:08 PM 133104]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - BsecureFilter
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2012-01-26 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 03:09]
.
2012-03-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-495646872-2163096131-2442913983-1006Core.job
- c:\documents and settings\Stephen\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-08-27 03:21]
.
2012-03-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-495646872-2163096131-2442913983-1006UA.job
- c:\documents and settings\Stephen\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-08-27 03:21]
.
2012-03-06 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2012-01-28 19:24]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cce08a6c257baa.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 18:08]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 18:08]
.
2012-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-495646872-2163096131-2442913983-1006Core1cce13095620c94.job
- c:\documents and settings\Stephen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-28 09:49]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-495646872-2163096131-2442913983-1006UA.job
- c:\documents and settings\Stephen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-28 09:49]
.
2010-08-03 c:\windows\Tasks\Install.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2010-08-02 23:19]
.
2012-03-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
2012-03-06 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: %ProgramFiles%\Bsecure\InetCtrl57.dll
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-06 12:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(816)
c:\program files\Bsecure\InetCtrl57.dll
.
- - - - - - - > 'explorer.exe'(2340)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\hnetcfg.dll
c:\program files\Bsecure\InetCtrl57.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\altiris\AClient\AClient.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Bsecure\BSecAMX.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RTHDCPL.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-03-06 12:52:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-06 17:52
ComboFix2.txt 2012-03-05 17:56
ComboFix3.txt 2012-02-28 16:57
ComboFix4.txt 2012-02-15 00:17
.
Pre-Run: 7,276,888,064 bytes free
Post-Run: 7,348,871,168 bytes free
.
- - End Of File - - 2897A22E855C2E458B89BD00FFD932BD

#13 mkat

mkat
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 06 March 2012 - 01:17 PM

Here is the TDDS report. Nothing was found.

13:16:31.0078 3084 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
13:16:31.0437 3084 ============================================================
13:16:31.0437 3084 Current date / time: 2012/03/06 13:16:31.0437
13:16:31.0437 3084 SystemInfo:
13:16:31.0437 3084
13:16:31.0437 3084 OS Version: 5.1.2600 ServicePack: 3.0
13:16:31.0437 3084 Product type: Workstation
13:16:31.0437 3084 ComputerName: COMPUTER
13:16:31.0437 3084 UserName: Stephen
13:16:31.0437 3084 Windows directory: C:\WINDOWS
13:16:31.0437 3084 System windows directory: C:\WINDOWS
13:16:31.0437 3084 Processor architecture: Intel x86
13:16:31.0437 3084 Number of processors: 2
13:16:31.0437 3084 Page size: 0x1000
13:16:31.0437 3084 Boot type: Normal boot
13:16:31.0437 3084 ============================================================
13:16:32.0640 3084 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:16:32.0640 3084 \Device\Harddisk0\DR0:
13:16:32.0640 3084 MBR used
13:16:32.0640 3084 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3B856AE
13:16:32.0656 3084 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3B8572C, BlocksNum 0x5988D95
13:16:32.0718 3084 Initialize success
13:16:32.0718 3084 ============================================================
13:16:39.0312 3004 ============================================================
13:16:39.0312 3004 Scan started
13:16:39.0312 3004 Mode: Manual;
13:16:39.0312 3004 ============================================================
13:16:40.0593 3004 Aavmker4 - ok
13:16:40.0609 3004 Abiosdsk - ok
13:16:40.0640 3004 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
13:16:40.0640 3004 abp480n5 - ok
13:16:40.0718 3004 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:16:40.0718 3004 ACPI - ok
13:16:40.0750 3004 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:16:40.0750 3004 ACPIEC - ok
13:16:40.0828 3004 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
13:16:40.0828 3004 adpu160m - ok
13:16:40.0875 3004 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:16:40.0875 3004 aec - ok
13:16:40.0906 3004 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:16:40.0906 3004 AFD - ok
13:16:40.0953 3004 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
13:16:40.0953 3004 agp440 - ok
13:16:40.0968 3004 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
13:16:40.0968 3004 agpCPQ - ok
13:16:41.0000 3004 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
13:16:41.0000 3004 Aha154x - ok
13:16:41.0031 3004 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
13:16:41.0031 3004 aic78u2 - ok
13:16:41.0062 3004 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
13:16:41.0062 3004 aic78xx - ok
13:16:41.0109 3004 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
13:16:41.0109 3004 AliIde - ok
13:16:41.0125 3004 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
13:16:41.0125 3004 alim1541 - ok
13:16:41.0171 3004 AlKernel (06112696a1b06692939cf087d1f1c84e) C:\WINDOWS\system32\Drivers\AlKernel.sys
13:16:41.0171 3004 AlKernel - ok
13:16:41.0187 3004 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
13:16:41.0187 3004 amdagp - ok
13:16:41.0218 3004 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
13:16:41.0218 3004 AmdK8 - ok
13:16:41.0531 3004 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
13:16:41.0531 3004 amsint - ok
13:16:41.0609 3004 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
13:16:41.0609 3004 asc - ok
13:16:41.0640 3004 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
13:16:41.0640 3004 asc3350p - ok
13:16:41.0656 3004 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
13:16:41.0656 3004 asc3550 - ok
13:16:41.0687 3004 aswFsBlk - ok
13:16:41.0703 3004 aswMon2 - ok
13:16:41.0718 3004 aswRdr - ok
13:16:41.0718 3004 aswSnx - ok
13:16:41.0750 3004 aswSP - ok
13:16:41.0750 3004 aswTdi - ok
13:16:41.0781 3004 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:16:41.0781 3004 AsyncMac - ok
13:16:41.0812 3004 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:16:41.0812 3004 atapi - ok
13:16:41.0843 3004 Atdisk - ok
13:16:41.0906 3004 ati2mtag (92e6e84d152d2acc44936c1c89ff26c4) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:16:41.0968 3004 ati2mtag - ok
13:16:41.0984 3004 atiide (9b7056bc4e1332a4fac22fff2d6b8c7f) C:\WINDOWS\system32\DRIVERS\atiide.sys
13:16:41.0984 3004 atiide - ok
13:16:42.0000 3004 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:16:42.0015 3004 Atmarpc - ok
13:16:42.0046 3004 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:16:42.0046 3004 audstub - ok
13:16:42.0078 3004 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
13:16:42.0078 3004 b57w2k - ok
13:16:42.0125 3004 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:16:42.0125 3004 Beep - ok
13:16:42.0156 3004 BSecACFltr (c9aff970593e598b896f22898d768105) C:\WINDOWS\system32\DRIVERS\BSecACFltr.sys
13:16:42.0171 3004 BSecACFltr - ok
13:16:42.0187 3004 BsecureFilter (0a00fd8d22ecf4031964414f699b7bbd) C:\WINDOWS\system32\drivers\BsecFltr.sys
13:16:42.0187 3004 BsecureFilter - ok
13:16:42.0250 3004 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
13:16:42.0250 3004 BVRPMPR5 - ok
13:16:42.0250 3004 catchme - ok
13:16:42.0281 3004 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
13:16:42.0281 3004 cbidf - ok
13:16:42.0281 3004 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:16:42.0281 3004 cbidf2k - ok
13:16:42.0328 3004 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:16:42.0328 3004 CCDECODE - ok
13:16:42.0359 3004 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
13:16:42.0359 3004 cd20xrnt - ok
13:16:42.0375 3004 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:16:42.0375 3004 Cdaudio - ok
13:16:42.0406 3004 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:16:42.0406 3004 Cdfs - ok
13:16:42.0453 3004 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:16:42.0453 3004 Cdrom - ok
13:16:42.0468 3004 Changer - ok
13:16:42.0500 3004 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
13:16:42.0500 3004 CmdIde - ok
13:16:42.0546 3004 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
13:16:42.0546 3004 Cpqarray - ok
13:16:42.0578 3004 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
13:16:42.0578 3004 dac2w2k - ok
13:16:42.0609 3004 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
13:16:42.0609 3004 dac960nt - ok
13:16:42.0640 3004 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:16:42.0640 3004 Disk - ok
13:16:42.0703 3004 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:16:42.0718 3004 dmboot - ok
13:16:42.0765 3004 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:16:42.0765 3004 dmio - ok
13:16:42.0781 3004 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:16:42.0781 3004 dmload - ok
13:16:42.0796 3004 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:16:42.0796 3004 DMusic - ok
13:16:42.0828 3004 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
13:16:42.0828 3004 dpti2o - ok
13:16:42.0859 3004 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:16:42.0859 3004 drmkaud - ok
13:16:42.0875 3004 EagleNT - ok
13:16:42.0921 3004 esgiguard - ok
13:16:42.0953 3004 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:16:42.0968 3004 Fastfat - ok
13:16:42.0984 3004 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:16:42.0984 3004 Fdc - ok
13:16:43.0015 3004 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:16:43.0015 3004 Fips - ok
13:16:43.0031 3004 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:16:43.0031 3004 Flpydisk - ok
13:16:43.0062 3004 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:16:43.0062 3004 FltMgr - ok
13:16:43.0078 3004 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:16:43.0078 3004 Fs_Rec - ok
13:16:43.0109 3004 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:16:43.0109 3004 Ftdisk - ok
13:16:43.0125 3004 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
13:16:43.0125 3004 gameenum - ok
13:16:43.0171 3004 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:16:43.0171 3004 GEARAspiWDM - ok
13:16:43.0203 3004 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:16:43.0203 3004 Gpc - ok
13:16:43.0234 3004 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:16:43.0234 3004 HDAudBus - ok
13:16:43.0281 3004 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:16:43.0281 3004 HidUsb - ok
13:16:43.0296 3004 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
13:16:43.0296 3004 hpn - ok
13:16:43.0343 3004 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:16:43.0343 3004 HTTP - ok
13:16:43.0375 3004 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
13:16:43.0375 3004 i2omgmt - ok
13:16:43.0390 3004 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
13:16:43.0390 3004 i2omp - ok
13:16:43.0406 3004 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:16:43.0421 3004 i8042prt - ok
13:16:43.0453 3004 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\DRIVERS\iaStor.sys
13:16:43.0453 3004 iaStor - ok
13:16:43.0484 3004 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:16:43.0484 3004 Imapi - ok
13:16:43.0515 3004 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
13:16:43.0531 3004 ini910u - ok
13:16:43.0640 3004 IntcAzAudAddService (6d6b57808c923a4d79cc8f47307753c9) C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:16:43.0734 3004 IntcAzAudAddService - ok
13:16:43.0796 3004 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:16:43.0796 3004 IntelIde - ok
13:16:43.0812 3004 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:16:43.0812 3004 Ip6Fw - ok
13:16:43.0843 3004 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:16:43.0843 3004 IpFilterDriver - ok
13:16:43.0859 3004 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:16:43.0859 3004 IpInIp - ok
13:16:43.0875 3004 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:16:43.0875 3004 IpNat - ok
13:16:43.0921 3004 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:16:43.0921 3004 IPSec - ok
13:16:43.0937 3004 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:16:43.0937 3004 IRENUM - ok
13:16:43.0968 3004 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:16:43.0968 3004 isapnp - ok
13:16:44.0015 3004 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:16:44.0015 3004 Kbdclass - ok
13:16:44.0062 3004 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:16:44.0062 3004 kmixer - ok
13:16:44.0093 3004 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:16:44.0093 3004 KSecDD - ok
13:16:44.0109 3004 lbrtfdc - ok
13:16:44.0140 3004 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:16:44.0156 3004 mnmdd - ok
13:16:44.0171 3004 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:16:44.0171 3004 Modem - ok
13:16:44.0203 3004 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:16:44.0203 3004 Mouclass - ok
13:16:44.0250 3004 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:16:44.0250 3004 mouhid - ok
13:16:44.0265 3004 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:16:44.0265 3004 MountMgr - ok
13:16:44.0312 3004 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
13:16:44.0328 3004 MpFilter - ok
13:16:44.0390 3004 MpKsl160ec416 (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{828F9F4D-8B92-471A-AA53-262BE025577B}\MpKsl160ec416.sys
13:16:44.0390 3004 MpKsl160ec416 - ok
13:16:44.0406 3004 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
13:16:44.0421 3004 mraid35x - ok
13:16:44.0453 3004 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:16:44.0453 3004 MRxDAV - ok
13:16:44.0500 3004 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:16:44.0500 3004 MRxSmb - ok
13:16:44.0531 3004 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:16:44.0531 3004 Msfs - ok
13:16:44.0578 3004 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:16:44.0578 3004 MSKSSRV - ok
13:16:44.0593 3004 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:16:44.0593 3004 MSPCLOCK - ok
13:16:44.0625 3004 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:16:44.0625 3004 MSPQM - ok
13:16:44.0640 3004 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:16:44.0640 3004 mssmbios - ok
13:16:44.0671 3004 MSTEE (d5059366b361f0e1124753447af08aa2) C:\WINDOWS\system32\drivers\MSTEE.sys
13:16:44.0671 3004 MSTEE - ok
13:16:44.0703 3004 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:16:44.0718 3004 Mup - ok
13:16:44.0750 3004 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:16:44.0750 3004 NABTSFEC - ok
13:16:44.0796 3004 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:16:44.0796 3004 NDIS - ok
13:16:44.0843 3004 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:16:44.0843 3004 NdisIP - ok
13:16:45.0015 3004 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:16:45.0015 3004 NdisTapi - ok
13:16:45.0156 3004 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:16:45.0156 3004 Ndisuio - ok
13:16:45.0203 3004 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:16:45.0203 3004 NdisWan - ok
13:16:45.0234 3004 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:16:45.0234 3004 NDProxy - ok
13:16:45.0281 3004 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:16:45.0281 3004 NetBIOS - ok
13:16:45.0312 3004 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:16:45.0312 3004 NetBT - ok
13:16:45.0390 3004 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:16:45.0390 3004 Npfs - ok
13:16:45.0421 3004 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:16:45.0437 3004 Ntfs - ok
13:16:45.0468 3004 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:16:45.0468 3004 Null - ok
13:16:45.0500 3004 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:16:45.0500 3004 NwlnkFlt - ok
13:16:45.0546 3004 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:16:45.0546 3004 NwlnkFwd - ok
13:16:45.0593 3004 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:16:45.0593 3004 Parport - ok
13:16:45.0609 3004 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:16:45.0609 3004 PartMgr - ok
13:16:45.0640 3004 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:16:45.0640 3004 ParVdm - ok
13:16:45.0687 3004 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:16:45.0687 3004 PCI - ok
13:16:45.0687 3004 PCIDump - ok
13:16:45.0812 3004 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:16:45.0843 3004 PCIIde - ok
13:16:46.0078 3004 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:16:46.0078 3004 Pcmcia - ok
13:16:46.0093 3004 PDCOMP - ok
13:16:46.0109 3004 PDFRAME - ok
13:16:46.0125 3004 PDRELI - ok
13:16:46.0140 3004 PDRFRAME - ok
13:16:46.0156 3004 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
13:16:46.0156 3004 perc2 - ok
13:16:46.0296 3004 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
13:16:46.0296 3004 perc2hib - ok
13:16:46.0421 3004 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:16:46.0421 3004 PptpMiniport - ok
13:16:46.0437 3004 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
13:16:46.0437 3004 Processor - ok
13:16:46.0453 3004 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:16:46.0468 3004 PSched - ok
13:16:46.0500 3004 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:16:46.0500 3004 Ptilink - ok
13:16:46.0515 3004 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
13:16:46.0515 3004 ql1080 - ok
13:16:46.0546 3004 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
13:16:46.0546 3004 Ql10wnt - ok
13:16:46.0578 3004 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
13:16:46.0578 3004 ql12160 - ok
13:16:46.0593 3004 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
13:16:46.0593 3004 ql1240 - ok
13:16:46.0625 3004 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
13:16:46.0640 3004 ql1280 - ok
13:16:46.0671 3004 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:16:46.0750 3004 RasAcd - ok
13:16:46.0906 3004 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:16:46.0906 3004 Rasl2tp - ok
13:16:46.0953 3004 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:16:46.0953 3004 RasPppoe - ok
13:16:46.0984 3004 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:16:46.0984 3004 Raspti - ok
13:16:47.0015 3004 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:16:47.0015 3004 Rdbss - ok
13:16:47.0031 3004 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:16:47.0046 3004 RDPCDD - ok
13:16:47.0078 3004 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:16:47.0078 3004 rdpdr - ok
13:16:47.0125 3004 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
13:16:47.0125 3004 RDPWD - ok
13:16:47.0171 3004 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:16:47.0171 3004 redbook - ok
13:16:47.0187 3004 RimUsb - ok
13:16:47.0234 3004 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
13:16:47.0234 3004 RimVSerPort - ok
13:16:47.0250 3004 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
13:16:47.0250 3004 ROOTMODEM - ok
13:16:47.0281 3004 SBRE - ok
13:16:47.0312 3004 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:16:47.0312 3004 Secdrv - ok
13:16:47.0359 3004 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:16:47.0359 3004 serenum - ok
13:16:47.0375 3004 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:16:47.0375 3004 Serial - ok
13:16:47.0421 3004 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:16:47.0421 3004 Sfloppy - ok
13:16:47.0437 3004 Simbad - ok
13:16:47.0453 3004 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
13:16:47.0453 3004 sisagp - ok
13:16:47.0515 3004 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:16:47.0515 3004 SLIP - ok
13:16:47.0546 3004 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
13:16:47.0546 3004 Sparrow - ok
13:16:47.0578 3004 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:16:47.0593 3004 splitter - ok
13:16:47.0609 3004 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:16:47.0625 3004 sr - ok
13:16:47.0671 3004 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:16:47.0671 3004 Srv - ok
13:16:47.0718 3004 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:16:47.0718 3004 streamip - ok
13:16:47.0750 3004 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:16:47.0750 3004 swenum - ok
13:16:47.0781 3004 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:16:47.0781 3004 swmidi - ok
13:16:47.0828 3004 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
13:16:47.0828 3004 symc810 - ok
13:16:47.0859 3004 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
13:16:47.0859 3004 symc8xx - ok
13:16:47.0890 3004 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
13:16:47.0890 3004 sym_hi - ok
13:16:47.0906 3004 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
13:16:47.0906 3004 sym_u3 - ok
13:16:47.0937 3004 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:16:47.0937 3004 sysaudio - ok
13:16:47.0984 3004 tap0901 (c516b5cffb7c307fcb7df87d7d7fa200) C:\WINDOWS\system32\DRIVERS\tap0901.sys
13:16:47.0984 3004 tap0901 - ok
13:16:48.0031 3004 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:16:48.0031 3004 Tcpip - ok
13:16:48.0078 3004 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:16:48.0078 3004 TDPIPE - ok
13:16:48.0093 3004 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:16:48.0093 3004 TDTCP - ok
13:16:48.0125 3004 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:16:48.0125 3004 TermDD - ok
13:16:48.0156 3004 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
13:16:48.0171 3004 TosIde - ok
13:16:48.0203 3004 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:16:48.0203 3004 Udfs - ok
13:16:48.0218 3004 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
13:16:48.0218 3004 ultra - ok
13:16:48.0265 3004 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:16:48.0281 3004 Update - ok
13:16:48.0328 3004 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
13:16:48.0328 3004 USBAAPL - ok
13:16:48.0359 3004 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
13:16:48.0359 3004 usbaudio - ok
13:16:48.0406 3004 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:16:48.0406 3004 usbccgp - ok
13:16:48.0437 3004 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:16:48.0437 3004 usbehci - ok
13:16:48.0453 3004 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:16:48.0453 3004 usbhub - ok
13:16:48.0468 3004 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:16:48.0468 3004 usbohci - ok
13:16:48.0515 3004 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:16:48.0515 3004 usbprint - ok
13:16:48.0546 3004 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:16:48.0546 3004 usbscan - ok
13:16:48.0578 3004 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:16:48.0578 3004 USBSTOR - ok
13:16:48.0625 3004 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
13:16:48.0625 3004 usbvideo - ok
13:16:48.0656 3004 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:16:48.0656 3004 VgaSave - ok
13:16:48.0703 3004 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
13:16:48.0703 3004 viaagp - ok
13:16:48.0734 3004 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
13:16:48.0734 3004 ViaIde - ok
13:16:48.0765 3004 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:16:48.0765 3004 VolSnap - ok
13:16:48.0812 3004 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:16:48.0812 3004 Wanarp - ok
13:16:48.0859 3004 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
13:16:48.0859 3004 Wdf01000 - ok
13:16:48.0875 3004 WDICA - ok
13:16:48.0906 3004 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:16:48.0906 3004 wdmaud - ok
13:16:48.0968 3004 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
13:16:48.0968 3004 WmiAcpi - ok
13:16:49.0015 3004 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
13:16:49.0015 3004 WpdUsb - ok
13:16:49.0031 3004 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:16:49.0031 3004 WS2IFSL - ok
13:16:49.0078 3004 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:16:49.0093 3004 WSTCODEC - ok
13:16:49.0109 3004 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:16:49.0125 3004 WudfPf - ok
13:16:49.0140 3004 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:16:49.0140 3004 WudfRd - ok
13:16:49.0187 3004 MBR (0x1B8) (c9bf916068238d16f510107a5ad6b482) \Device\Harddisk0\DR0
13:16:49.0312 3004 \Device\Harddisk0\DR0 - ok
13:16:49.0312 3004 Boot (0x1200) (c5fe370a1ebc197a5cf311267bb4f2fe) \Device\Harddisk0\DR0\Partition0
13:16:49.0312 3004 \Device\Harddisk0\DR0\Partition0 - ok
13:16:49.0328 3004 Boot (0x1200) (cab108f9bd59e05d30a76c352aef2160) \Device\Harddisk0\DR0\Partition1
13:16:49.0328 3004 \Device\Harddisk0\DR0\Partition1 - ok
13:16:49.0328 3004 ============================================================
13:16:49.0328 3004 Scan finished
13:16:49.0328 3004 ============================================================
13:16:49.0359 3912 Detected object count: 0
13:16:49.0359 3912 Actual detected object count: 0

#14 mkat

mkat
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 06 March 2012 - 01:25 PM

security check log: (noticible problems to follow in another post)

Results of screen317's Security Check version 0.99.31
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

CCleaner
Java™ 6 Update 30
Adobe Flash Player 10.1.85.3 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

#15 mkat

mkat
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 06 March 2012 - 01:28 PM

Something is going on with the DDS scanner that I couldn't get to run yesterday. Now it continuously seems to run and states that txt logs will appear - they don't and it has been scanning, giving notices, scanning... continuously since then?

Also, the computer is VERY slow, iTunes completely freezes up the computer (maybe unrelated or because of the age of the computer?)

Lastly, I simply want to confirm in as close to 100% that is possible that this computer is not infected with the alureon DNS redirect virus or anything else that may have loaded with it.

Thank you!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users