Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Redirector & Slow Search Engine Results


  • This topic is locked This topic is locked
18 replies to this topic

#1 crumpms

crumpms

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 21 March 2012 - 02:15 PM

Hi All,
I'm having a problem with my web browsers being redirected (both Internet Explorer and Firefox). I've tried all that I can think of before coming here, but I've still got some infection. Search engine queries are very slow; a Google seach typically takes over 60 seconds to return my searches; Bing takes about the same amount of time. When I follow one of the returned links I get redirected to various sites.

My OS is XP with service pack 3; I'm running Sophos Endpoint Security and Control (version 9.7) and I have tried cleaning my system using Malwarebytes Anti-Malware (version 1.60.1.1000) and Spybot Search & Destroy (version 1.4).

I've read and followed the "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help". Here are the results of that:
(1) I downloaded and ran DeFogger to disable CD Emulation drivers
(2) I downloaded and ran DDS; I do not have the "DDS.txt" and "Attach.txt" files because each time I run DDS it hangs after approximately 10 minutes of run time (I have done this 4 times and each time the system hangs and I have to manually perform a hard reboot).
(3) I have downloaded and run the GMER application (I used the randomly generated EXE file). When I launched the application I received the following: "LoadDriver("C:\Temp\kgldpod.sys") error 0xC000010E: Cannot create a stable subkey under a volatile parent key." I click the OK button and GMER loads (NOTE: in the instructions, GMER is version 1.0.15.15281 and it instructs you to uncheck "IAT/EAT", "drives that are not the system drive" and "Show all". My version is 1.0.15.15641 and the only items I can uncheck are "Services", "Registry", "Files" and "ADS"; all other options are ghosted and unchecked; I cannot check any of them)

The ark.txt file contents are:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-21 12:46:34
Windows 5.1.2600 Service Pack 3
Running: 7mtbh8e7.exe; Driver: C:\TEMP\kgldypod.sys


---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\crumpms\Local Settings\Temporary Internet Files\Content.IE5\P76G2062\down[1] 0 bytes

---- EOF - GMER 1.0.15 ----

I have even pulled my hard drive out and hooked it up as a slave drive on a clean system and scanned it; the scan came back clean.

Help!

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:06 AM

Posted 22 March 2012 - 11:55 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Backup any files that cannot be replaced

If you have not done it yet spend a few minutes to backup any files that cannot be replaced. Removing malware can be unpredictable and this may save you and me allot of grief later.

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

you may want to backup the whole harddrive there is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the files backed up you may do the following.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



The next thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these steps


Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in

    %TEMP%\smtmp\*.* /s

  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.


information and logs:

  • In your next post I need the following

  • .logs from OTL
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 crumpms

crumpms
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 23 March 2012 - 09:41 AM

Hola Gringo,
muchas gracias! :)

Here is what I've done:
(1) Downloaded and ran "Unhide.txt"
(2) Rebooted
(3) Downloaded and ran "OTL.exe"

There were no problems in doing these steps. Below is the attached OTL log file.

Thanks,

Miguel

OTL logfile created on: 3/23/2012 9:18:56 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\crumpms\Desktop\Bleeping Computer
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 47.99% Memory free
4.85 Gb Paging File | 4.05 Gb Available in Paging File | 83.53% Paging File free
Paging file location(s): C:\pagefile.sys 3070 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 197.76 Gb Free Space | 42.46% Space Free | Partition Type: NTFS

Computer Name: MTL72 | User Name: crumpms | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\crumpms\Desktop\Bleeping Computer\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Sophos\Remote Management System\RouterNT.exe (Sophos Limited)
PRC - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe (Sophos Limited)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
PRC - C:\Program Files\National Instruments\MAX\nimxs.exe (National Instruments Corporation)
PRC - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe (National Instruments Corporation)
PRC - C:\WINNT\system32\lktsrv.exe (National Instruments Corporation)
PRC - C:\WINNT\system32\lkads.exe (National Instruments Corporation)
PRC - C:\Program Files\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe (National Instruments Corporation)
PRC - C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe (National Instruments Corporation)
PRC - C:\Program Files\National Instruments\Shared\NI WebServer\SystemWebServer.exe (National Instruments Corporation)
PRC - C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe (National Instruments Corporation)
PRC - C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
PRC - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited)
PRC - C:\WINNT\system32\lkcitdl.exe (National Instruments, Inc.)
PRC - C:\WINNT\system32\nipxism.exe (National Instruments Corporation)
PRC - C:\Program Files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe (National Instruments Corporation)
PRC - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe (National Instruments Corporation)
PRC - C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe (National Instruments Corporation)
PRC - C:\WINNT\system32\nipalsm.exe (National Instruments Corporation)
PRC - C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe (StorageCraft Technology Corporation)
PRC - C:\WINNT\system32\vsnapvss.exe (StorageCraft Technology Corporation)
PRC - C:\WINNT\explorer.exe (Microsoft Corporation)
PRC - C:\WINNT\system32\kktools\userdump.exe (Microsoft Corporation)
PRC - C:\WINNT\local\etc\rshd.exe ()
PRC - C:\Program Files\BackLog\AuditService.exe ()
PRC - C:\Program Files\Microsoft Office\Office\1033\MSOFFICE.EXE (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Sophos\Remote Management System\TAO_DynamicAny.dll ()
MOD - C:\Program Files\Sophos\Remote Management System\TAO_Valuetype.dll ()
MOD - C:\Program Files\Sophos\Remote Management System\libeay32.dll ()
MOD - C:\Program Files\Sophos\Remote Management System\TAO_SSLIOP.dll ()
MOD - C:\Program Files\Sophos\Remote Management System\TAO.dll ()
MOD - C:\Program Files\Sophos\Remote Management System\ace.dll ()
MOD - C:\Program Files\Sophos\Remote Management System\ssleay32.dll ()
MOD - C:\Program Files\Sophos\Remote Management System\TAO_Security.dll ()
MOD - C:\Program Files\Sophos\Remote Management System\TAO_PortableServer.dll ()
MOD - C:\Program Files\Sophos\Remote Management System\ACE_SSL.dll ()
MOD - C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Mozilla Firefox\js3250.dll ()
MOD - C:\Program Files\National Instruments\Shared\Caps\Compat\NITSU.sdc ()
MOD - C:\Program Files\National Instruments\Shared\Caps\Compat\NITNR.sdc ()
MOD - C:\Program Files\National Instruments\Shared\Caps\Compat\NISYNC.sdc ()
MOD - C:\Program Files\National Instruments\Shared\Caps\Compat\NIHSD.sdc ()
MOD - C:\Program Files\National Instruments\Shared\Caps\Compat\NISRC.sdc ()
MOD - C:\Program Files\National Instruments\Shared\Caps\Compat\NISL.sdc ()
MOD - C:\Program Files\National Instruments\Shared\Caps\Compat\NIDWG.sdc ()
MOD - C:\Program Files\National Instruments\Shared\Caps\Compat\NIPS.sdc ()
MOD - C:\Program Files\National Instruments\Shared\Caps\Compat\NIRFSA.sdc ()
MOD - C:\Program Files\National Instruments\Shared\Caps\Compat\NI5690.sdc ()
MOD - C:\Program Files\National Instruments\Shared\Caps\NISWCH.sdc ()
MOD - C:\WINNT\local\etc\rshd.exe ()
MOD - C:\Program Files\BackLog\AuditService.exe ()


========== Win32 Services (SafeList) ==========

SRV - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe /service msvsmon80 File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe File not found
SRV - (IAS) -- File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (Sophos Message Router) -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe (Sophos Limited)
SRV - (Sophos Agent) -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe (Sophos Limited)
SRV - (SAVAdminService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
SRV - (swi_service) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
SRV - (SAVService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (mxssvr) -- C:\Program Files\National Instruments\MAX\nimxs.exe (National Instruments Corporation)
SRV - (NIDomainService) -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe (National Instruments Corporation)
SRV - (lkTimeSync) -- C:\WINNT\system32\lktsrv.exe (National Instruments Corporation)
SRV - (lkClassAds) -- C:\WINNT\system32\lkads.exe (National Instruments Corporation)
SRV - (NINetworkDiscovery) -- C:\Program Files\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe (National Instruments Corporation)
SRV - (nimDNSResponder) -- C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe (National Instruments Corporation)
SRV - (niSvcLoc) -- C:\Program Files\National Instruments\Shared\NI WebServer\SystemWebServer.exe (National Instruments Corporation)
SRV - (NIApplicationWebServer) -- C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe (National Instruments Corporation)
SRV - (EASEUS Agent) -- C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
SRV - (Sophos AutoUpdate Service) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited)
SRV - (LkCitadelServer) -- C:\WINNT\system32\lkcitdl.exe (National Instruments, Inc.)
SRV - (NILM License Manager) -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe (Macrovision Corporation)
SRV - (nipxirmu) -- C:\WINNT\system32\nipxism.exe (National Instruments Corporation)
SRV - (niLXIDiscovery) -- C:\Program Files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe (National Instruments Corporation)
SRV - (NITaggerService) -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe (National Instruments Corporation)
SRV - (AgDataUpdateSvc9) -- C:\Program Files\AGI\STK 9\bin\AgDataUpdateSvc9.exe (Analytical Graphics, Inc.)
SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (nidevldu) -- C:\WINNT\system32\nipalsm.exe (National Instruments Corporation)
SRV - (OpcEnum) -- C:\WINNT\system32\Opcenum.exe (OPC Foundation)
SRV - (TruePortSrv) -- C:\WINNT\system32\TruePort.exe (Perle Systems Limited)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (ShadowProtectSvc) -- C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe (StorageCraft Technology Corporation)
SRV - (VSNAPVSS) -- C:\WINNT\system32\vsnapvss.exe (StorageCraft Technology Corporation)
SRV - (UtilMan) -- C:\WINNT\system32\utilman.exe (Microsoft Corporation)
SRV - (LxrJD31s) -- C:\WINNT\System32\LxrJD31s.exe ()
SRV - (ncprwsnt) -- C:\Program Files\WatchGuard\Mobile VPN\NCPRWSNT.EXE (NCP Engineering GmbH)
SRV - (rwsrsu) -- C:\Program Files\WatchGuard\Mobile VPN\RWSRSU.exe ()
SRV - (ncpclcfg) -- C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe ()
SRV - (udmpsvc) -- C:\WINNT\system32\kktools\userdump.exe (Microsoft Corporation)
SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (NcpSec) -- C:\Program Files\WatchGuard\Mobile VPN\NCPSEC.EXE ()
SRV - (rshd) -- C:\WINNT\local\etc\rshd.exe ()
SRV - (winvnc) -- C:\Program Files\RealVNC\WinVNC\winvnc.exe (RealVNC Ltd.)
SRV - (BackLog) -- C:\Program Files\BackLog\AuditService.exe ()


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (usb6xxxk) -- C:\WINNT\system32\drivers\usb6xxxkl.sys File not found
DRV - (tga) -- File not found
DRV - (PfModNT) -- C:\WINNT\system32\PfModNT.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (Parallel) -- System32\DRIVERS\parallel.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (DS1410D) -- SYSTEM32\drivers\DS1410D.SYS File not found
DRV - (cpuz127) -- C:\DOCUME~1\crumpms\LOCALS~1\Temp\cpuz_x32.sys File not found
DRV - (vmm) -- C:\WINNT\system32\drivers\VMM.sys (Microsoft Corporation)
DRV - (SAVOnAccessControl) -- C:\WINNT\system32\drivers\savonaccesscontrol.sys (Sophos Limited)
DRV - (SAVOnAccessFilter) -- C:\WINNT\system32\drivers\savonaccessfilter.sys (Sophos Limited)
DRV - (sdcfilter) -- C:\WINNT\system32\drivers\sdcfilter.sys (Sophos Plc)
DRV - (SKMScan) -- C:\WINNT\system32\drivers\skmscan.sys (Sophos Plc)
DRV - (RsFx0105) -- C:\WINNT\system32\drivers\RsFx0105.sys (Microsoft Corporation)
DRV - (nifslk) -- C:\WINNT\system32\drivers\nifslkl.sys (National Instruments Corporation)
DRV - (EUBKMON) -- C:\WINNT\system32\drivers\EUBKMON.sys ()
DRV - (EUFS) -- C:\WINNT\system32\drivers\eufs.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (EUDSKACS) -- C:\WINNT\system32\drivers\eudskacs.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (EUBAKUP) -- C:\WINNT\system32\drivers\eubakup.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (EUDISK) -- C:\WINNT\system32\drivers\eudisk.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (SophosBootDriver) -- C:\WINNT\system32\drivers\SophosBootDriver.sys (Sophos Plc)
DRV - (ni1065k) -- C:\WINNT\system32\drivers\ni1065k.sys (National Instruments Corporation)
DRV - (ni1045k) -- C:\WINNT\system32\drivers\ni1045kl.sys (National Instruments Corporation)
DRV - (nipxibrc) -- C:\WINNT\system32\drivers\nipxibrc.sys (National Instruments Corporation)
DRV - (ni1006k) -- C:\WINNT\system32\drivers\ni1006k.sys (National Instruments Corporation)
DRV - (nipxibaf) -- C:\WINNT\system32\drivers\nipxibaf.sys (National Instruments Corporation)
DRV - (nicsrk) -- C:\WINNT\system32\drivers\nicsrkl.sys (National Instruments Corporation)
DRV - (niraptrk) -- C:\WINNT\system32\drivers\niraptrkl.sys (National Instruments Corporation)
DRV - (nicondrk) -- C:\WINNT\system32\drivers\nicondrkl.sys (National Instruments Corporation)
DRV - (nicmrk) -- C:\WINNT\system32\drivers\nicmrkl.sys (National Instruments Corporation)
DRV - (nimsrlk) -- C:\WINNT\system32\drivers\nimsrlk.dll (National Instruments Corporation)
DRV - (nimslk) -- C:\WINNT\system32\drivers\nimslk.dll (National Instruments Corporation)
DRV - (niswdk) -- C:\WINNT\system32\drivers\niswdkl.sys (National Instruments Corporation)
DRV - (nidsark) -- C:\WINNT\system32\drivers\nidsarkl.sys (National Instruments Corporation)
DRV - (niufurk) -- C:\WINNT\system32\drivers\niufurkl.sys (National Instruments Corporation)
DRV - (nixsrk) -- C:\WINNT\system32\drivers\nixsrkl.sys (National Instruments Corporation)
DRV - (nixsrkw) -- C:\WINNT\system32\drivers\nixsrkw.sys (National Instruments Corporation)
DRV - (niemrk) -- C:\WINNT\system32\drivers\niemrkl.sys (National Instruments Corporation)
DRV - (niwfrk) -- C:\WINNT\system32\drivers\niwfrkl.sys (National Instruments Corporation)
DRV - (nissrk) -- C:\WINNT\system32\drivers\nissrkl.sys (National Instruments Corporation)
DRV - (niesrk) -- C:\WINNT\system32\drivers\niesrkl.sys (National Instruments Corporation)
DRV - (nistc3rk) -- C:\WINNT\system32\drivers\nistc3rkl.sys (National Instruments Corporation)
DRV - (nitiork) -- C:\WINNT\system32\drivers\nitiorkl.sys (National Instruments Corporation)
DRV - (nimsdrk) -- C:\WINNT\system32\drivers\nimsdrkl.sys (National Instruments Corporation)
DRV - (nidmxfk) -- C:\WINNT\system32\drivers\nidmxfkl.sys (National Instruments Corporation)
DRV - (nimxpk) -- C:\WINNT\system32\drivers\nimxpkl.sys (National Instruments Corporation)
DRV - (nimstsk) -- C:\WINNT\system32\drivers\nimstskl.sys (National Instruments Corporation)
DRV - (nipalfwedl) -- C:\WINNT\system32\drivers\nipalfwedl.sys (National Instruments Corporation)
DRV - (nipalusbedl) -- C:\WINNT\system32\drivers\nipalusbedl.sys (National Instruments Corporation)
DRV - (NIPALK) -- C:\WINNT\system32\drivers\nipalk.sys (National Instruments Corporation)
DRV - (nisdigk) -- C:\WINNT\system32\drivers\nisdigkl.sys (National Instruments Corporation)
DRV - (nicdrk) -- C:\WINNT\system32\drivers\nicdrkl.sys (National Instruments Corporation)
DRV - (nisftk) -- C:\WINNT\system32\drivers\nisftkl.sys (National Instruments Corporation)
DRV - (ninshsdk) -- C:\WINNT\system32\drivers\ninshsdkl.sys (National Instruments Corporation)
DRV - (nipxirmk) -- C:\WINNT\system32\drivers\nipxirmkl.sys (National Instruments Corporation)
DRV - (nispdk) -- C:\WINNT\system32\drivers\nispdkl.sys (National Instruments Corporation)
DRV - (niscdk) -- C:\WINNT\system32\drivers\niscdkl.sys (National Instruments Corporation)
DRV - (NiViPxiK) -- C:\WINNT\system32\drivers\NiViPxiKl.sys (National Instruments Corporation)
DRV - (NiViPciK) -- C:\WINNT\system32\drivers\NiViPciKl.sys (National Instruments Corporation)
DRV - (nimxdfk) -- C:\WINNT\system32\drivers\nimxdfkl.sys (National Instruments Corporation)
DRV - (NIEthernetDeviceEnumerator) -- C:\WINNT\system32\drivers\niede.sys (National Instruments Corporation)
DRV - (nipxigpk) -- C:\WINNT\system32\drivers\nipxigpk.sys (National Instruments Corporation)
DRV - (nidimk) -- C:\WINNT\system32\drivers\nidimkl.sys (National Instruments Corporation)
DRV - (nimdbgk) -- C:\WINNT\system32\drivers\nimdbgkl.sys (National Instruments Corporation)
DRV - (VBoxUSB) -- C:\WINNT\system32\drivers\VBoxUSB.sys (Sun Microsystems, Inc.)
DRV - (nipbcfk) -- C:\WINNT\system32\drivers\nipbcfk.sys (National Instruments Corporation)
DRV - (VSPerfDrv100) -- C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys (Microsoft Corporation)
DRV - (nistcrk) -- C:\WINNT\system32\drivers\nistcrkl.sys (National Instruments Corporation)
DRV - (nimru2k) -- C:\WINNT\system32\drivers\nimru2kl.sys (National Instruments Corporation)
DRV - (niorbk) -- C:\WINNT\system32\drivers\niorbkl.sys (National Instruments Corporation)
DRV - (TruePort) -- C:\WINNT\system32\drivers\TruePort.sys (Perle Systems Limited )
DRV - (nistc2k) -- C:\WINNT\system32\drivers\nistc2kl.sys (National Instruments Corporation)
DRV - (lvalarmk) -- C:\WINNT\system32\drivers\lvalarmk.sys (National Instruments Corporation)
DRV - (stcvsm) -- C:\WINNT\System32\drivers\stcvsm.sys (StorageCraft Technology Corporation)
DRV - (sbmount) -- C:\WINNT\System32\drivers\sbmount.sys (StorageCraft Technology Corporation)
DRV - (Sentinel) -- C:\WINNT\system32\drivers\sentinel.sys (SafeNet, Inc.)
DRV - (SNTNLUSB) -- C:\WINNT\system32\drivers\SNTNLUSB.SYS (SafeNet, Inc.)
DRV - (MPE) -- C:\WINNT\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINNT\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (cvintdrv) -- C:\WINNT\System32\drivers\cvintdrv.sys ()
DRV - (LxrJD31d) -- C:\WINNT\system32\drivers\LxrJD31d.sys ()
DRV - (VPCNetS2) -- C:\WINNT\system32\drivers\VMNetSrv.sys (Microsoft Corporation)
DRV - (ncplentp) -- C:\WINNT\system32\drivers\NCPLENTP.SYS ()
DRV - (b57w2k) -- C:\WINNT\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (udmpdrvr) -- C:\WINNT\system32\drivers\userdump.sys (Microsoft Corporation)
DRV - (WimFltr) -- C:\WINNT\system32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (Cdr4_2K) -- C:\WINNT\System32\drivers\cdr4_2K.sys (Roxio)
DRV - (Cdralw2k) -- C:\WINNT\System32\drivers\cdralw2k.sys (Roxio)
DRV - (Ser2pl) -- C:\WINNT\system32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINNT\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (CBUL32) -- C:\WINNT\system32\drivers\CBUL32.SYS ()
DRV - (HdAudAddService) -- C:\WINNT\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider)
DRV - (MTsensor) -- C:\WINNT\system32\drivers\ASACPI.sys ()
DRV - (IOPort) -- C:\WINNT\system32\drivers\IOPORT.SYS (WINSOFT)
DRV - (usbupc) -- C:\WINNT\system32\drivers\usbupc.sys (Eagle Technology)
DRV - (DgiVecp) -- C:\WINNT\system32\drivers\Dgivecp.Sys (DeviceGuys, Inc.)
DRV - (usbhub20) -- C:\WINNT\system32\drivers\usbhub20.sys (Microsoft Corporation)
DRV - (Aspi32) -- C:\WINNT\System32\drivers\ASPI32.SYS (Adaptec)
DRV - (ES1370) Creative AudioPCI (ES1370), SB PCI 64/128 (WDM) -- C:\WINNT\system32\drivers\es1370mp.sys (Creative Technology Ltd.)
DRV - (PQNTDrv) -- C:\WINNT\System32\drivers\PQNTDRV.SYS ()
DRV - (rtl8029) Realtek RTL8029(AS) -- C:\WINNT\system32\drivers\RTL8029.sys (Realtek Semiconductor Corporation)
DRV - (SONYPVM1) Sony Memory Stick Driver(SONYPVM1) -- C:\WINNT\system32\drivers\SONYPVM1.SYS (Sony Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-21-2286752186-3697686403-1823448917-4165\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKU\S-1-5-21-2286752186-3697686403-1823448917-4165\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.auburn.edu/
IE - HKU\S-1-5-21-2286752186-3697686403-1823448917-4165\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2286752186-3697686403-1823448917-4165\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2286752186-3697686403-1823448917-4165\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.auburn.edu/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.8
FF - prefs.js..extensions.enabledItems: chmfox@zhuoqiang.me:1.2
FF - prefs.js..extensions.enabledItems: {6e098d65-7d2d-46d4-ada0-2f882a29f795}:0.2.3
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2009/10/09 15:51:43 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Eudora OSE 1.0\extensions\\Components: C:\Program Files\Eudora OSE\components [2011/10/19 12:21:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Eudora OSE 1.0\extensions\\Plugins: C:\Program Files\Eudora OSE\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.26\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/03 11:36:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.26\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/09 14:12:47 | 000,000,000 | ---D | M]

[2012/02/03 11:36:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\crumpms\Application Data\Mozilla\Extensions
[2011/10/19 12:21:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\crumpms\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/02/20 16:40:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\crumpms\Application Data\Mozilla\Firefox\Profiles\av00lmqv.default\extensions
[2012/02/20 16:39:59 | 000,000,000 | ---D | M] (CHM Reader) -- C:\Documents and Settings\crumpms\Application Data\Mozilla\Firefox\Profiles\av00lmqv.default\extensions\{6e098d65-7d2d-46d4-ada0-2f882a29f795}
[2012/02/03 12:42:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\crumpms\Application Data\Mozilla\Firefox\Profiles\av00lmqv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/02/06 10:32:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\crumpms\Application Data\Mozilla\Firefox\Profiles\av00lmqv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}-trash
[2012/02/20 16:27:11 | 000,000,000 | ---D | M] (ChmFox) -- C:\Documents and Settings\crumpms\Application Data\Mozilla\Firefox\Profiles\av00lmqv.default\extensions\chmfox@zhuoqiang.me
[2012/02/03 11:36:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/09 19:05:10 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\nplv2010win32.dll
[2011/06/22 12:43:54 | 000,026,112 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\nplv2011win32.dll
[2009/10/22 10:28:40 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\NPLV82Win32.dll
[2008/12/10 15:49:34 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\nplv86win32.dll
[2010/10/19 19:15:20 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\nplv90win32.dll

O1 HOSTS File: ([2010/02/03 11:21:12 | 000,000,759 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 131.204.250.16 software
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Limited)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2286752186-3697686403-1823448917-4165\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2286752186-3697686403-1823448917-4165\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2286752186-3697686403-1823448917-4165\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINNT\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [niDevMon] C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe (National Instruments Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINNT\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINNT\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINNT\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINNT\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINNT\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] C:\WINNT\system32\tscupgrd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 300
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2286752186-3697686403-1823448917-4165\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2286752186-3697686403-1823448917-4165\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2286752186-3697686403-1823448917-4165\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-21-2286752186-3697686403-1823448917-4165\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-2286752186-3697686403-1823448917-4165\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-2286752186-3697686403-1823448917-4165\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 1
O7 - HKU\S-1-5-21-2286752186-3697686403-1823448917-4165\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKU\S-1-5-21-2286752186-3697686403-1823448917-4165\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1
O7 - HKU\S-1-5-21-2286752186-3697686403-1823448917-4165\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\S-1-5-21-2286752186-3697686403-1823448917-4165\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 1
O7 - HKU\S-1-5-21-2286752186-3697686403-1823448917-4165\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-2286752186-3697686403-1823448917-4165\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 1
O7 - HKU\S-1-5-21-2286752186-3697686403-1823448917-4165\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Documents and Settings\All Users\Application Data\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Documents and Settings\All Users\Application Data\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Documents and Settings\All Users\Application Data\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O16 - DPF: {31564D57-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmvax.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1275937914093 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194877977687 (MUWebControl Class)
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} file://C:\WINNT\msxml4.cab (XML DOM Document 4.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 131.204.110.13 131.204.110.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eng.auburn.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{683836B3-A9D3-4BAB-9493-CBD6BCE807F2}: DhcpNameServer = 131.204.110.13 131.204.110.10
O18 - Protocol\Filter\application/xhtml+xml {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/xhtml+xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) - C:\WINNT\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\wzcnotif: DllName - (wzcdlg.dll) - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINNT\Earthrise.bmp
O24 - Desktop BackupWallPaper: C:\WINNT\Earthrise.bmp
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Qualcomm\Eudora Mail\EuShlExt.dll (Qualcomm Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/31 19:03:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{209ea25d-3687-11df-916b-0200523cb6d3}\Shell - "" = AutoRun
O33 - MountPoints2\{209ea25d-3687-11df-916b-0200523cb6d3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{209ea25d-3687-11df-916b-0200523cb6d3}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{26ed851e-f142-11dd-a053-0013d4677c65}\Shell - "" = AutoRun
O33 - MountPoints2\{26ed851e-f142-11dd-a053-0013d4677c65}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{26ed851e-f142-11dd-a053-0013d4677c65}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{5c6aa293-f78b-11dd-a055-0013d4677c65}\Shell - "" = AutoRun
O33 - MountPoints2\{5c6aa293-f78b-11dd-a055-0013d4677c65}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5c6aa293-f78b-11dd-a055-0013d4677c65}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{67ab1631-4227-11dd-8dcd-00a0d214a10b}\Shell - "" = AutoRun
O33 - MountPoints2\{67ab1631-4227-11dd-8dcd-00a0d214a10b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{67ab1631-4227-11dd-8dcd-00a0d214a10b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{dc81ebf4-5231-11df-b39a-0013d4677c65}\Shell - "" = AutoRun
O33 - MountPoints2\{dc81ebf4-5231-11df-b39a-0013d4677c65}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dc81ebf4-5231-11df-b39a-0013d4677c65}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/23 08:48:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\crumpms\Desktop\Bleeping Computer
[2012/03/22 08:57:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\crumpms\My Documents\NDIR
[2012/03/21 09:05:25 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2012/03/14 11:07:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\crumpms\Desktop\RZIM at Clemson
[2012/03/08 14:33:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\crumpms\My Documents\Research Inc
[2012/03/06 15:57:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\crumpms\My Documents\Lynda_dot_com
[2012/03/06 14:57:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\crumpms\My Documents\FAA
[2012/03/05 10:37:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\crumpms\Application Data\Measurement Studio
[2012/03/01 14:33:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\crumpms\Desktop\NIDAQmx
[2012/02/28 11:17:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\crumpms\Desktop\Copy of VB
[2012/02/24 17:15:37 | 000,000,000 | ---D | C] -- C:\National Instruments Downloads
[2012/02/24 10:25:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\crumpms\My Documents\VB6 To VB.NET DAQ
[2012/02/23 12:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\crumpms\Application Data\NVIDIA
[4 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
[2 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\Documents and Settings\crumpms\*.tmp files -> C:\Documents and Settings\crumpms\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/23 09:12:30 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2012/03/23 09:11:21 | 000,005,568 | RHS- | M] () -- C:\Documents and Settings\crumpms\ntuser.pol
[2012/03/23 09:10:55 | 000,115,084 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/03/23 09:10:02 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2012/03/23 09:09:59 | 2144,956,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/22 22:00:02 | 000,000,530 | ---- | M] () -- C:\WINNT\tasks\MWTH.job
[2012/03/22 21:40:43 | 000,002,644 | ---- | M] () -- C:\WINNT\System32\d3d9caps.dat
[2012/03/22 15:14:04 | 000,000,183 | ---- | M] () -- C:\WINNT\hpbafd.ini
[2012/03/21 13:17:29 | 000,019,694 | ---- | M] () -- C:\Documents and Settings\crumpms\Desktop\GMER_msg.jpg
[2012/03/20 16:41:44 | 000,069,956 | ---- | M] () -- C:\Documents and Settings\crumpms\Desktop\XEELCORP page.jpg
[2012/03/20 16:35:21 | 000,030,010 | ---- | M] () -- C:\Documents and Settings\crumpms\Desktop\WatchGuard.jpg
[2012/03/20 16:12:00 | 000,107,798 | ---- | M] () -- C:\Documents and Settings\crumpms\Desktop\IP_Address.jpg
[2012/03/20 16:11:05 | 000,099,721 | ---- | M] () -- C:\Documents and Settings\crumpms\Desktop\VPN_Connection.jpg
[2012/03/20 14:00:02 | 000,000,530 | ---- | M] () -- C:\WINNT\tasks\TFSS.job
[2012/03/19 10:10:33 | 000,040,477 | ---- | M] () -- C:\Documents and Settings\crumpms\Desktop\US Airways _ Airline tickets, vacations & business flights.pdf
[2012/03/17 14:36:52 | 000,576,326 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2012/03/17 14:36:52 | 000,116,384 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[2012/03/17 14:33:24 | 000,325,912 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[2012/03/16 17:25:13 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\crumpms\default.pls
[2012/03/16 17:25:12 | 000,000,202 | ---- | M] () -- C:\WINNT\NeroDigital.ini
[2012/03/16 09:20:42 | 001,116,339 | ---- | M] () -- C:\Documents and Settings\crumpms\Desktop\Mirrors in Space for Low-1.pdf
[2012/03/15 14:28:05 | 000,115,494 | ---- | M] () -- C:\WINNT\System32\cwref.GID
[2012/03/15 14:21:13 | 000,066,560 | ---- | M] () -- C:\WINNT\System32\CWANAL~1.oca
[2012/03/15 14:21:13 | 000,015,872 | ---- | M] () -- C:\WINNT\System32\cwhlpbtn.oca
[2012/03/15 13:20:11 | 000,001,374 | ---- | M] () -- C:\WINNT\imsins.BAK
[2012/03/14 14:36:54 | 000,000,520 | ---- | M] () -- C:\Documents and Settings\crumpms\LWHUB9.CFG
[2012/03/14 14:35:47 | 000,163,851 | ---- | M] () -- C:\Documents and Settings\crumpms\LWEXT9.CFG
[2012/03/14 14:35:47 | 000,009,780 | ---- | M] () -- C:\Documents and Settings\crumpms\LW9.CFG
[2012/03/14 14:35:46 | 000,000,055 | ---- | M] () -- C:\Documents and Settings\crumpms\LWMASTERS9.CFG
[2012/03/09 14:21:42 | 000,167,878 | ---- | M] () -- C:\WINNT\System32\niorbmap
[2012/03/07 14:53:23 | 000,110,440 | ---- | M] () -- C:\Documents and Settings\crumpms\Desktop\Data Acq with VB6.pdf
[2012/02/27 10:13:33 | 000,030,744 | ---- | M] (Sophos Limited) -- C:\WINNT\System32\SophosBootTasks.exe
[2012/02/24 17:29:34 | 000,000,291 | -HS- | M] () -- C:\boot.ini
[2012/02/24 17:12:05 | 000,031,292 | ---- | M] () -- C:\test.tdms
[2012/02/24 17:12:05 | 000,004,492 | ---- | M] () -- C:\test.tdms_index
[2012/02/23 12:27:08 | 000,004,149 | ---- | M] () -- C:\Documents and Settings\crumpms\LWM9.CFG
[2012/02/22 15:45:48 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINNT\System32\FlashPlayerCPLApp.cpl
[2012/02/22 15:13:38 | 000,081,115 | ---- | M] () -- C:\Documents and Settings\crumpms\My Documents\Anatomy of a Video Signal.pdf
[4 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
[2 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\Documents and Settings\crumpms\*.tmp files -> C:\Documents and Settings\crumpms\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/21 13:17:25 | 000,019,694 | ---- | C] () -- C:\Documents and Settings\crumpms\Desktop\GMER_msg.jpg
[2012/03/20 16:41:43 | 000,069,956 | ---- | C] () -- C:\Documents and Settings\crumpms\Desktop\XEELCORP page.jpg
[2012/03/20 16:35:20 | 000,030,010 | ---- | C] () -- C:\Documents and Settings\crumpms\Desktop\WatchGuard.jpg
[2012/03/20 16:11:59 | 000,107,798 | ---- | C] () -- C:\Documents and Settings\crumpms\Desktop\IP_Address.jpg
[2012/03/20 16:11:04 | 000,099,721 | ---- | C] () -- C:\Documents and Settings\crumpms\Desktop\VPN_Connection.jpg
[2012/03/19 10:10:33 | 000,040,477 | ---- | C] () -- C:\Documents and Settings\crumpms\Desktop\US Airways _ Airline tickets, vacations & business flights.pdf
[2012/03/16 09:20:42 | 001,116,339 | ---- | C] () -- C:\Documents and Settings\crumpms\Desktop\Mirrors in Space for Low-1.pdf
[2012/03/15 14:21:13 | 000,066,560 | ---- | C] () -- C:\WINNT\System32\CWANAL~1.oca
[2012/03/15 14:21:13 | 000,015,872 | ---- | C] () -- C:\WINNT\System32\cwhlpbtn.oca
[2012/03/15 13:04:49 | 000,001,374 | ---- | C] () -- C:\WINNT\imsins.BAK
[2012/03/07 14:53:23 | 000,110,440 | ---- | C] () -- C:\Documents and Settings\crumpms\Desktop\Data Acq with VB6.pdf
[2012/02/24 17:11:52 | 000,031,292 | ---- | C] () -- C:\test.tdms
[2012/02/24 17:11:52 | 000,004,492 | ---- | C] () -- C:\test.tdms_index
[2012/02/22 15:13:38 | 000,081,115 | ---- | C] () -- C:\Documents and Settings\crumpms\My Documents\Anatomy of a Video Signal.pdf
[2012/02/20 12:58:45 | 000,003,072 | ---- | C] () -- C:\WINNT\System32\iacenc.dll
[2012/02/06 11:08:00 | 000,162,304 | ---- | C] () -- C:\WINNT\System32\ztvunrar36.dll
[2012/02/06 11:08:00 | 000,153,088 | ---- | C] () -- C:\WINNT\System32\unrar3.dll
[2012/02/06 11:08:00 | 000,077,312 | ---- | C] () -- C:\WINNT\System32\ztvunace26.dll
[2012/02/06 11:08:00 | 000,075,264 | ---- | C] () -- C:\WINNT\System32\unacev2.dll
[2012/01/26 18:22:36 | 000,892,918 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2286752186-3697686403-1823448917-4165-0.dat
[2011/11/16 14:23:58 | 000,285,176 | ---- | C] () -- C:\WINNT\System32\nvdrsdb1.bin
[2011/11/16 14:23:58 | 000,285,176 | ---- | C] () -- C:\WINNT\System32\nvdrsdb0.bin
[2011/11/16 14:23:58 | 000,000,001 | ---- | C] () -- C:\WINNT\System32\nvdrssel.bin
[2011/11/16 14:23:30 | 002,130,002 | ---- | C] () -- C:\WINNT\System32\nvdata.data
[2011/11/07 13:40:23 | 000,065,793 | ---- | C] () -- C:\WINNT\System32\esfw32.bin
[2011/08/22 17:34:29 | 000,140,527 | ---- | C] () -- C:\WINNT\hpwins05.dat
[2011/08/22 17:29:10 | 000,077,824 | ---- | C] () -- C:\WINNT\System32\hpzids01.dll
[2011/08/22 17:29:07 | 000,012,400 | ---- | C] () -- C:\WINNT\hpwscr05.dat
[2011/08/22 17:29:07 | 000,003,953 | ---- | C] () -- C:\WINNT\hpwmdl05.dat
[2011/06/10 14:52:52 | 000,000,244 | ---- | C] () -- C:\WINNT\System32\nirpc.ini
[2011/06/09 09:03:43 | 000,035,720 | ---- | C] () -- C:\WINNT\System32\drivers\EUBKMON.sys
[2011/04/11 10:36:24 | 000,327,812 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-436374069-1202660629-839522115-1000-0.dat
[2011/04/11 10:36:24 | 000,291,590 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/03/23 12:54:44 | 000,050,272 | ---- | C] () -- C:\WINNT\System32\nispdu.dll
[2011/01/31 15:31:42 | 000,000,016 | ---- | C] () -- C:\WINNT\System32\nvModes.dat
[2010/12/10 15:24:38 | 000,000,034 | ---- | C] () -- C:\WINNT\System32\Converter_sysquict.dat
[2010/11/09 21:37:31 | 000,002,644 | ---- | C] () -- C:\WINNT\System32\d3d9caps.dat
[2010/10/01 10:52:14 | 000,022,919 | ---- | C] () -- C:\WINNT\System32\drivers\NIUSB72F30200.bin
[2010/10/01 10:52:14 | 000,022,919 | ---- | C] () -- C:\WINNT\System32\drivers\NIUSB72F3.bin
[2010/10/01 10:52:14 | 000,022,919 | ---- | C] () -- C:\WINNT\System32\drivers\NIUSB72CC0200.bin
[2010/10/01 10:52:14 | 000,022,919 | ---- | C] () -- C:\WINNT\System32\drivers\NIUSB72CC.bin
[2010/10/01 10:52:14 | 000,012,329 | R--- | C] () -- C:\WINNT\System32\drivers\NIUSB71D7.bin
[2010/10/01 10:52:14 | 000,012,329 | ---- | C] () -- C:\WINNT\System32\drivers\NIUSB71D80200.bin
[2010/10/01 10:52:14 | 000,012,329 | ---- | C] () -- C:\WINNT\System32\drivers\NIUSB71D70200.bin
[2010/10/01 10:52:14 | 000,012,329 | ---- | C] () -- C:\WINNT\System32\drivers\NIUSB71D60200.bin
[2010/10/01 10:52:14 | 000,012,329 | ---- | C] () -- C:\WINNT\System32\drivers\NIUSB717B0200.bin
[2010/10/01 10:52:14 | 000,012,329 | ---- | C] () -- C:\WINNT\System32\drivers\NIUSB717A0200.bin
[2010/10/01 10:52:14 | 000,010,674 | ---- | C] () -- C:\WINNT\System32\drivers\NIUSB71DF0200.bin
[2010/10/01 10:52:14 | 000,010,674 | ---- | C] () -- C:\WINNT\System32\drivers\NIUSB71DF.bin
[2010/10/01 10:52:14 | 000,009,381 | R--- | C] () -- C:\WINNT\System32\drivers\NIUSB717B.bin
[2010/10/01 10:52:14 | 000,009,381 | ---- | C] () -- C:\WINNT\System32\drivers\NIUSB717B0100.bin
[2010/10/01 10:52:14 | 000,009,295 | R--- | C] () -- C:\WINNT\System32\drivers\NIUSB71D8.bin
[2010/10/01 10:52:14 | 000,009,295 | ---- | C] () -- C:\WINNT\System32\drivers\NIUSB71D80100.bin
[2010/10/01 10:52:14 | 000,009,158 | R--- | C] () -- C:\WINNT\System32\drivers\NIUSB71D6.bin
[2010/10/01 10:52:14 | 000,009,158 | ---- | C] () -- C:\WINNT\System32\drivers\NIUSB71D60100.bin
[2010/10/01 10:52:14 | 000,009,146 | R--- | C] () -- C:\WINNT\System32\drivers\NIUSB717A.bin
[2010/10/01 10:52:14 | 000,009,146 | ---- | C] () -- C:\WINNT\System32\drivers\NIUSB717A0100.bin
[2010/10/01 10:52:14 | 000,008,091 | R--- | C] () -- C:\WINNT\System32\drivers\NIUSB718A.bin
[2010/10/01 10:52:14 | 000,008,091 | ---- | C] () -- C:\WINNT\System32\drivers\NIUSB718A0100.bin
[2010/10/01 10:52:14 | 000,007,697 | ---- | C] () -- C:\WINNT\System32\drivers\NIUSB718A0200.bin
[2010/07/12 22:53:10 | 000,071,776 | ---- | C] () -- C:\WINNT\System32\drivers\nispdk.dll
[2010/07/12 22:44:02 | 000,032,256 | ---- | C] () -- C:\WINNT\System32\niscdrau.dll
[2010/06/25 13:13:24 | 000,015,880 | ---- | C] () -- C:\WINNT\System32\lsdelete.exe

========== Custom Scans ==========

< %TEMP%\smtmp\*.* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 5760 bytes -> C:\Documents and Settings\crumpms\My Documents\NVE00001.png:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 5032 bytes -> C:\Documents and Settings\crumpms\My Documents\AA.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEC0D766
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95
@Alternate Data Stream - 11420 bytes -> C:\Documents and Settings\crumpms\My Documents\Peggy.jpg:Q30lsldxJoudresxAaaqpcawXc

< End of report >

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:06 AM

Posted 23 March 2012 - 10:30 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 crumpms

crumpms
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 23 March 2012 - 02:47 PM

Gringo,
here's the latest from from instructions:

(1) I downloaded and ran ComboFix. It downloaded and installed the Recovery Console. ComboFix then proceeded to run. After approximately 20 minutes I determined that the system was hung/stuck, so I performed a reboot.

(2) After the reboot I started the Task Manager (so I could observe the running processes). I then started ComboFix a second time. The blue screen titled "Autoscan" had the following in it: "Scanning for infected files... This typically doesn't take more than 10 minutes. However, scan times for badly infected machines may easily double." There was also a blinking cursor. Approximately 5 minutes or so into the scan the Task Manager shut down. A few minutes later the disk activity LED on the system was no longer blinking. The cursor in the Autoscan window was no longer blinking. Approximately 20 minutes after I had started this run I determined that the system was hanging.

(3) Reboot into Safe Mode and try running ComboFix in Safe Mode. I started the Task Manager before starting ComboFix. I again received the blue "Autoscan" window with it's message about scan times. At some point the system again hung.

(4) Reboot into normal mode. Run ComboFix again. After thirty minutes the system had not finished it's scan and it was hung again.

So, after trying to run ComboFix four times I have no logs for you. Suggestions?

Thanks,

Mike

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:06 AM

Posted 23 March 2012 - 03:51 PM

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
ComboFix /nombr
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 crumpms

crumpms
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 23 March 2012 - 05:30 PM

Gringo,
it took about an hour and a half, but ComboFix finally ran and produced a report. As a quick test before I posted this, I did Google and Bing searches: MUCH faster (only takes a few seconds), but when I click on returned links (in both) I'm still getting redirected.

Here's the ComboFix log:

ComboFix 12-03-22.01 - crumpms 03/23/2012 16:08:02.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1170 [GMT -5:00]
Running from: c:\documents and settings\crumpms\Desktop\Bleeping Computer\ComboFix.exe
Command switches used :: /nombr
AV: Sophos Anti-Virus *Disabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\crumpms\g2mdlhlpx.exe
c:\documents and settings\crumpms\ntuser.tmp
C:\Thumbs.db
c:\winnt\system32\~GLH0056.TMP
c:\winnt\system32\~GLH0058.TMP
c:\winnt\system32\msconfig.exe
c:\winnt\Web\default.htt
c:\winnt\winfile.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_PASSWORD
-------\Service_IAS
.
.
((((((((((((((((((((((((( Files Created from 2012-02-23 to 2012-03-23 )))))))))))))))))))))))))))))))
.
.
2012-03-21 14:05 . 2012-03-21 14:05 -------- d-----w- c:\program files\Autodesk
2012-03-15 19:21 . 2012-03-15 19:21 66560 ----a-w- c:\winnt\system32\CWANAL~1.oca
2012-03-15 19:21 . 2012-03-15 19:21 15872 ----a-w- c:\winnt\system32\cwhlpbtn.oca
2012-03-05 15:37 . 2012-03-05 15:37 -------- d-----w- c:\documents and settings\crumpms\Application Data\Measurement Studio
2012-02-24 22:15 . 2012-02-24 22:15 -------- d-----w- C:\National Instruments Downloads
2012-02-23 17:26 . 2012-02-23 17:26 -------- d-----w- c:\documents and settings\crumpms\Application Data\NVIDIA
2012-02-23 05:20 . 2012-02-23 05:20 327432 ----a-w- c:\program files\Common Files\Microsoft Shared\VSA\9.0\VsaEnv\vsaenv.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-27 15:13 . 2011-04-21 19:31 30744 ----a-w- c:\winnt\system32\SophosBootTasks.exe
2012-02-22 20:45 . 2011-08-02 16:46 404640 ----a-w- c:\winnt\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2004-08-04 12:00 1860096 ----a-w- c:\winnt\system32\win32k.sys
2012-01-11 19:06 . 2012-02-20 17:58 3072 ------w- c:\winnt\system32\iacenc.dll
2012-01-11 15:00 . 2011-04-07 21:34 2524704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-01-09 16:20 . 2009-01-06 15:17 139784 ----a-w- c:\winnt\system32\drivers\rdpwd.sys
2011-06-10 00:05 . 2011-06-10 00:05 158720 ----a-w- c:\program files\internet explorer\plugins\LV2010ActiveXControl.dll
2011-06-22 17:44 . 2011-06-22 17:44 158720 ----a-w- c:\program files\internet explorer\plugins\LV2011ActiveXControl.dll
2004-03-15 23:51 . 2007-07-22 23:46 114688 ----a-w- c:\program files\internet explorer\plugins\LV71ActiveXControl.dll
2005-10-12 20:04 . 2007-07-22 23:46 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2009-10-22 15:28 . 2009-10-22 15:28 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2008-12-10 20:50 . 2008-12-10 20:50 118784 ----a-w- c:\program files\internet explorer\plugins\LV86ActiveXControl.dll
2010-10-20 00:15 . 2010-10-20 00:15 158720 ----a-w- c:\program files\internet explorer\plugins\LV90ActiveXControl.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [2008-04-14 143360]
"RTHDCPL"="RTHDCPL.EXE" [2005-05-25 14477312]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2011-03-14 494616]
"niDevMon"="c:\program files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe" [2010-04-20 109712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2008-04-14 214528]
"tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-04 44544]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2007-7-22 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
"MaxGPOScriptWait"= 300 (0x12c)
"SynchronousUserGroupPolicy"= 1 (0x1)
"SynchronousMachineGroupPolicy"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 1 (0x1)
"HideLogonScripts"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\qualcomm\Eudora Mail\EuShlExt.dll" [2005-08-09 86016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2286752186-3697686403-1823448917-4165\Scripts\Logoff\0\0]
"Script"=englog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2286752186-3697686403-1823448917-4165\Scripts\Logon\0\0]
"Script"=englog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2286752186-3697686403-1823448917-4165\Scripts\Logon\0\1]
"Script"=notify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2286752186-3697686403-1823448917-4165\Scripts\Logon\0\2]
"Script"=logon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2286752186-3697686403-1823448917-4165\Scripts\Logon\0\3]
"Script"=engpatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2286752186-3697686403-1823448917-42946\Scripts\Logoff\0\0]
"Script"=englog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2286752186-3697686403-1823448917-42946\Scripts\Logon\0\0]
"Script"=englog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2286752186-3697686403-1823448917-42946\Scripts\Logon\0\1]
"Script"=notify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2286752186-3697686403-1823448917-42946\Scripts\Logon\0\2]
"Script"=logon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2286752186-3697686403-1823448917-42946\Scripts\Logon\0\3]
"Script"=engpatch.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Eudora.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Eudora.exe.lnk
backup=c:\winnt\pss\Eudora.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NI Error Reporting.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NI Error Reporting.lnk
backup=c:\winnt\pss\NI Error Reporting.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-09-23 00:11 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2011-01-31 06:36 38840 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 08:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2010-01-11 22:18 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 09:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2007-02-26 06:01 437160 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]
2011-04-22 23:26 69000 ----a-w- c:\program files\EASEUS\Todo Backup\bin\EuWatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2005-01-07 23:07 61952 ----a-w- c:\winnt\system32\HdAShCut.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2006-09-15 18:27 2048000 ----a-w- c:\program files\Ahead\Nero BackItUp\NBJ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NcpBudget]
2006-12-01 18:54 228352 ----a-w- c:\program files\WatchGuard\Mobile VPN\NCPBUDGT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NcpMonitor]
2007-11-13 16:27 3451904 ----a-w- c:\program files\WatchGuard\Mobile VPN\NCPMON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NcpPopup]
2007-11-07 21:13 535040 ----a-w- c:\program files\WatchGuard\Mobile VPN\NCPPOPUP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 20:40 155648 ----a-w- c:\winnt\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI Update Service]
2011-06-07 18:41 3002976 ----a-w- c:\program files\National Instruments\Shared\Update Service\NIUpdateService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\niDevMon]
2010-04-20 15:21 109712 ----a-w- c:\program files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2009-08-03 19:59 1044480 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 16:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
2011-05-19 00:32 1233856 ----a-w- c:\program files\Trojan Remover\Trjscan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
2003-03-05 19:49 335872 ----a-w- c:\program files\RealVNC\WinVNC\winvnc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"lkTimeSync"=2 (0x2)
"lkClassAds"=2 (0x2)
"LkCitadelServer"=2 (0x2)
"NITaggerService"=2 (0x2)
"niSvcLoc"=2 (0x2)
"NILM License Manager"=3 (0x3)
"NIDomainService"=2 (0x2)
"MSSQL$SQLEXPRESS"=2 (0x2)
"rwsrsu"=2 (0x2)
"wuauserv"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\Program Files\\LightWave [8]\\Programs\\modeler.exe"=
"c:\\Program Files\\LightWave [8]\\Programs\\lightwav.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\National Instruments\\Shared\\NI WebServer\\ApplicationWebServer.exe"=
"c:\\Program Files\\National Instruments\\Shared\\NI WebServer\\SystemWebServer.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5901:UDP"= 5901:UDP:NewTek iVGA
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"138:UDP"= 138:UDP:NewTek iVGA
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 EUBAKUP;EUBAKUP;c:\winnt\system32\drivers\eubakup.sys [6/9/2011 9:03 AM 30600]
R0 EUBKMON;EUBKMON;c:\winnt\system32\drivers\EUBKMON.sys [6/9/2011 9:03 AM 35720]
R0 EUFS;EUFS;c:\winnt\system32\drivers\eufs.sys [6/9/2011 9:03 AM 20744]
R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\winnt\system32\drivers\nipbcfk.sys [3/24/2010 12:27 PM 15448]
R0 nipxibaf;National Instruments PXI Bridge Access Driver;c:\winnt\system32\drivers\nipxibaf.sys [4/8/2011 7:21 PM 58504]
R0 nipxibrc;National Instruments PXI Bridge Configuration Driver;c:\winnt\system32\drivers\nipxibrc.sys [4/8/2011 7:21 PM 42136]
R0 SONYPVM1;Sony Memory Stick Driver(SONYPVM1);c:\winnt\system32\drivers\SONYPVM1.SYS [7/22/2007 6:14 PM 28224]
R0 stcvsm;stcvsm;c:\winnt\system32\drivers\stcvsm.sys [2/26/2009 11:35 AM 144288]
R1 CBUL32;Measurement Computing DataAcq;c:\winnt\system32\drivers\CBUL32.SYS [7/22/2007 6:14 PM 53952]
R1 EUDSKACS;EUDSKACS;c:\winnt\system32\drivers\eudskacs.sys [6/9/2011 9:03 AM 14216]
R1 SAVOnAccessControl;SAVOnAccessControl;c:\winnt\system32\drivers\savonaccesscontrol.sys [4/21/2011 2:30 PM 153728]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\winnt\system32\drivers\savonaccessfilter.sys [4/21/2011 2:30 PM 24192]
R1 sbmount;StorageCraft Image Mount Driver;c:\winnt\system32\drivers\sbmount.sys [2/26/2009 11:35 AM 95776]
R1 SKMScan;SKMScan;c:\winnt\system32\drivers\skmscan.sys [10/11/2011 4:40 PM 31736]
R2 BackLog;BackLog EventLog Forwarder;c:\program files\BackLog\AuditService.exe [10/11/2011 4:29 PM 32768]
R2 IOPort;IOPort;c:\winnt\system32\drivers\IOPORT.SYS [7/22/2007 6:14 PM 6656]
R2 ncpclcfg;ncpclcfg;c:\program files\WatchGuard\Mobile VPN\ncpclcfg.exe [6/2/2009 2:57 PM 77824]
R2 ncprwsnt;ncprwsnt;c:\program files\WatchGuard\Mobile VPN\NCPRWSNT.EXE [6/2/2009 2:57 PM 1032192]
R2 NIApplicationWebServer;NI Application Web Server;c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [5/27/2011 2:43 PM 50336]
R2 nidevldu;NI Device Loader;c:\winnt\system32\nipalsm.exe [3/24/2010 3:23 PM 12696]
R2 niLXIDiscovery;National Instruments LXI Discovery Service;c:\program files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [6/23/2010 2:14 PM 131776]
R2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [6/1/2011 5:32 PM 194224]
R2 NINetworkDiscovery;NI Network Discovery;c:\program files\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [6/10/2011 3:11 PM 121032]
R2 nipxirmk;nipxirmk;c:\winnt\system32\drivers\nipxirmkl.sys [7/13/2010 6:30 PM 11416]
R2 NiViPxiK;NI-VISA PXI Driver;c:\winnt\system32\drivers\NiViPxiKl.sys [6/23/2010 11:04 AM 11432]
R2 rshd;RSH Daemon;c:\winnt\local\etc\rshd.exe [10/11/2011 4:26 PM 69120]
R2 ShadowProtectSvc;ShadowProtect Service;c:\program files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe [2/26/2009 11:35 AM 1255968]
R2 udmpsvc;User Mode Process Dumper;system32\kktools\userdump.exe -Service --> system32\kktools\userdump.exe -Service [?]
R2 VSNAPVSS;StorageCraft Shadow Copy Provider;c:\winnt\system32\vsnapvss.exe [2/26/2009 11:35 AM 70176]
R3 EUDISK;EASEUS Disk Enumerator;c:\winnt\system32\drivers\eudisk.sys [6/9/2011 9:03 AM 187528]
R3 ncplentp;WatchGuard Secure Client Adapter Driver;c:\winnt\system32\drivers\NCPLENTP.SYS [6/2/2009 2:57 PM 77696]
R3 nidimk;nidimk;c:\winnt\system32\drivers\nidimkl.sys [6/11/2010 3:30 PM 11432]
R3 NIEthernetDeviceEnumerator;NI Ethernet Device Enumerator Driver;c:\winnt\system32\drivers\niede.sys [2/10/2012 4:48 PM 32432]
R3 nimru2k;nimru2k;c:\winnt\system32\drivers\nimru2kl.sys [8/24/2009 4:08 PM 11360]
R3 nimstsk;nimstsk;c:\winnt\system32\drivers\nimstskl.sys [3/23/2011 12:18 AM 11944]
R3 nipalusbedl;nipalusbedl;c:\winnt\system32\drivers\nipalusbedl.sys [2/14/2011 6:23 PM 11968]
R3 nixsrk;nixsrk;c:\winnt\system32\drivers\nixsrkl.sys [3/23/2011 3:52 PM 11920]
R3 nixsrkw;nixsrkw;c:\winnt\system32\drivers\nixsrkw.sys [3/23/2011 3:52 PM 11920]
R3 udmpdrvr;User Mode Process Dumper Driver;c:\winnt\system32\drivers\userdump.sys [4/19/2011 9:54 AM 64384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\winnt\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [11/16/2011 2:27 PM 2253120]
S2 TruePortSrv;Perle TruePort Service;c:\winnt\system32\TruePort.exe [3/25/2009 8:10 AM 116248]
S3 DbgProxy;Visual Studio Debugger Proxy Service;c:\program files\Common Files\Microsoft Shared\VS7Debug\dbgproxy.exe [9/23/2005 7:01 AM 129728]
S3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM);c:\winnt\system32\drivers\es1370mp.sys [10/30/2007 2:32 PM 37504]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S3 lvalarmk;lvalarmk;c:\winnt\system32\drivers\lvalarmk.sys [12/5/2008 5:21 PM 20104]
S3 NcpSec;NcpSec;c:\program files\WatchGuard\Mobile VPN\NCPSEC.EXE [6/2/2009 2:57 PM 45056]
S3 ni1006k;NI PXI-1006 Chassis Pilot;c:\winnt\system32\drivers\ni1006k.sys [4/8/2011 7:21 PM 26192]
S3 ni1045k;NI PXI-1045 Chassis Pilot;c:\winnt\system32\drivers\ni1045kl.sys [4/8/2011 7:21 PM 11344]
S3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\winnt\system32\drivers\ni1065k.sys [4/8/2011 7:21 PM 22608]
S3 nicdrk;nicdrk;c:\winnt\system32\drivers\nicdrkl.sys [8/12/2010 10:36 PM 11352]
S3 nicmrk;nicmrk;c:\winnt\system32\drivers\nicmrkl.sys [4/1/2011 3:52 PM 11952]
S3 nicondrk;nicondrk;c:\winnt\system32\drivers\nicondrkl.sys [4/1/2011 4:08 PM 11912]
S3 nicsrk;nicsrk;c:\winnt\system32\drivers\nicsrkl.sys [4/1/2011 4:53 PM 11920]
S3 nidmxfk;nidmxfk;c:\winnt\system32\drivers\nidmxfkl.sys [3/23/2011 12:51 AM 11920]
S3 nidsark;nidsark;c:\winnt\system32\drivers\nidsarkl.sys [3/23/2011 4:58 PM 11928]
S3 niemrk;niemrk;c:\winnt\system32\drivers\niemrkl.sys [3/23/2011 3:22 PM 11920]
S3 niesrk;niesrk;c:\winnt\system32\drivers\niesrkl.sys [3/23/2011 12:07 PM 11920]
S3 nifslk;nifslk;c:\winnt\system32\drivers\nifslkl.sys [6/15/2011 11:40 AM 11936]
S3 nimsdrk;nimsdrk;c:\winnt\system32\drivers\nimsdrkl.sys [3/23/2011 1:50 AM 11976]
S3 nimslk;nimslk;c:\winnt\system32\drivers\nimslk.dll [3/31/2011 11:44 AM 14464]
S3 nimsrlk;nimsrlk;c:\winnt\system32\drivers\nimsrlk.dll [3/31/2011 11:44 AM 151683]
S3 nimxpk;nimxpk;c:\winnt\system32\drivers\nimxpkl.sys [3/23/2011 12:20 AM 11952]
S3 ninshsdk;ninshsdk;c:\winnt\system32\drivers\ninshsdkl.sys [7/14/2010 12:05 PM 11944]
S3 nipalfwedl;nipalfwedl;c:\winnt\system32\drivers\nipalfwedl.sys [2/14/2011 6:27 PM 11968]
S3 nipxigpk;NI PXI Generic Chassis Pilot;c:\winnt\system32\drivers\nipxigpk.sys [6/14/2010 3:30 PM 21144]
S3 niraptrk;niraptrk;c:\winnt\system32\drivers\niraptrkl.sys [4/1/2011 4:21 PM 11912]
S3 niscdk;niscdk;c:\winnt\system32\drivers\niscdkl.sys [7/12/2010 10:41 PM 11960]
S3 nisdigk;nisdigk;c:\winnt\system32\drivers\nisdigkl.sys [10/1/2010 10:52 AM 11936]
S3 nisftk;nisftk;c:\winnt\system32\drivers\nisftkl.sys [7/14/2010 12:21 PM 11928]
S3 nispdk;nispdk;c:\winnt\system32\drivers\nispdkl.sys [7/12/2010 10:53 PM 11960]
S3 nissrk;nissrk;c:\winnt\system32\drivers\nissrkl.sys [3/23/2011 12:28 PM 11920]
S3 nistc2k;nistc2k;c:\winnt\system32\drivers\nistc2kl.sys [1/5/2009 11:19 AM 11312]
S3 nistc3rk;nistc3rk;c:\winnt\system32\drivers\nistc3rkl.sys [3/23/2011 11:48 AM 11912]
S3 nistcrk;nistcrk;c:\winnt\system32\drivers\nistcrkl.sys [8/31/2009 3:15 PM 11360]
S3 niswdk;niswdk;c:\winnt\system32\drivers\niswdkl.sys [3/23/2011 8:27 PM 11912]
S3 nitiork;nitiork;c:\winnt\system32\drivers\nitiorkl.sys [3/23/2011 11:21 AM 11944]
S3 niufurk;niufurk;c:\winnt\system32\drivers\niufurkl.sys [3/23/2011 4:38 PM 11944]
S3 NiViPciK;NI-VISA PCI Driver;c:\winnt\system32\drivers\NiViPciKl.sys [6/23/2010 11:03 AM 11432]
S3 niwfrk;niwfrk;c:\winnt\system32\drivers\niwfrkl.sys [3/23/2011 12:45 PM 11920]
S3 sdcfilter;sdcfilter;c:\winnt\system32\drivers\sdcfilter.sys [4/21/2011 2:30 PM 24312]
S3 TruePort;Perle TruePort Multi-port Serial Driver;c:\winnt\system32\drivers\TruePort.sys [3/25/2009 10:10 AM 78872]
S3 usb6xxxk;usb6xxxk;\??\c:\winnt\system32\drivers\usb6xxxkl.sys --> c:\winnt\system32\drivers\usb6xxxkl.sys [?]
S3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [7/22/2007 6:14 PM 49776]
S3 usbupc;URD Series;c:\winnt\system32\drivers\usbupc.sys [6/24/2008 11:07 AM 40749]
S3 VBoxUSB;VirtualBox USB;c:\winnt\system32\drivers\VBoxUSB.sys [4/27/2010 12:22 PM 31824]
S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [12/8/2009 9:24 PM 48128]
S3 WinRM;Windows Remote Management (WS-Management);c:\winnt\system32\svchost.exe -k WINRM [8/4/2004 7:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\winnt\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 AgDataUpdateSvc9;AGI Data Update Service for STK 9;c:\program files\AGI\STK 9\bin\AgDataUpdateSvc9.exe [5/7/2010 1:37 AM 54728]
S4 Atioecum;Atioecum; [x]
S4 cpuz127;cpuz127;\??\c:\docume~1\crumpms\LOCALS~1\Temp\cpuz_x32.sys --> c:\docume~1\crumpms\LOCALS~1\Temp\cpuz_x32.sys [?]
S4 EASEUS Agent;EASEUS Agent;c:\program files\EASEUS\Todo Backup\bin\Agent.exe [6/9/2011 8:58 AM 56200]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/22/2009 10:08 PM 47128]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 --> c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [?]
S4 RsFx0105;RsFx0105 Driver;c:\winnt\system32\drivers\RsFx0105.sys [9/22/2011 5:10 PM 238696]
S4 rwsrsu;RwsRsu;c:\program files\WatchGuard\Mobile VPN\RWSRSU.exe [6/2/2009 2:57 PM 266240]
S4 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [10/12/2011 1:53 AM 167960]
S4 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [10/11/2011 4:40 PM 99864]
S4 SophosBootDriver;SophosBootDriver;c:\winnt\system32\drivers\SophosBootDriver.sys [4/21/2011 2:30 PM 14976]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [9/22/2011 5:17 PM 370024]
S4 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [10/12/2011 1:53 AM 1543704]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NIPALK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-01 c:\winnt\Tasks\AdobeAAMUpdater-1.0-MSC-crumpms.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-09-12 08:44]
.
2012-03-23 c:\winnt\Tasks\MWTH.job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2011-10-11 21:39]
.
2012-03-23 c:\winnt\Tasks\TFSS.job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2011-10-11 21:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.auburn.edu/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\documents and settings\All Users\Application Data\Sophos Web Intelligence\swi_lsp.dll
TCP: DhcpNameServer = 131.204.110.13 131.204.110.10
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\crumpms\Application Data\Mozilla\Firefox\Profiles\av00lmqv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.auburn.edu/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: ChmFox: chmfox@zhuoqiang.me - %profile%\extensions\chmfox@zhuoqiang.me
FF - Ext: CHM Reader: {6e098d65-7d2d-46d4-ada0-2f882a29f795} - %profile%\extensions\{6e098d65-7d2d-46d4-ada0-2f882a29f795}
.
- - - - ORPHANS REMOVED - - - -
.
Notify-AtiExtEvent - (no file)
SafeBoot-sglfb.sys
SafeBoot-tga.sys
MSConfigStartUp-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
MSConfigStartUp-ATICCC - c:\program files\ATI Technologies\ATI.ACE\cli.exe
MSConfigStartUp-ATIPTA - c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
MSConfigStartUp-BiGQKHoSaOa - c:\documents and settings\All Users\Application Data\BiGQKHoSaOa.exe
MSConfigStartUp-NI Background Service - c:\program files\National Instruments\Shared\Update Service\niupdate.exe
AddRemove-ActiveTouchMeetingClient - c:\progra~1\mozill~2\plugins\atcliun.exe
AddRemove-Ad-Aware SE Personal - c:\progra~1\Lavasoft\AD-AWA~1\UNWISE.EXE
AddRemove-Eudora 4.0 - c:\qualcomm\EUDORA~1\swmapi.exe
AddRemove-HijackThis - c:\documents and settings\crumpms\My Documents\Software\Infection\HijackThis\HijackThis.exe
AddRemove-{6ACA2FD2-4C4A-42F3-AFB5-7B433BBDF6DB} - c:\program files\InstallShield Installation Information\{6ACA2FD2-4C4A-42F3-AFB5-7B433BBDF6DB}\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-23 16:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sophos Message Router]
"ImagePath"="\"c:\program files\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(812)
c:\documents and settings\All Users\Application Data\Sophos Web Intelligence\swi_lsp.dll
.
- - - - - - - > 'explorer.exe'(1648)
c:\winnt\system32\WININET.dll
c:\documents and settings\All Users\Application Data\Sophos Web Intelligence\swi_lsp.dll
c:\winnt\system32\msi.dll
c:\winnt\system32\ieframe.dll
c:\winnt\system32\mshtml.dll
c:\winnt\system32\msls31.dll
c:\winnt\system32\jscript.dll
c:\winnt\system32\Macromed\Flash\Flash10u.ocx
c:\winnt\system32\webcheck.dll
c:\winnt\system32\WPDShServiceObj.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\winnt\system32\PortableDeviceTypes.dll
c:\winnt\system32\PortableDeviceApi.dll
c:\winnt\system32\ImgUtil.dll
c:\winnt\system32\pngfilt.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\program files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
c:\winnt\system32\Dxtrans.dll
c:\winnt\system32\Dxtmsft.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\winnt\system32\lkads.exe
c:\program files\National Instruments\MAX\nimxs.exe
c:\program files\National Instruments\Shared\Security\nidmsrv.exe
c:\program files\National Instruments\Shared\NI WebServer\SystemWebServer.exe
c:\program files\National Instruments\Shared\Tagger\tagsrv.exe
c:\winnt\system32\nvsvc32.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\winnt\system32\kktools\userdump.exe
c:\winnt\System32\vssvc.exe
c:\winnt\system32\lkcitdl.exe
c:\winnt\system32\lktsrv.exe
c:\winnt\system32\nipxism.exe
c:\winnt\system32\wscntfy.exe
c:\winnt\RTHDCPL.EXE
c:\winnt\system32\RunDLL32.exe
c:\program files\Microsoft Office\Office\1033\msoffice.exe
.
**************************************************************************
.
Completion time: 2012-03-23 17:18:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-23 22:17
.
Pre-Run: 212,406,800,384 bytes free
Post-Run: 213,382,692,864 bytes free
.
- - End Of File - - DC1B85693E92B45D2B0063C012C2EA1F

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:06 AM

Posted 23 March 2012 - 05:39 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 crumpms

crumpms
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 23 March 2012 - 08:39 PM

Gringo,
I've downloaded and run TDSSKiller and aswMBR. I had to run aswMBR twice (it crashed the first time). I've rebooted after the second run of aswMBR and tested Google and Bing. Both are very quick and initially there appears to be no redirects. I will continue to test a little more tonight and tomorrow.

Thank you VERY MUCH for your assistance!! :clapping:

Here are the TDSSKiller and aswMBR log files:

17:45:48.0584 1504 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
17:45:48.0881 1504 ============================================================
17:45:48.0881 1504 Current date / time: 2012/03/23 17:45:48.0881
17:45:48.0881 1504 SystemInfo:
17:45:48.0881 1504
17:45:48.0881 1504 OS Version: 5.1.2600 ServicePack: 3.0
17:45:48.0881 1504 Product type: Workstation
17:45:48.0881 1504 ComputerName: MTL72
17:45:48.0881 1504 UserName: crumpms
17:45:48.0881 1504 Windows directory: C:\WINNT
17:45:48.0881 1504 System windows directory: C:\WINNT
17:45:48.0881 1504 Processor architecture: Intel x86
17:45:48.0881 1504 Number of processors: 2
17:45:48.0881 1504 Page size: 0x1000
17:45:48.0881 1504 Boot type: Normal boot
17:45:48.0881 1504 ============================================================
17:45:50.0021 1504 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:45:50.0084 1504 \Device\Harddisk0\DR0:
17:45:50.0209 1504 MBR used
17:45:50.0209 1504 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
17:45:50.0224 1504 Initialize success
17:45:50.0224 1504 ============================================================
17:46:09.0194 1408 ============================================================
17:46:09.0194 1408 Scan started
17:46:09.0194 1408 Mode: Manual;
17:46:09.0194 1408 ============================================================
17:46:09.0475 1408 Abiosdsk - ok
17:46:09.0491 1408 abp480n5 - ok
17:46:09.0522 1408 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINNT\system32\Drivers\ACPI.sys
17:46:09.0522 1408 ACPI - ok
17:46:09.0553 1408 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINNT\system32\drivers\ACPIEC.sys
17:46:09.0553 1408 ACPIEC - ok
17:46:09.0584 1408 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\WINNT\system32\drivers\adfs.sys
17:46:09.0584 1408 adfs - ok
17:46:09.0631 1408 ADIHdAudAddService (0bcb5bd6ea1cbf1750d881e0c4e923ff) C:\WINNT\system32\drivers\ADIHdAud.sys
17:46:09.0631 1408 ADIHdAudAddService - ok
17:46:09.0647 1408 adpu160m - ok
17:46:09.0647 1408 aec (8bed39e3c35d6a489438b8141717a557) C:\WINNT\system32\drivers\aec.sys
17:46:09.0662 1408 aec - ok
17:46:09.0678 1408 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINNT\System32\drivers\afd.sys
17:46:09.0678 1408 AFD - ok
17:46:09.0787 1408 AgDataUpdateSvc9 (12ce4995886cf11a3772705d74184e8c) C:\Program Files\AGI\STK 9\bin\AgDataUpdateSvc9.exe
17:46:09.0787 1408 AgDataUpdateSvc9 - ok
17:46:09.0803 1408 Aha154x - ok
17:46:09.0803 1408 aic116x - ok
17:46:09.0819 1408 aic78u2 - ok
17:46:09.0819 1408 aic78xx - ok
17:46:09.0850 1408 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINNT\system32\alrsvc.dll
17:46:09.0850 1408 Alerter - ok
17:46:09.0866 1408 ALG (8c515081584a38aa007909cd02020b3d) C:\WINNT\System32\alg.exe
17:46:09.0866 1408 ALG - ok
17:46:09.0881 1408 AliIde - ok
17:46:09.0881 1408 ami0nt - ok
17:46:09.0897 1408 amsint - ok
17:46:09.0928 1408 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINNT\System32\appmgmts.dll
17:46:09.0928 1408 AppMgmt - ok
17:46:09.0944 1408 asc - ok
17:46:09.0959 1408 asc3350p - ok
17:46:09.0959 1408 asc3550 - ok
17:46:09.0975 1408 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINNT\system32\drivers\Aspi32.sys
17:46:09.0975 1408 Aspi32 - ok
17:46:10.0037 1408 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINNT\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:46:10.0053 1408 aspnet_state - ok
17:46:10.0069 1408 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINNT\system32\DRIVERS\asyncmac.sys
17:46:10.0069 1408 AsyncMac - ok
17:46:10.0069 1408 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINNT\system32\Drivers\atapi.sys
17:46:10.0069 1408 atapi - ok
17:46:10.0084 1408 Atdisk - ok
17:46:10.0100 1408 Atioecum - ok
17:46:10.0116 1408 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINNT\system32\DRIVERS\atmarpc.sys
17:46:10.0116 1408 Atmarpc - ok
17:46:10.0131 1408 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINNT\System32\audiosrv.dll
17:46:10.0131 1408 AudioSrv - ok
17:46:10.0162 1408 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINNT\system32\DRIVERS\audstub.sys
17:46:10.0162 1408 audstub - ok
17:46:10.0194 1408 b57w2k (d0692f7b8217e3b82d2bfac535816117) C:\WINNT\system32\DRIVERS\b57xp32.sys
17:46:10.0194 1408 b57w2k - ok
17:46:10.0225 1408 BackLog (3ab766382c10a5e33c8243fbd659b8bd) C:\program files\BackLog\AuditService.exe
17:46:10.0225 1408 BackLog - ok
17:46:10.0241 1408 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINNT\system32\drivers\Beep.sys
17:46:10.0241 1408 Beep - ok
17:46:10.0256 1408 BITS (574738f61fca2935f5265dc4e5691314) C:\WINNT\system32\qmgr.dll
17:46:10.0256 1408 BITS - ok
17:46:10.0272 1408 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINNT\System32\browser.dll
17:46:10.0272 1408 Browser - ok
17:46:10.0287 1408 BusLogic - ok
17:46:10.0397 1408 catchme - ok
17:46:10.0428 1408 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINNT\system32\drivers\cbidf2k.sys
17:46:10.0428 1408 cbidf2k - ok
17:46:10.0428 1408 CBUL32 (af47dc5485fef7715bd4a200d40b8768) C:\WINNT\system32\drivers\CBUL32.SYS
17:46:10.0428 1408 CBUL32 - ok
17:46:10.0444 1408 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINNT\system32\DRIVERS\CCDECODE.sys
17:46:10.0444 1408 CCDECODE - ok
17:46:10.0459 1408 cd20xrnt - ok
17:46:10.0459 1408 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINNT\system32\drivers\Cdaudio.sys
17:46:10.0459 1408 Cdaudio - ok
17:46:10.0475 1408 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINNT\system32\drivers\Cdfs.sys
17:46:10.0475 1408 Cdfs - ok
17:46:10.0475 1408 Cdr4_2K (9880f86f4261699273f818ae50216b8c) C:\WINNT\system32\drivers\Cdr4_2K.sys
17:46:10.0475 1408 Cdr4_2K - ok
17:46:10.0506 1408 Cdralw2k (300500fb3ef21374f7194f9f42b130bc) C:\WINNT\system32\drivers\Cdralw2k.sys
17:46:10.0506 1408 Cdralw2k - ok
17:46:10.0506 1408 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINNT\system32\Drivers\cdrom.sys
17:46:10.0506 1408 Cdrom - ok
17:46:10.0522 1408 Changer - ok
17:46:10.0553 1408 cisvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINNT\system32\cisvc.exe
17:46:10.0553 1408 cisvc - ok
17:46:10.0569 1408 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINNT\system32\clipsrv.exe
17:46:10.0569 1408 ClipSrv - ok
17:46:10.0616 1408 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:46:10.0616 1408 clr_optimization_v2.0.50727_32 - ok
17:46:10.0631 1408 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINNT\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:46:10.0631 1408 clr_optimization_v4.0.30319_32 - ok
17:46:10.0647 1408 CmdIde - ok
17:46:10.0647 1408 COMSysApp - ok
17:46:10.0662 1408 Cpqarray - ok
17:46:10.0678 1408 cpqarry2 - ok
17:46:10.0678 1408 cpqfcalm - ok
17:46:10.0694 1408 cpqfws2e - ok
17:46:10.0772 1408 cpuz127 - ok
17:46:10.0787 1408 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINNT\System32\cryptsvc.dll
17:46:10.0787 1408 CryptSvc - ok
17:46:10.0819 1408 cvintdrv (dbd89bc0dbe00dcd245be8f61dbee291) C:\WINNT\system32\drivers\cvintdrv.sys
17:46:10.0819 1408 cvintdrv - ok
17:46:10.0819 1408 dac2w2k - ok
17:46:10.0834 1408 dac960nt - ok
17:46:10.0866 1408 DbgProxy (8ac0056cc41477d0a0ca178694c6f735) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\dbgproxy.exe
17:46:10.0866 1408 DbgProxy - ok
17:46:10.0897 1408 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINNT\system32\rpcss.dll
17:46:10.0897 1408 DcomLaunch - ok
17:46:10.0912 1408 deckzpsx - ok
17:46:10.0928 1408 DgiVecp (1ec27a51a2f9df052bc2b4c8376c8fea) C:\WINNT\system32\Drivers\DgiVecp.sys
17:46:10.0928 1408 DgiVecp - ok
17:46:10.0959 1408 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINNT\System32\dhcpcsvc.dll
17:46:10.0959 1408 Dhcp - ok
17:46:10.0959 1408 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINNT\system32\Drivers\disk.sys
17:46:10.0959 1408 Disk - ok
17:46:10.0975 1408 dmadmin - ok
17:46:11.0006 1408 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINNT\system32\drivers\dmboot.sys
17:46:11.0006 1408 dmboot - ok
17:46:11.0037 1408 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINNT\system32\DRIVERS\dmio.sys
17:46:11.0037 1408 dmio - ok
17:46:11.0053 1408 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINNT\system32\drivers\dmload.sys
17:46:11.0053 1408 dmload - ok
17:46:11.0069 1408 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINNT\System32\dmserver.dll
17:46:11.0069 1408 dmserver - ok
17:46:11.0084 1408 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINNT\system32\drivers\DMusic.sys
17:46:11.0084 1408 DMusic - ok
17:46:11.0116 1408 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINNT\System32\dnsrslvr.dll
17:46:11.0116 1408 Dnscache - ok
17:46:11.0131 1408 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINNT\System32\dot3svc.dll
17:46:11.0147 1408 Dot3svc - ok
17:46:11.0178 1408 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINNT\system32\DRIVERS\Dot4.sys
17:46:11.0178 1408 Dot4 - ok
17:46:11.0178 1408 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINNT\system32\DRIVERS\Dot4Prt.sys
17:46:11.0178 1408 Dot4Print - ok
17:46:11.0194 1408 dpti2o - ok
17:46:11.0209 1408 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINNT\system32\drivers\drmkaud.sys
17:46:11.0209 1408 drmkaud - ok
17:46:11.0209 1408 DS1410D - ok
17:46:11.0256 1408 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINNT\System32\eapsvc.dll
17:46:11.0256 1408 EapHost - ok
17:46:11.0319 1408 EASEUS Agent (ec7819b90ee202bdc5a5059cf6cb6faa) C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe
17:46:11.0319 1408 EASEUS Agent - ok
17:46:11.0334 1408 EFS - ok
17:46:11.0350 1408 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINNT\System32\ersvc.dll
17:46:11.0350 1408 ERSvc - ok
17:46:11.0366 1408 ES1370 (593eeffe042712b22f9e54e640f87ce6) C:\WINNT\system32\drivers\ES1370MP.sys
17:46:11.0366 1408 ES1370 - ok
17:46:11.0381 1408 EUBAKUP (1fc4211733c428c7089f6025559581d1) C:\WINNT\system32\drivers\eubakup.sys
17:46:11.0381 1408 EUBAKUP - ok
17:46:11.0397 1408 EUBKMON (822a9bd84571d4524c9cc00d4fd69108) C:\WINNT\system32\drivers\EUBKMON.sys
17:46:11.0397 1408 EUBKMON - ok
17:46:11.0428 1408 EUDISK (7f6b645f430191ff235e657fc0016551) C:\WINNT\system32\drivers\eudisk.sys
17:46:11.0428 1408 EUDISK - ok
17:46:11.0428 1408 EUDSKACS (cf10797dd2215ffc2e015d182384dd59) C:\WINNT\system32\drivers\eudskacs.sys
17:46:11.0428 1408 EUDSKACS - ok
17:46:11.0444 1408 EUFS (57ff011f09bc272a69926e7f35e9bfb1) C:\WINNT\system32\drivers\eufs.sys
17:46:11.0444 1408 EUFS - ok
17:46:11.0459 1408 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINNT\system32\services.exe
17:46:11.0459 1408 Eventlog - ok
17:46:11.0475 1408 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINNT\system32\es.dll
17:46:11.0475 1408 EventSystem - ok
17:46:11.0506 1408 Fastfat (38d332a6d56af32635675f132548343e) C:\WINNT\system32\drivers\Fastfat.sys
17:46:11.0506 1408 Fastfat - ok
17:46:11.0522 1408 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINNT\System32\shsvcs.dll
17:46:11.0522 1408 FastUserSwitchingCompatibility - ok
17:46:11.0553 1408 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINNT\system32\fxssvc.exe
17:46:11.0553 1408 Fax - ok
17:46:11.0569 1408 Fd16_700 - ok
17:46:11.0600 1408 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINNT\system32\DRIVERS\fdc.sys
17:46:11.0600 1408 Fdc - ok
17:46:11.0600 1408 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINNT\system32\drivers\Fips.sys
17:46:11.0600 1408 Fips - ok
17:46:11.0616 1408 fireport - ok
17:46:11.0616 1408 flashpnt - ok
17:46:11.0631 1408 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:46:11.0647 1408 FLEXnet Licensing Service - ok
17:46:11.0663 1408 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINNT\system32\DRIVERS\flpydisk.sys
17:46:11.0663 1408 Flpydisk - ok
17:46:11.0678 1408 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINNT\system32\drivers\fltmgr.sys
17:46:11.0678 1408 FltMgr - ok
17:46:11.0709 1408 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:46:11.0709 1408 FontCache3.0.0.0 - ok
17:46:11.0725 1408 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINNT\system32\drivers\Fs_Rec.sys
17:46:11.0725 1408 Fs_Rec - ok
17:46:11.0725 1408 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINNT\system32\DRIVERS\ftdisk.sys
17:46:11.0741 1408 Ftdisk - ok
17:46:11.0756 1408 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINNT\system32\DRIVERS\gameenum.sys
17:46:11.0756 1408 gameenum - ok
17:46:11.0788 1408 getPlusHelper (0879dc7444a201df84e69c5dd5083d61) C:\Program Files\NOS\bin\getPlus_Helper.dll
17:46:11.0788 1408 getPlusHelper - ok
17:46:11.0803 1408 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINNT\system32\DRIVERS\msgpc.sys
17:46:11.0803 1408 Gpc - ok
17:46:11.0834 1408 grmnusb (cd007d03a9284bfe67d49c01213132bf) C:\WINNT\system32\drivers\grmnusb.sys
17:46:11.0850 1408 grmnusb - ok
17:46:11.0866 1408 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINNT\system32\drivers\HdAudio.sys
17:46:11.0866 1408 HdAudAddService - ok
17:46:11.0881 1408 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINNT\system32\Drivers\HDAudBus.sys
17:46:11.0881 1408 HDAudBus - ok
17:46:11.0928 1408 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:46:11.0928 1408 helpsvc - ok
17:46:11.0928 1408 HidServ - ok
17:46:11.0959 1408 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINNT\system32\Drivers\hidusb.sys
17:46:11.0959 1408 HidUsb - ok
17:46:11.0991 1408 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINNT\System32\kmsvc.dll
17:46:11.0991 1408 hkmsvc - ok
17:46:11.0991 1408 hpn - ok
17:46:12.0006 1408 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINNT\system32\DRIVERS\HPZid412.sys
17:46:12.0006 1408 HPZid412 - ok
17:46:12.0022 1408 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINNT\system32\DRIVERS\HPZipr12.sys
17:46:12.0022 1408 HPZipr12 - ok
17:46:12.0038 1408 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINNT\system32\DRIVERS\HPZius12.sys
17:46:12.0038 1408 HPZius12 - ok
17:46:12.0069 1408 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINNT\system32\Drivers\HTTP.sys
17:46:12.0069 1408 HTTP - ok
17:46:12.0100 1408 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINNT\System32\w3ssl.dll
17:46:12.0116 1408 HTTPFilter - ok
17:46:12.0116 1408 i2omgmt - ok
17:46:12.0131 1408 i2omp - ok
17:46:12.0131 1408 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINNT\system32\DRIVERS\i8042prt.sys
17:46:12.0131 1408 i8042prt - ok
17:46:12.0194 1408 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
17:46:12.0194 1408 IDriverT - ok
17:46:12.0241 1408 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:46:12.0256 1408 idsvc - ok
17:46:12.0256 1408 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINNT\system32\Drivers\imapi.sys
17:46:12.0256 1408 Imapi - ok
17:46:12.0303 1408 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINNT\system32\imapi.exe
17:46:12.0303 1408 ImapiService - ok
17:46:12.0303 1408 ini910u - ok
17:46:12.0381 1408 IntcAzAudAddService (8e7d41d71d4e174f96d0be45f6b9e2ce) C:\WINNT\system32\drivers\RtkHDAud.sys
17:46:12.0444 1408 IntcAzAudAddService - ok
17:46:12.0459 1408 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINNT\system32\Drivers\intelide.sys
17:46:12.0459 1408 IntelIde - ok
17:46:12.0475 1408 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINNT\system32\Drivers\intelppm.sys
17:46:12.0475 1408 intelppm - ok
17:46:12.0491 1408 IOPort (b02d84936c2b4b7685c6bebe55caeb7c) C:\WINNT\system32\DRIVERS\IOPORT.SYS
17:46:12.0491 1408 IOPort - ok
17:46:12.0506 1408 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINNT\system32\drivers\ip6fw.sys
17:46:12.0506 1408 Ip6Fw - ok
17:46:12.0522 1408 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINNT\system32\DRIVERS\ipfltdrv.sys
17:46:12.0522 1408 IpFilterDriver - ok
17:46:12.0538 1408 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINNT\system32\DRIVERS\ipinip.sys
17:46:12.0538 1408 IpInIp - ok
17:46:12.0553 1408 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINNT\system32\DRIVERS\ipnat.sys
17:46:12.0553 1408 IpNat - ok
17:46:12.0553 1408 IPSEC (23c74d75e36e7158768dd63d92789a91) C:\WINNT\system32\DRIVERS\ipsec.sys
17:46:12.0553 1408 IPSEC - ok
17:46:12.0569 1408 ipsraidn - ok
17:46:12.0584 1408 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINNT\system32\DRIVERS\irenum.sys
17:46:12.0584 1408 IRENUM - ok
17:46:12.0584 1408 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINNT\system32\Drivers\isapnp.sys
17:46:12.0600 1408 isapnp - ok
17:46:12.0600 1408 iteatapi (e62b53385bb6eaac67abdb83d9dabe2a) C:\WINNT\system32\DRIVERS\iteatapi.sys
17:46:12.0616 1408 iteatapi - ok
17:46:12.0631 1408 JavaQuickStarterService (1834c96fb1f9280bcf6ddfa6de8338bf) C:\Program Files\Java\jre6\bin\jqs.exe
17:46:12.0631 1408 JavaQuickStarterService - ok
17:46:12.0647 1408 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINNT\system32\Drivers\kbdclass.sys
17:46:12.0647 1408 Kbdclass - ok
17:46:12.0663 1408 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINNT\system32\Drivers\kbdhid.sys
17:46:12.0663 1408 kbdhid - ok
17:46:12.0694 1408 kmixer (692bcf44383d056aed41b045a323d378) C:\WINNT\system32\drivers\kmixer.sys
17:46:12.0694 1408 kmixer - ok
17:46:12.0709 1408 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINNT\system32\drivers\KSecDD.sys
17:46:12.0709 1408 KSecDD - ok
17:46:12.0741 1408 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINNT\System32\srvsvc.dll
17:46:12.0741 1408 lanmanserver - ok
17:46:12.0756 1408 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINNT\System32\wkssvc.dll
17:46:12.0756 1408 lanmanworkstation - ok
17:46:12.0756 1408 Lavasoft Ad-Aware Service - ok
17:46:12.0772 1408 lbrtfdc - ok
17:46:12.0819 1408 LkCitadelServer (20cdb07017497c94a0bad253c4bafcbc) C:\WINNT\system32\lkcitdl.exe
17:46:12.0819 1408 LkCitadelServer - ok
17:46:12.0850 1408 lkClassAds (b07d786736e7b1719a90365911bc2d0a) C:\WINNT\system32\lkads.exe
17:46:12.0850 1408 lkClassAds - ok
17:46:12.0850 1408 lkTimeSync (ab1faa47332ec2ee43bbfed7a6f0ea09) C:\WINNT\system32\lktsrv.exe
17:46:12.0850 1408 lkTimeSync - ok
17:46:12.0866 1408 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINNT\System32\lmhsvc.dll
17:46:12.0866 1408 LmHosts - ok
17:46:12.0881 1408 lp6nds35 - ok
17:46:12.0897 1408 lvalarmk (bad54f937b43f0e75db242c1f40c2dcf) C:\WINNT\system32\drivers\lvalarmk.sys
17:46:12.0913 1408 lvalarmk - ok
17:46:12.0928 1408 LxrJD31d (72f30fa2e98d628dff8d82011e687ebb) C:\WINNT\system32\Drivers\LxrJD31d.sys
17:46:12.0944 1408 LxrJD31d - ok
17:46:12.0944 1408 LxrJD31s - ok
17:46:12.0944 1408 Macromedia Licensing Service (d5ba9b816afef5292fe13c9a6267b6ab) C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
17:46:12.0959 1408 Macromedia Licensing Service - ok
17:46:12.0975 1408 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINNT\System32\msgsvc.dll
17:46:12.0975 1408 Messenger - ok
17:46:12.0991 1408 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINNT\system32\drivers\mnmdd.sys
17:46:12.0991 1408 mnmdd - ok
17:46:13.0022 1408 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINNT\System32\mnmsrvc.exe
17:46:13.0022 1408 mnmsrvc - ok
17:46:13.0038 1408 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINNT\system32\drivers\Modem.sys
17:46:13.0038 1408 Modem - ok
17:46:13.0053 1408 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINNT\system32\Drivers\mouclass.sys
17:46:13.0053 1408 Mouclass - ok
17:46:13.0069 1408 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINNT\system32\Drivers\mouhid.sys
17:46:13.0069 1408 mouhid - ok
17:46:13.0084 1408 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINNT\system32\drivers\MountMgr.sys
17:46:13.0084 1408 MountMgr - ok
17:46:13.0100 1408 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINNT\system32\DRIVERS\MPE.sys
17:46:13.0100 1408 MPE - ok
17:46:13.0116 1408 mraid35x - ok
17:46:13.0131 1408 MRxDAV (e3f17e1ea5256709d4e97ef0da04b3c9) C:\WINNT\system32\DRIVERS\mrxdav.sys
17:46:13.0131 1408 MRxDAV - ok
17:46:13.0147 1408 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINNT\system32\DRIVERS\mrxsmb.sys
17:46:13.0147 1408 MRxSmb - ok
17:46:13.0178 1408 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINNT\System32\msdtc.exe
17:46:13.0178 1408 MSDTC - ok
17:46:13.0178 1408 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINNT\system32\drivers\Msfs.sys
17:46:13.0178 1408 Msfs - ok
17:46:13.0194 1408 MSIServer - ok
17:46:13.0209 1408 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINNT\system32\drivers\MSKSSRV.sys
17:46:13.0209 1408 MSKSSRV - ok
17:46:13.0225 1408 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINNT\system32\drivers\MSPCLOCK.sys
17:46:13.0241 1408 MSPCLOCK - ok
17:46:13.0256 1408 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINNT\system32\drivers\MSPQM.sys
17:46:13.0256 1408 MSPQM - ok
17:46:13.0272 1408 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINNT\system32\DRIVERS\mssmbios.sys
17:46:13.0272 1408 mssmbios - ok
17:46:13.0319 1408 MSSQL$SQLEXPRESS - ok
17:46:13.0350 1408 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
17:46:13.0350 1408 MSSQLServerADHelper100 - ok
17:46:13.0366 1408 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINNT\system32\drivers\MSTEE.sys
17:46:13.0366 1408 MSTEE - ok
17:46:13.0381 1408 msvsmon80 - ok
17:46:13.0397 1408 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINNT\system32\DRIVERS\ASACPI.sys
17:46:13.0397 1408 MTsensor - ok
17:46:13.0413 1408 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINNT\system32\drivers\Mup.sys
17:46:13.0413 1408 Mup - ok
17:46:13.0428 1408 mxssvr (a3ba8a14490fdbf106939c37a125e82c) C:\Program Files\National Instruments\MAX\nimxs.exe
17:46:13.0428 1408 mxssvr - ok
17:46:13.0459 1408 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINNT\system32\DRIVERS\NABTSFEC.sys
17:46:13.0459 1408 NABTSFEC - ok
17:46:13.0491 1408 napagent (0102140028fad045756796e1c685d695) C:\WINNT\System32\qagentrt.dll
17:46:13.0491 1408 napagent - ok
17:46:13.0506 1408 ncpclcfg (6d64934ed2f5561a22759f84af5922ee) C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe
17:46:13.0506 1408 ncpclcfg - ok
17:46:13.0538 1408 ncplentp (fcc6c9edaf29670312bd4071cb774657) C:\WINNT\system32\DRIVERS\ncplentp.sys
17:46:13.0538 1408 ncplentp - ok
17:46:13.0553 1408 ncprwsnt (278593b13e67c2ad27376a1d5472e3e4) C:\Program Files\WatchGuard\Mobile VPN\ncprwsnt.exe
17:46:13.0569 1408 ncprwsnt - ok
17:46:13.0569 1408 NcpSec (aa221303e918469462ff3539483102f4) C:\Program Files\WatchGuard\Mobile VPN\ncpsec.exe
17:46:13.0569 1408 NcpSec - ok
17:46:13.0584 1408 Ncrc710 - ok
17:46:13.0600 1408 NDIS (1df7f42665c94b825322fae71721130d) C:\WINNT\system32\drivers\NDIS.sys
17:46:13.0600 1408 NDIS - ok
17:46:13.0616 1408 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINNT\system32\DRIVERS\ndistapi.sys
17:46:13.0616 1408 NdisTapi - ok
17:46:13.0631 1408 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINNT\system32\DRIVERS\ndisuio.sys
17:46:13.0631 1408 Ndisuio - ok
17:46:13.0647 1408 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINNT\system32\DRIVERS\ndiswan.sys
17:46:13.0647 1408 NdisWan - ok
17:46:13.0647 1408 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINNT\system32\drivers\NDProxy.sys
17:46:13.0663 1408 NDProxy - ok
17:46:13.0678 1408 Net Driver HPZ12 (9eac175ba34898308620c1984c881845) C:\WINNT\system32\HPZinw12.dll
17:46:13.0678 1408 Net Driver HPZ12 - ok
17:46:13.0694 1408 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINNT\system32\DRIVERS\netbios.sys
17:46:13.0694 1408 NetBIOS - ok
17:46:13.0709 1408 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINNT\system32\DRIVERS\netbt.sys
17:46:13.0709 1408 NetBT - ok
17:46:13.0725 1408 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINNT\system32\netdde.exe
17:46:13.0725 1408 NetDDE - ok
17:46:13.0741 1408 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINNT\system32\netdde.exe
17:46:13.0741 1408 NetDDEdsdm - ok
17:46:13.0772 1408 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINNT\system32\lsass.exe
17:46:13.0772 1408 Netlogon - ok
17:46:13.0788 1408 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINNT\System32\netman.dll
17:46:13.0788 1408 Netman - ok
17:46:13.0850 1408 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINNT\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:46:13.0850 1408 NetTcpPortSharing - ok
17:46:13.0866 1408 ni1006k (2ad3c955a4b2a0c82c1906f61cb297f8) C:\WINNT\system32\drivers\ni1006k.sys
17:46:13.0866 1408 ni1006k - ok
17:46:13.0897 1408 ni1045k (f965ee798882b6ccf8de95af3dd18b7c) C:\WINNT\system32\drivers\ni1045kl.sys
17:46:13.0897 1408 ni1045k - ok
17:46:13.0897 1408 ni1065k (a5cd3acbac593859ad03ed957b443760) C:\WINNT\system32\drivers\ni1065k.sys
17:46:13.0913 1408 ni1065k - ok
17:46:13.0928 1408 NIApplicationWebServer (f0e38750822eecc47b9913c55990f86a) C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
17:46:13.0944 1408 NIApplicationWebServer - ok
17:46:13.0959 1408 nicdrk (f96bdcf214ba8a022b5755815aff0291) C:\WINNT\system32\drivers\nicdrkl.sys
17:46:13.0959 1408 nicdrk - ok
17:46:13.0975 1408 nicmrk (1d27cdce9611bce335e11b3647accfa4) C:\WINNT\system32\drivers\nicmrkl.sys
17:46:13.0975 1408 nicmrk - ok
17:46:14.0006 1408 nicondrk (e166773d10d4843a31f95449e33d6e27) C:\WINNT\system32\drivers\nicondrkl.sys
17:46:14.0006 1408 nicondrk - ok
17:46:14.0022 1408 nicsrk (718ad67d2f4f664c80880e7b8bed519a) C:\WINNT\system32\drivers\nicsrkl.sys
17:46:14.0022 1408 nicsrk - ok
17:46:14.0053 1408 nidevldu (a3ba8a14490fdbf106939c37a125e82c) C:\WINNT\system32\nipalsm.exe
17:46:14.0053 1408 nidevldu - ok
17:46:14.0084 1408 nidimk (5b49b7840d9a690a40bfea0820387372) C:\WINNT\system32\drivers\nidimkl.sys
17:46:14.0084 1408 nidimk - ok
17:46:14.0116 1408 nidmxfk (4813c575a74c30cd51dc94f6fc157c5e) C:\WINNT\system32\drivers\nidmxfkl.sys
17:46:14.0116 1408 nidmxfk - ok
17:46:14.0147 1408 NIDomainService (908b9667f2fd7453cbcf3a2a0444dcc1) C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
17:46:14.0147 1408 NIDomainService - ok
17:46:14.0163 1408 nidsark (bbe746437d27a49c8c50d80fd2093e19) C:\WINNT\system32\drivers\nidsarkl.sys
17:46:14.0163 1408 nidsark - ok
17:46:14.0178 1408 niemrk (ff39947c305d265d0fa1872bbc007520) C:\WINNT\system32\drivers\niemrkl.sys
17:46:14.0178 1408 niemrk - ok
17:46:14.0178 1408 niesrk (c905a8f7ae3dfbafacad7759fc995b5b) C:\WINNT\system32\drivers\niesrkl.sys
17:46:14.0194 1408 niesrk - ok
17:46:14.0194 1408 NIEthernetDeviceEnumerator (ba1a836450696c575c50ca7f34cefb46) C:\WINNT\system32\DRIVERS\niede.sys
17:46:14.0194 1408 NIEthernetDeviceEnumerator - ok
17:46:14.0209 1408 nifslk (d325943ad67e887076a895b9aff0197e) C:\WINNT\system32\drivers\nifslkl.sys
17:46:14.0209 1408 nifslk - ok
17:46:14.0272 1408 NILM License Manager (aa8896bcd689851665efc02dc41181ac) C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
17:46:14.0288 1408 NILM License Manager - ok
17:46:14.0350 1408 niLXIDiscovery (3aaa79f03f85306005e060094b029142) C:\Program Files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
17:46:14.0350 1408 niLXIDiscovery - ok
17:46:14.0397 1408 nimdbgk (3759d89ba13dd30f0d165f8e8a05c3a8) C:\WINNT\system32\drivers\nimdbgkl.sys
17:46:14.0397 1408 nimdbgk - ok
17:46:14.0413 1408 nimDNSResponder (8fed4893cb017f81cd1769448ad567e5) C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
17:46:14.0428 1408 nimDNSResponder - ok
17:46:14.0428 1408 nimru2k (a4d639dd7cf0463228435beeb25d0ca2) C:\WINNT\system32\drivers\nimru2kl.sys
17:46:14.0428 1408 nimru2k - ok
17:46:14.0459 1408 nimsdrk (7688f7eb0c1c6a45dc1743a33976e96f) C:\WINNT\system32\drivers\nimsdrkl.sys
17:46:14.0459 1408 nimsdrk - ok
17:46:14.0475 1408 nimslk (99521722c0858ab23e06855e1069c725) C:\WINNT\system32\drivers\nimslk.dll
17:46:14.0475 1408 nimslk - ok
17:46:14.0491 1408 nimsrlk (acfd05455df010e85e0c8a56e9c255c3) C:\WINNT\system32\drivers\nimsrlk.dll
17:46:14.0491 1408 nimsrlk - ok
17:46:14.0506 1408 nimstsk (3b57967450958db3770fa76ce5ef3adf) C:\WINNT\system32\drivers\nimstskl.sys
17:46:14.0506 1408 nimstsk - ok
17:46:14.0522 1408 nimxdfk (c1d3fe97174283dbece900a73bc5498e) C:\WINNT\system32\drivers\nimxdfkl.sys
17:46:14.0522 1408 nimxdfk - ok
17:46:14.0538 1408 nimxpk (b40a73b8d56e44112bf67480aa608f38) C:\WINNT\system32\drivers\nimxpkl.sys
17:46:14.0538 1408 nimxpk - ok
17:46:14.0569 1408 NINetworkDiscovery (5ff602d7890da09f45811c3263f81264) C:\Program Files\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
17:46:14.0569 1408 NINetworkDiscovery - ok
17:46:14.0600 1408 ninshsdk (839c73aa11b60e39b7fee9fe3e202371) C:\WINNT\system32\drivers\ninshsdkl.sys
17:46:14.0600 1408 ninshsdk - ok
17:46:14.0616 1408 niorbk (2ee2631f636f2cceb8f054bee79ad6c4) C:\WINNT\system32\drivers\niorbkl.sys
17:46:14.0616 1408 niorbk - ok
17:46:14.0631 1408 nipalfwedl (073b1c70ce4e6a0c55422a73776f84db) C:\WINNT\system32\drivers\nipalfwedl.sys
17:46:14.0631 1408 nipalfwedl - ok
17:46:14.0663 1408 NIPALK (c85ae86943fa0919df4b925ed1c4ce0f) C:\WINNT\system32\drivers\nipalk.sys
17:46:14.0678 1408 NIPALK - ok
17:46:14.0709 1408 nipalusbedl (85d716a40bdd1b31253969f78c3bfdb9) C:\WINNT\system32\drivers\nipalusbedl.sys
17:46:14.0709 1408 nipalusbedl - ok
17:46:14.0709 1408 nipbcfk (96c846ab33c383583282b0375b34e9d2) C:\WINNT\system32\drivers\nipbcfk.sys
17:46:14.0709 1408 nipbcfk - ok
17:46:14.0725 1408 nipxibaf (487f469717ebdafe2b933a2c449d43de) C:\WINNT\system32\drivers\nipxibaf.sys
17:46:14.0725 1408 nipxibaf - ok
17:46:14.0725 1408 nipxibrc (7518a39976162f0312e7714a1f5df4fe) C:\WINNT\system32\drivers\nipxibrc.sys
17:46:14.0741 1408 nipxibrc - ok
17:46:14.0756 1408 nipxigpk (159860b9418bfbc2ad6f5782cf1fe667) C:\WINNT\system32\drivers\nipxigpk.sys
17:46:14.0772 1408 nipxigpk - ok
17:46:14.0788 1408 nipxirmk (f0339bde99fbdc1ecb454da660e8657f) C:\WINNT\system32\drivers\nipxirmkl.sys
17:46:14.0803 1408 nipxirmk - ok
17:46:14.0803 1408 nipxirmu (5ddc0a016e2e87ae1641588e63bd079a) C:\WINNT\system32\nipxism.exe
17:46:14.0803 1408 nipxirmu - ok
17:46:14.0819 1408 niraptrk (5eefcad9a07e4e8fc729d9350eaaae12) C:\WINNT\system32\drivers\niraptrkl.sys
17:46:14.0819 1408 niraptrk - ok
17:46:14.0834 1408 niscdk (179dc92cb67bf63a096e002b60038516) C:\WINNT\system32\drivers\niscdkl.sys
17:46:14.0834 1408 niscdk - ok
17:46:14.0866 1408 nisdigk (9ac3f0d19f89afa5d723b089e9477c84) C:\WINNT\system32\drivers\nisdigkl.sys
17:46:14.0866 1408 nisdigk - ok
17:46:14.0881 1408 nisftk (5c764ba1f7f3b5f54b60ee2c864f8bb6) C:\WINNT\system32\drivers\nisftkl.sys
17:46:14.0881 1408 nisftk - ok
17:46:14.0897 1408 nispdk (7303c44805909d3f661f9c1057faf337) C:\WINNT\system32\drivers\nispdkl.sys
17:46:14.0897 1408 nispdk - ok
17:46:14.0913 1408 nissrk (917d4d98042958aa318bcc986da52bdc) C:\WINNT\system32\drivers\nissrkl.sys
17:46:14.0913 1408 nissrk - ok
17:46:14.0944 1408 nistc2k (f3e81b7b92dd962e674018c810a3025e) C:\WINNT\system32\drivers\nistc2kl.sys
17:46:14.0944 1408 nistc2k - ok
17:46:14.0975 1408 nistc3rk (fcb653ea6d3bdbb12aa0e937cb0f066f) C:\WINNT\system32\drivers\nistc3rkl.sys
17:46:14.0975 1408 nistc3rk - ok
17:46:14.0975 1408 nistcrk (3130589570081e83a1813c0b62aaca9f) C:\WINNT\system32\drivers\nistcrkl.sys
17:46:14.0975 1408 nistcrk - ok
17:46:15.0006 1408 niSvcLoc (fc87856060bd0b667d2086b7050240a3) C:\Program Files\National Instruments\Shared\NI WebServer\SystemWebServer.exe
17:46:15.0006 1408 niSvcLoc - ok
17:46:15.0038 1408 niswdk (809911463a73c32f0e0a7dd4b6215c8d) C:\WINNT\system32\drivers\niswdkl.sys
17:46:15.0038 1408 niswdk - ok
17:46:15.0069 1408 NITaggerService (ad0203c2e2afaf92be528e79a38c64b5) C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
17:46:15.0069 1408 NITaggerService - ok
17:46:15.0084 1408 nitiork (ba8f638fb0cb4e81c4649cb3422d8021) C:\WINNT\system32\drivers\nitiorkl.sys
17:46:15.0084 1408 nitiork - ok
17:46:15.0116 1408 niufurk (43cf983422c2c0f1742ae67ba63f6a50) C:\WINNT\system32\drivers\niufurkl.sys
17:46:15.0116 1408 niufurk - ok
17:46:15.0131 1408 NiViPciK (29ebe67b68d51d4f03f4257b81e5a22e) C:\WINNT\system32\drivers\NiViPciKl.sys
17:46:15.0131 1408 NiViPciK - ok
17:46:15.0147 1408 NiViPxiK (9a202cc17625a5e8f84504ce45445d84) C:\WINNT\system32\drivers\NiViPxiKl.sys
17:46:15.0147 1408 NiViPxiK - ok
17:46:15.0178 1408 niwfrk (3f976eccef233144d6d0c4ee4573fcb7) C:\WINNT\system32\drivers\niwfrkl.sys
17:46:15.0178 1408 niwfrk - ok
17:46:15.0194 1408 nixsrk (4a0972e484bb4fb453f9a717d831a3a5) C:\WINNT\system32\drivers\nixsrkl.sys
17:46:15.0194 1408 nixsrk - ok
17:46:15.0225 1408 nixsrkw (0a6aa06b31eac598f328f64ced36d240) C:\WINNT\system32\DRIVERS\nixsrkw.sys
17:46:15.0225 1408 nixsrkw - ok
17:46:15.0256 1408 Nla (943337d786a56729263071623bbb9de5) C:\WINNT\System32\mswsock.dll
17:46:15.0256 1408 Nla - ok
17:46:15.0288 1408 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINNT\system32\drivers\Npfs.sys
17:46:15.0288 1408 Npfs - ok
17:46:15.0303 1408 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINNT\system32\drivers\Ntfs.sys
17:46:15.0303 1408 Ntfs - ok
17:46:15.0319 1408 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINNT\system32\lsass.exe
17:46:15.0334 1408 NtLmSsp - ok
17:46:15.0350 1408 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINNT\system32\ntmssvc.dll
17:46:15.0350 1408 NtmsSvc - ok
17:46:15.0381 1408 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINNT\system32\drivers\Null.sys
17:46:15.0381 1408 Null - ok
17:46:15.0600 1408 nv (4b54dcd6adee535df80f07c59ddd8f14) C:\WINNT\system32\DRIVERS\nv4_mini.sys
17:46:15.0756 1408 nv - ok
17:46:15.0788 1408 NVSvc (0573c75a2895d973ea6ef2495620ba49) C:\WINNT\system32\nvsvc32.exe
17:46:15.0788 1408 NVSvc - ok
17:46:15.0850 1408 nvUpdatusService (9c84945feee40ea42d3bca5c22250d47) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
17:46:15.0897 1408 nvUpdatusService - ok
17:46:15.0913 1408 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINNT\system32\DRIVERS\nwlnkflt.sys
17:46:15.0913 1408 NwlnkFlt - ok
17:46:15.0944 1408 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINNT\system32\DRIVERS\nwlnkfwd.sys
17:46:15.0944 1408 NwlnkFwd - ok
17:46:15.0960 1408 OpcEnum (eae6208900e2986f66f68b30aef86e4d) C:\WINNT\system32\OpcEnum.exe
17:46:15.0975 1408 OpcEnum - ok
17:46:16.0006 1408 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:46:16.0006 1408 ose - ok
17:46:16.0006 1408 Parallel - ok
17:46:16.0038 1408 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINNT\system32\Drivers\parport.sys
17:46:16.0038 1408 Parport - ok
17:46:16.0038 1408 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINNT\system32\drivers\PartMgr.sys
17:46:16.0038 1408 PartMgr - ok
17:46:16.0069 1408 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINNT\system32\drivers\ParVdm.sys
17:46:16.0069 1408 ParVdm - ok
17:46:16.0069 1408 PCI (a219903ccf74233761d92bef471a07b1) C:\WINNT\system32\Drivers\pci.sys
17:46:16.0085 1408 PCI - ok
17:46:16.0085 1408 PCIDump - ok
17:46:16.0100 1408 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINNT\system32\DRIVERS\pciide.sys
17:46:16.0100 1408 PCIIde - ok
17:46:16.0131 1408 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINNT\system32\drivers\Pcmcia.sys
17:46:16.0131 1408 Pcmcia - ok
17:46:16.0131 1408 PDCOMP - ok
17:46:16.0147 1408 PDFRAME - ok
17:46:16.0147 1408 PDRELI - ok
17:46:16.0163 1408 PDRFRAME - ok
17:46:16.0178 1408 perc2 - ok
17:46:16.0178 1408 perc2hib - ok
17:46:16.0194 1408 PfModNT - ok
17:46:16.0225 1408 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINNT\system32\services.exe
17:46:16.0225 1408 PlugPlay - ok
17:46:16.0256 1408 Pml Driver HPZ12 (75cf9de0a67af916ed591743dfb69694) C:\WINNT\system32\HPZipm12.dll
17:46:16.0256 1408 Pml Driver HPZ12 - ok
17:46:16.0272 1408 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINNT\system32\lsass.exe
17:46:16.0272 1408 PolicyAgent - ok
17:46:16.0272 1408 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINNT\system32\DRIVERS\raspptp.sys
17:46:16.0288 1408 PptpMiniport - ok
17:46:16.0288 1408 PQNTDrv (e8872c2b79c7bc5b24572bb19d1a301a) C:\WINNT\system32\drivers\PQNTDrv.sys
17:46:16.0288 1408 PQNTDrv - ok
17:46:16.0303 1408 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINNT\system32\lsass.exe
17:46:16.0303 1408 ProtectedStorage - ok
17:46:16.0303 1408 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINNT\system32\DRIVERS\ptilink.sys
17:46:16.0319 1408 Ptilink - ok
17:46:16.0319 1408 PxHelp20 (db3b30c3a4cdcf07e164c14584d9d0f2) C:\WINNT\system32\Drivers\PxHelp20.sys
17:46:16.0319 1408 PxHelp20 - ok
17:46:16.0335 1408 ql1080 - ok
17:46:16.0335 1408 Ql10wnt - ok
17:46:16.0350 1408 ql12160 - ok
17:46:16.0350 1408 ql1240 - ok
17:46:16.0366 1408 ql1280 - ok
17:46:16.0381 1408 ql2100 - ok
17:46:16.0397 1408 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINNT\system32\DRIVERS\rasacd.sys
17:46:16.0397 1408 RasAcd - ok
17:46:16.0413 1408 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINNT\System32\rasauto.dll
17:46:16.0413 1408 RasAuto - ok
17:46:16.0428 1408 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINNT\system32\DRIVERS\rasl2tp.sys
17:46:16.0428 1408 Rasl2tp - ok
17:46:16.0444 1408 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINNT\System32\rasmans.dll
17:46:16.0460 1408 RasMan - ok
17:46:16.0460 1408 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINNT\system32\DRIVERS\raspppoe.sys
17:46:16.0460 1408 RasPppoe - ok
17:46:16.0475 1408 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINNT\system32\DRIVERS\raspti.sys
17:46:16.0475 1408 Raspti - ok
17:46:16.0506 1408 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINNT\system32\DRIVERS\rdbss.sys
17:46:16.0506 1408 Rdbss - ok
17:46:16.0506 1408 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINNT\system32\DRIVERS\RDPCDD.sys
17:46:16.0506 1408 RDPCDD - ok
17:46:16.0522 1408 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINNT\system32\DRIVERS\rdpdr.sys
17:46:16.0522 1408 rdpdr - ok
17:46:16.0553 1408 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINNT\system32\drivers\RDPWD.sys
17:46:16.0553 1408 RDPWD - ok
17:46:16.0585 1408 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINNT\system32\sessmgr.exe
17:46:16.0585 1408 RDSessMgr - ok
17:46:16.0600 1408 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINNT\system32\Drivers\redbook.sys
17:46:16.0600 1408 redbook - ok
17:46:16.0616 1408 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINNT\System32\mprdim.dll
17:46:16.0616 1408 RemoteAccess - ok
17:46:16.0631 1408 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINNT\system32\regsvc.dll
17:46:16.0631 1408 RemoteRegistry - ok
17:46:16.0663 1408 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINNT\system32\locator.exe
17:46:16.0663 1408 RpcLocator - ok
17:46:16.0694 1408 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINNT\System32\rpcss.dll
17:46:16.0694 1408 RpcSs - ok
17:46:16.0725 1408 RsFx0105 (6a7360e36cbd636972aeef0dd292a946) C:\WINNT\system32\DRIVERS\RsFx0105.sys
17:46:16.0725 1408 RsFx0105 - ok
17:46:16.0756 1408 rshd (3057446f2b0df31c837251c16b608209) C:\WINNT\local\etc\rshd.exe
17:46:16.0756 1408 rshd - ok
17:46:16.0788 1408 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINNT\system32\rsvp.exe
17:46:16.0788 1408 RSVP - ok
17:46:16.0819 1408 rtl8029 (493b54a894a6e70dd02961a68db8863f) C:\WINNT\system32\DRIVERS\RTL8029.SYS
17:46:16.0819 1408 rtl8029 - ok
17:46:16.0835 1408 rwsrsu (b07b7b609eaf079b7c9cee790b0dd90a) C:\Program Files\WatchGuard\Mobile VPN\rwsrsu.exe
17:46:16.0835 1408 rwsrsu - ok
17:46:16.0835 1408 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINNT\system32\lsass.exe
17:46:16.0835 1408 SamSs - ok
17:46:16.0866 1408 SAVAdminService (c77e73dbce16aa2fe51bbbb042d3303b) C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
17:46:16.0866 1408 SAVAdminService - ok
17:46:16.0897 1408 SAVOnAccessControl (97c392a422f5efdc3df88d277881eeb7) C:\WINNT\system32\DRIVERS\savonaccesscontrol.sys
17:46:16.0897 1408 SAVOnAccessControl - ok
17:46:16.0913 1408 SAVOnAccessFilter (11b03091ab0a8d138b8e638134200739) C:\WINNT\system32\DRIVERS\savonaccessfilter.sys
17:46:16.0913 1408 SAVOnAccessFilter - ok
17:46:16.0913 1408 SAVService (def34501c7a84166678f80d6e8c7b6f5) C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
17:46:16.0913 1408 SAVService - ok
17:46:16.0928 1408 sbmount (5a85df0e43b4693a37f35d9574909dc9) C:\WINNT\system32\drivers\sbmount.sys
17:46:16.0928 1408 sbmount - ok
17:46:16.0960 1408 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINNT\System32\SCardSvr.exe
17:46:16.0960 1408 SCardSvr - ok
17:46:16.0975 1408 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINNT\system32\schedsvc.dll
17:46:16.0975 1408 Schedule - ok
17:46:17.0006 1408 sdcfilter (30bde6ba44a5afeb63f78eda06c64866) C:\WINNT\system32\DRIVERS\sdcfilter.sys
17:46:17.0006 1408 sdcfilter - ok
17:46:17.0053 1408 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINNT\system32\DRIVERS\secdrv.sys
17:46:17.0053 1408 Secdrv - ok
17:46:17.0069 1408 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINNT\System32\seclogon.dll
17:46:17.0069 1408 seclogon - ok
17:46:17.0085 1408 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINNT\system32\sens.dll
17:46:17.0085 1408 SENS - ok
17:46:17.0116 1408 Sentinel (a2cc81c30bef6ac9f27055490eef6de3) C:\WINNT\System32\Drivers\SENTINEL.SYS
17:46:17.0116 1408 Sentinel - ok
17:46:17.0147 1408 Ser2pl (2ec41a96d0dc98bd119bf325e0b9f392) C:\WINNT\system32\DRIVERS\ser2pl.sys
17:46:17.0147 1408 Ser2pl - ok
17:46:17.0163 1408 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINNT\system32\Drivers\serenum.sys
17:46:17.0163 1408 serenum - ok
17:46:17.0163 1408 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINNT\system32\Drivers\serial.sys
17:46:17.0178 1408 Serial - ok
17:46:17.0210 1408 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINNT\system32\DRIVERS\sfloppy.sys
17:46:17.0210 1408 Sfloppy - ok
17:46:17.0272 1408 ShadowProtectSvc (6cce0716eb4aba2fc6160ecf6340c5f0) C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
17:46:17.0288 1408 ShadowProtectSvc - ok
17:46:17.0319 1408 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINNT\System32\ipnathlp.dll
17:46:17.0319 1408 SharedAccess - ok
17:46:17.0350 1408 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINNT\System32\shsvcs.dll
17:46:17.0366 1408 ShellHWDetection - ok
17:46:17.0366 1408 Simbad - ok
17:46:17.0397 1408 SKMScan (e407a8eea2fd4bf560c05c0ebf1793b3) C:\WINNT\system32\DRIVERS\skmscan.sys
17:46:17.0397 1408 SKMScan - ok
17:46:17.0428 1408 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINNT\system32\DRIVERS\SLIP.sys
17:46:17.0428 1408 SLIP - ok
17:46:17.0444 1408 SNTNLUSB (9de6e60ce7fd82b4985de5d9c22265ad) C:\WINNT\system32\DRIVERS\SNTNLUSB.SYS
17:46:17.0444 1408 SNTNLUSB - ok
17:46:17.0475 1408 SONYPVM1 (795f7f5896a1196b9471099b900d314e) C:\WINNT\system32\DRIVERS\SONYPVM1.SYS
17:46:17.0475 1408 SONYPVM1 - ok
17:46:17.0506 1408 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINNT\system32\DRIVERS\SONYPVU1.SYS
17:46:17.0506 1408 SONYPVU1 - ok
17:46:17.0553 1408 Sophos Agent (d34e911b221f0a49ad077fa3650a73bc) C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
17:46:17.0553 1408 Sophos Agent - ok
17:46:17.0585 1408 Sophos AutoUpdate Service (349f2095374add74dcc8c0f7a1891865) C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
17:46:17.0585 1408 Sophos AutoUpdate Service - ok
17:46:17.0616 1408 Sophos Message Router (693e45e2315bc84b3a24bfe3ffb72e14) C:\Program Files\Sophos\Remote Management System\RouterNT.exe
17:46:17.0631 1408 Sophos Message Router - ok
17:46:17.0631 1408 SophosBootDriver (3bdf94e0827d13e44249a646f6c0eb7c) C:\WINNT\system32\DRIVERS\SophosBootDriver.sys
17:46:17.0631 1408 SophosBootDriver - ok
17:46:17.0647 1408 Sparrow - ok
17:46:17.0663 1408 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINNT\system32\drivers\splitter.sys
17:46:17.0663 1408 splitter - ok
17:46:17.0678 1408 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINNT\system32\spoolsv.exe
17:46:17.0678 1408 Spooler - ok
17:46:17.0741 1408 SQLAgent$SQLEXPRESS (a892134c28777978ecde8283dc57ac0f) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
17:46:17.0741 1408 SQLAgent$SQLEXPRESS - ok
17:46:17.0788 1408 SQLBrowser (10d936dced9eacd1a1b3fcdda6d7a4eb) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:46:17.0788 1408 SQLBrowser - ok
17:46:17.0819 1408 SQLWriter (135cdccc167ef0c250125bbd3abe18d5) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:46:17.0819 1408 SQLWriter - ok
17:46:17.0819 1408 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINNT\system32\DRIVERS\sr.sys
17:46:17.0819 1408 sr - ok
17:46:17.0850 1408 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINNT\system32\srsvc.dll
17:46:17.0850 1408 srservice - ok
17:46:17.0881 1408 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINNT\system32\DRIVERS\srv.sys
17:46:17.0881 1408 Srv - ok
17:46:17.0897 1408 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINNT\System32\ssdpsrv.dll
17:46:17.0913 1408 SSDPSRV - ok
17:46:17.0928 1408 stcvsm (881ab7e4bd043c2a2743e209226aeefa) C:\WINNT\system32\drivers\stcvsm.sys
17:46:17.0928 1408 stcvsm - ok
17:46:17.0944 1408 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINNT\system32\DRIVERS\serscan.sys
17:46:17.0944 1408 StillCam - ok
17:46:17.0975 1408 StiSvc (8bad69cbac032d4bbacfce0306174c30) C:\WINNT\system32\wiaservc.dll
17:46:17.0975 1408 StiSvc - ok
17:46:17.0991 1408 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINNT\system32\DRIVERS\StreamIP.sys
17:46:17.0991 1408 streamip - ok
17:46:17.0991 1408 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINNT\system32\DRIVERS\swenum.sys
17:46:17.0991 1408 swenum - ok
17:46:18.0053 1408 swi_service (4f4c3efceeda23d2261c255430842d22) C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
17:46:18.0085 1408 swi_service - ok
17:46:18.0085 1408 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINNT\system32\drivers\swmidi.sys
17:46:18.0085 1408 swmidi - ok
17:46:18.0100 1408 SwPrv - ok
17:46:18.0116 1408 symc810 - ok
17:46:18.0116 1408 symc8xx - ok
17:46:18.0131 1408 sym_hi - ok
17:46:18.0147 1408 sym_u3 - ok
17:46:18.0147 1408 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINNT\system32\drivers\sysaudio.sys
17:46:18.0147 1408 sysaudio - ok
17:46:18.0178 1408 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINNT\system32\smlogsvc.exe
17:46:18.0178 1408 SysmonLog - ok
17:46:18.0194 1408 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINNT\System32\tapisrv.dll
17:46:18.0210 1408 TapiSrv - ok
17:46:18.0241 1408 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINNT\system32\DRIVERS\tcpip.sys
17:46:18.0241 1408 Tcpip - ok
17:46:18.0256 1408 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINNT\system32\drivers\TDPIPE.sys
17:46:18.0256 1408 TDPIPE - ok
17:46:18.0272 1408 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINNT\system32\drivers\TDTCP.sys
17:46:18.0272 1408 TDTCP - ok
17:46:18.0272 1408 TermDD (88155247177638048422893737429d9e) C:\WINNT\system32\DRIVERS\termdd.sys
17:46:18.0272 1408 TermDD - ok
17:46:18.0288 1408 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINNT\System32\termsrv.dll
17:46:18.0303 1408 TermService - ok
17:46:18.0303 1408 tga - ok
17:46:18.0319 1408 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINNT\System32\shsvcs.dll
17:46:18.0319 1408 Themes - ok
17:46:18.0350 1408 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINNT\system32\tlntsvr.exe
17:46:18.0350 1408 TlntSvr - ok
17:46:18.0350 1408 TosIde - ok
17:46:18.0381 1408 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINNT\system32\trkwks.dll
17:46:18.0381 1408 TrkWks - ok
17:46:18.0428 1408 TruePort (7d5755b7b87d3414a19e30c96c13f0d7) C:\WINNT\system32\DRIVERS\trueport.sys
17:46:18.0428 1408 TruePort - ok
17:46:18.0460 1408 TruePortSrv (14336eb1e354dd69b08a05f5b07e17d1) C:\WINNT\system32\trueport.exe
17:46:18.0460 1408 TruePortSrv - ok
17:46:18.0475 1408 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINNT\system32\drivers\Udfs.sys
17:46:18.0475 1408 Udfs - ok
17:46:18.0506 1408 udmpdrvr (a0c3afaa9452bb7ee0a606778a15e2f1) C:\WINNT\system32\drivers\userdump.sys
17:46:18.0506 1408 udmpdrvr - ok
17:46:18.0538 1408 udmpsvc - ok
17:46:18.0553 1408 ultra - ok
17:46:18.0553 1408 ultra66 - ok
17:46:18.0569 1408 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINNT\system32\DRIVERS\update.sys
17:46:18.0569 1408 Update - ok
17:46:18.0600 1408 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINNT\System32\upnphost.dll
17:46:18.0600 1408 upnphost - ok
17:46:18.0616 1408 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINNT\System32\ups.exe
17:46:18.0616 1408 UPS - ok
17:46:18.0631 1408 usb6xxxk - ok
17:46:18.0663 1408 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINNT\system32\DRIVERS\usbccgp.sys
17:46:18.0663 1408 usbccgp - ok
17:46:18.0678 1408 usbehci (52674b5dbee499342a599c7771abecaa) C:\WINNT\system32\Drivers\usbehci.sys
17:46:18.0678 1408 usbehci - ok
17:46:18.0710 1408 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINNT\system32\Drivers\usbhub.sys
17:46:18.0710 1408 usbhub - ok
17:46:18.0741 1408 usbhub20 (b0205d19ba25ca654810d0aed04496a8) C:\WINNT\system32\DRIVERS\usbhub20.sys
17:46:18.0741 1408 usbhub20 - ok
17:46:18.0772 1408 usbprint (a717c8721046828520c9edf31288fc00) C:\WINNT\system32\DRIVERS\usbprint.sys
17:46:18.0772 1408 usbprint - ok
17:46:18.0803 1408 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINNT\system32\DRIVERS\usbscan.sys
17:46:18.0803 1408 usbscan - ok
17:46:18.0819 1408 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINNT\system32\Drivers\USBSTOR.SYS
17:46:18.0819 1408 USBSTOR - ok
17:46:18.0835 1408 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINNT\system32\Drivers\usbuhci.sys
17:46:18.0835 1408 usbuhci - ok
17:46:18.0881 1408 usbupc (6cd45c4c7fd481b2b63a60e101244cfc) C:\WINNT\system32\DRIVERS\usbupc.sys
17:46:18.0881 1408 usbupc - ok
17:46:18.0913 1408 UtilMan (0845e936c85ad45b452cbc86a316cf2a) C:\WINNT\System32\UtilMan.exe
17:46:18.0913 1408 UtilMan - ok
17:46:18.0928 1408 VBoxUSB (257358491d40bd541b9b8ce6f9917ef0) C:\WINNT\system32\Drivers\VBoxUSB.sys
17:46:18.0944 1408 VBoxUSB - ok
17:46:18.0944 1408 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINNT\System32\drivers\vga.sys
17:46:18.0944 1408 VgaSave - ok
17:46:18.0960 1408 ViaIde - ok
17:46:18.0975 1408 vmm (817da66b1b889fad1dbf669e0e2f3228) C:\WINNT\system32\Drivers\vmm.sys
17:46:18.0975 1408 vmm - ok
17:46:18.0991 1408 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINNT\system32\drivers\VolSnap.sys
17:46:18.0991 1408 VolSnap - ok
17:46:19.0006 1408 VPCNetS2 (2abe8281db609d8bb1bd1b2f93800d5f) C:\WINNT\system32\DRIVERS\VMNetSrv.sys
17:46:19.0006 1408 VPCNetS2 - ok
17:46:19.0038 1408 VSNAPVSS (f843ec950fb1b237eb424438a0ee139a) C:\WINNT\system32\vsnapvss.exe
17:46:19.0038 1408 VSNAPVSS - ok
17:46:19.0100 1408 VSPerfDrv100 (5a2ddc5411a092bedb1a07755e087784) C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys
17:46:19.0100 1408 VSPerfDrv100 - ok
17:46:19.0131 1408 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINNT\System32\vssvc.exe
17:46:19.0147 1408 VSS - ok
17:46:19.0163 1408 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINNT\system32\w32time.dll
17:46:19.0163 1408 W32Time - ok
17:46:19.0163 1408 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINNT\system32\DRIVERS\wanarp.sys
17:46:19.0178 1408 Wanarp - ok
17:46:19.0178 1408 WDICA - ok
17:46:19.0210 1408 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINNT\system32\drivers\wdmaud.sys
17:46:19.0210 1408 wdmaud - ok
17:46:19.0225 1408 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINNT\System32\webclnt.dll
17:46:19.0225 1408 WebClient - ok
17:46:19.0256 1408 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\WINNT\system32\DRIVERS\wimfltr.sys
17:46:19.0256 1408 WimFltr - ok
17:46:19.0303 1408 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINNT\system32\wbem\WMIsvc.dll
17:46:19.0303 1408 winmgmt - ok
17:46:19.0350 1408 WinRM (18f347402da544a780949b8fdf83351b) C:\WINNT\system32\WsmSvc.dll
17:46:19.0366 1408 WinRM - ok
17:46:19.0413 1408 winvnc (b84873b030e66ddf3964a31793bb4211) C:\Program Files\RealVNC\WinVNC\WinVNC.exe
17:46:19.0413 1408 winvnc - ok
17:46:19.0444 1408 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINNT\system32\MsPMSNSv.dll
17:46:19.0444 1408 WmdmPmSN - ok
17:46:19.0475 1408 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINNT\System32\advapi32.dll
17:46:19.0491 1408 Wmi - ok
17:46:19.0522 1408 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINNT\system32\wbem\wmiapsrv.exe
17:46:19.0522 1408 WmiApSrv - ok
17:46:19.0585 1408 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
17:46:19.0600 1408 WMPNetworkSvc - ok
17:46:19.0710 1408 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINNT\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:46:19.0725 1408 WPFFontCache_v0400 - ok
17:46:19.0741 1408 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINNT\System32\drivers\ws2ifsl.sys
17:46:19.0741 1408 WS2IFSL - ok
17:46:19.0757 1408 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINNT\system32\wscsvc.dll
17:46:19.0757 1408 wscsvc - ok
17:46:19.0772 1408 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINNT\system32\DRIVERS\WSTCODEC.SYS
17:46:19.0772 1408 WSTCODEC - ok
17:46:19.0772 1408 wuauserv - ok
17:46:19.0819 1408 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINNT\system32\DRIVERS\WudfPf.sys
17:46:19.0819 1408 WudfPf - ok
17:46:19.0819 1408 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINNT\system32\DRIVERS\wudfrd.sys
17:46:19.0835 1408 WudfRd - ok
17:46:19.0850 1408 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINNT\System32\WUDFSvc.dll
17:46:19.0866 1408 WudfSvc - ok
17:46:19.0882 1408 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINNT\System32\wzcsvc.dll
17:46:19.0882 1408 WZCSVC - ok
17:46:19.0913 1408 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINNT\System32\xmlprov.dll
17:46:19.0913 1408 xmlprov - ok
17:46:19.0928 1408 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:46:19.0944 1408 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
17:46:19.0944 1408 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
17:46:19.0944 1408 Boot (0x1200) (578195367b05915c1b7023a38753907f) \Device\Harddisk0\DR0\Partition0
17:46:19.0944 1408 \Device\Harddisk0\DR0\Partition0 - ok
17:46:19.0944 1408 ============================================================
17:46:19.0944 1408 Scan finished
17:46:19.0944 1408 ============================================================
17:46:19.0960 0464 Detected object count: 1
17:46:19.0960 0464 Actual detected object count: 1
17:46:46.0523 0464 \Device\Harddisk0\DR0\# - copied to quarantine
17:46:46.0523 0464 \Device\Harddisk0\DR0 - copied to quarantine
17:46:46.0601 0464 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
17:46:46.0601 0464 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
17:46:46.0601 0464 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
17:46:46.0601 0464 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
17:46:46.0601 0464 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
17:46:46.0617 0464 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
17:46:46.0617 0464 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
17:46:46.0617 0464 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
17:46:46.0617 0464 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
17:46:46.0679 0464 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
17:46:46.0695 0464 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
17:46:46.0695 0464 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
17:46:46.0711 0464 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
17:46:46.0711 0464 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
17:46:46.0726 0464 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
17:46:46.0726 0464 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
17:46:46.0726 0464 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine
17:46:46.0742 0464 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
17:46:46.0961 0464 \Device\Harddisk0\DR0\TDLFS\sant32 - copied to quarantine
17:46:46.0976 0464 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
17:46:46.0976 0464 \Device\Harddisk0\DR0\TDLFS\time.txt - copied to quarantine
17:46:46.0976 0464 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
17:46:47.0007 0464 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
17:46:47.0023 0464 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
17:46:47.0023 0464 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
17:46:47.0023 0464 \Device\Harddisk0\DR0 - ok
17:46:47.0211 0464 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
17:47:23.0274 1636 Deinitialize success

---------------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-23 18:43:57
-----------------------------
18:43:57.875 OS Version: Windows 5.1.2600 Service Pack 3
18:43:57.875 Number of processors: 2 586 0xF06
18:43:57.875 ComputerName: MTL72 UserName:
18:43:58.578 Initialize success
18:44:05.375 AVAST engine defs: 12032302
18:44:08.546 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:44:08.546 Disk 0 Vendor: WDC_WD5001AALS-00E3A0 05.01D05 Size: 476940MB BusType: 3
18:44:08.562 Disk 0 MBR read successfully
18:44:08.562 Disk 0 MBR scan
18:44:08.578 Disk 0 Windows XP default MBR code
18:44:08.578 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
18:44:08.578 Disk 0 scanning sectors +976752000
18:44:08.640 Disk 0 scanning C:\WINNT\system32\drivers
18:44:18.125 Service scanning
18:44:32.109 Modules scanning
18:44:34.359 Disk 0 trace - called modules:
18:44:34.375 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
18:44:34.375 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b0c4ab8]
18:44:34.375 3 CLASSPNP.SYS[f7667fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b0c5d98]
18:44:35.500 AVAST engine scan C:\WINNT
18:44:42.531 AVAST engine scan C:\WINNT\system32
18:49:11.984 AVAST engine scan C:\WINNT\system32\drivers
18:49:43.546 AVAST engine scan C:\Documents and Settings\crumpms
19:48:32.843 AVAST engine scan C:\Documents and Settings\All Users
19:58:56.609 Scan finished successfully
20:05:17.250 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\crumpms\Desktop\Bleeping Computer\MBR.dat"
20:05:17.250 The log file has been saved successfully to "C:\Documents and Settings\crumpms\Desktop\Bleeping Computer\aswMBR.txt"


Mike

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:06 AM

Posted 23 March 2012 - 09:04 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 crumpms

crumpms
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 23 March 2012 - 10:57 PM

Gringo,
here's the report:

3dSNMP N.E.T. Standard
7-Zip 4.42
Ad-Aware SE Personal
Adobe Acrobat 9 Pro
Adobe Acrobat 9.4.2 - CPSID_83708
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Community Help
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Download Manager
Adobe Dreamweaver CS4
Adobe Dreamweaver CS5
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 Professional
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop 6.0
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SVG Viewer 3.0
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AGI License Manager
Apple Software Update
Audacity 1.2.6
Autodesk MapGuide® Viewer ActiveX Control Release 6.5
AutoUpdate
BASCOM-8051 Setup
Beneton Movie GIF 1.1.1
Bing Maps 3D
BPD_Scan
BPDSoftware
C6150n Series PS Driver from OKI® Printing Solutions for Windows XP - Windows Vista - Windows Server 2003
CamStudio
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Connect
Cosmo Player 2.1.1
Creative DVD Audio Plugin for Audigy Series
Critical Update for Windows Media Player 11 (KB959772)
Crystal Reports for Visual Studio
Cubloc Studio
Cute Video Converter version 3.7.0.0
Data Lifeguard Diagnostic for Windows
Defraggler
Dev-C++ 4
DiscWizard for Windows
DivX
DivX Player
Dotfuscator Software Services - Community Edition
DVD Shrink 3.2
EASEUS Data Recovery Wizard Free Edition 5.5.1
EASEUS Todo Backup Free 2.5.1
EDR Enhanced API Full
Enterprise
EPSON Scan
Eudora
Eudora OSE (1.0)
Eudora Pro 4.0
FLV Player 1.3.3
FLV Player 2.0 (build 25)
FolderShare
Foxit Reader 5.0
FrontPage Database Interrogator
GIF Construction Set Professional
GoToMeeting 4.8.0.723
GroupWise
Hackman Suite
Harry's Filters 3.01
HijackThis 2.0.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2522890)
Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2529927)
Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2542054)
Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2548139)
Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2549864)
Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2635973)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB958655-v2)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB969084)
Hotfix for Windows XP (KB969238)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB981793)
HP Image Zone Express
HP Officejet Pro 7.0 Corporate Edition
Industrial Gadgets ActiveX Product Family
InstaCal and Universal Library
InterActual Player
InterVideo WinDVD 6
IVI Shared Component
IVI Shared Components 2.2.1
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java™ 6 Update 20
JD Secure 3.1
kuler
LAME v3.99.3 (for Windows)
LightWave 3D 9.6
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Macromedia Fireworks MX 2004
Macromedia Flash MX 2004
Macromedia FreeHand MXa
Malwarebytes Anti-Malware version 1.60.1.1000
MathPlayer
MATLAB R2007a
Microsoft .NET Compact Framework 1.0 SP3 Developer
Microsoft .NET Compact Framework 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft ADO.NET 2.0 Step by Step
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Device Emulator version 1.0 - ENU
Microsoft Diagnostics and Recovery Toolset 5.0
Microsoft Document Explorer 2005
Microsoft FrontPage 2000 SR-1
Microsoft Help Viewer 1.0
Microsoft Office 2000 SR-1 Professional
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime v1.0 SP1 (x86)
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Sync Framework Services v1.0 SP1 (x86)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
Microsoft Team Foundation Server 2010 Object Model - ENU
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Virtual PC 2007 SP1
Microsoft Visual Basic 2005 Step by Step
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual F# 2.0 Runtime
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Office Developer Tools (x86)
Microsoft Visual Studio 2010 Performance Collection Tools - ENU
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Microsoft Visual Studio 2010 Ultimate - ENU
Microsoft Visual Studio 6.0 Professional Edition
Microsoft Visual Studio Macro Tools
Microsoft Windows Media Video 9 VCM
Microsoft XML Parser and SDK
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MoviePod
Moyea FLV to Video Converter Pro version 1.25.1.0
Mozilla Firefox (3.6.26)
MSDN Library - Visual Studio 6.0
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Musicmatch® Jukebox
National Instruments Software
NDG Software - EtherBoy 1.6
NDG Software - PacketBoy 1.6
NDG Software - WebBoy 1.6
Nero 6 Ultra Edition
Nero Digital
NewTek LightWave 3D [8]
NewTek Vidget
NI-653x Installer 1.9.4
NI-APAL 2.0 Error Files
NI-DAQ C and VB6 API 2.3.0
NI-DAQ Document Set 9.3.5
NI-DAQ INF Files 19.3.5
NI-DAQmx 9.3.5
NI-DAQmx ADE Support 9.3.5
NI-DAQmx Documentation 9.3.5
NI-DAQmx MAX Configuration Support 9.3.5
NI-DAQmx Support for .NET Framework 4.0
NI-DAQmx support for LabVIEW 2.1.0
NI-DAQmx Switch Core 2.2.0
NI-DAQmx/LabVIEW shared documentation 1.9.5
NI-DIM 1.11.0f0
NI-MDBG 1.10.0f0
NI-Mesa
NI-MRU 2.11.1f0
NI-MX Expert Framework 2.8.0
NI-MXDF 1.11.5f1
NI-MXLC Core (32-bit)
NI-MXLC LabVIEW 2009 Support
NI-MXLC LabVIEW 2010 Support
NI-MXLC LabVIEW 2011 Support
NI-MXLC LabVIEW 8.6 Support
NI-ORB 1.9.3f0
NI-PAL 2.6.5f0
NI-RPC 3.3.0f0 for Phar Lap ETS
NI-RPC 4.2.0f0 for Phar Lap ETS
NI-RPC 4.2.2f0
NI-RPC 4.2.2f0 for Phar Lap ETS
NI-VISA Runtime 5.0.3
NI AFW Channel Configuration Tool
NI AFW Custom UI
NI AFW Custom UI Assemblies
NI AFW UI Assemblies
NI Assistant Framework
NI Assistant Framework LabVIEW Code Generator 6.1
NI Assistant Framework LabVIEW Code Generator 7.0
NI Assistant Framework LabVIEW Code Generator 7.1
NI Assistant Framework LabVIEW Code Generator 8.0
NI Assistant Framework LabVIEW Code Generator 8.2
NI Authentication 2.0
NI Calibration Provider for MAX 5.0.0
NI Certificates Deployment Support
NI Common Digital 1.13.0
NI ComponentWorks
NI ComponentWorks Plus Pack
NI Curl 1.1
NI DAQ Assistant 2.0.0
NI DataSocket 4.8
NI Distributed System Manager 2010
NI DN 2.0 SP1 installer
NI Dynamic Signal Acquisition Installer 2.2.0
NI Error Reporting 2011
NI Ethernet Device Enumerator
NI EulaDepot
NI Example Finder 8.2
NI FSL Installer 1.13.0
NI GMP Windows 32-bit Installer 11.0.0
NI Help Assistant
NI Help Configuration Utility for VS2010
NI Instrument IO Assistant for LabVIEW 8.2
NI IO Trace 3.0.0
NI IVI Class Drivers
NI IVI Class Simulation Drivers
NI IVI Compliance Package 4.4
NI IVI Engine
NI IVI Online Help
NI IVI Provider for MAX
NI LabVIEW 2009 SP1 Run-Time Engine Web Services
NI LabVIEW 2010 Real-Time NBFifo
NI LabVIEW 2011 Deployment Framework
NI LabVIEW 2011 Real-Time Error Dialog
NI LabVIEW 2011 Real-Time NBFifo
NI LabVIEW 2011 Run-Time Engine Non-English Support.
NI LabVIEW 8.2
NI LabVIEW 8.2 Activity
NI LabVIEW 8.2 Applibs
NI LabVIEW 8.2 CINtools
NI LabVIEW 8.2 Device Detection and Deployment Support
NI LabVIEW 8.2 Examples
NI LabVIEW 8.2 gMath
NI LabVIEW 8.2 Help
NI LabVIEW 8.2 Help File
NI LabVIEW 8.2 iMath
NI LabVIEW 8.2 Instr.lib
NI LabVIEW 8.2 Manuals
NI LabVIEW 8.2 MeasAppChm File
NI LabVIEW 8.2 Menus
NI LabVIEW 8.2 Project
NI LabVIEW 8.2 Resource
NI LabVIEW 8.2 Simulation
NI LabVIEW 8.2 Templates
NI LabVIEW 8.2 User.lib
NI LabVIEW 8.2 VI.lib
NI LabVIEW 8.2 WWW
NI LabVIEW Broker
NI LabVIEW C Interface
NI LabVIEW Deployable License 8.2
NI LabVIEW EWB DeviceHandler 2010
NI LabVIEW MAX XML
NI LabVIEW Real-Time FIFO for Runtime
NI LabVIEW Real-Time NBFifo
NI LabVIEW Run-Time Engine 2009 SP1
NI LabVIEW Run-Time Engine 2010 SP1
NI LabVIEW Run-Time Engine 2011
NI LabVIEW Run-Time Engine 7.1
NI LabVIEW Run-Time Engine 8.0
NI LabVIEW Run-Time Engine 8.2.1
NI LabVIEW Run-Time Engine 8.6.1
NI LabVIEW Run-Time Engine Interop 2009
NI LabVIEW Run-Time Engine Interop 2010
NI LabVIEW Run-Time Engine Interop 2011
NI LabVIEW SignalExpress 2011
NI LabVIEW SignalExpress 2011 Core
NI LabVIEW SignalExpress 2011 Datatypes
NI LabVIEW SignalExpress 2011 Licenses
NI LabVIEW SignalExpress 2011 Steps
NI LabVIEW SignalExpress 2011 Tools
NI LabVIEW Web Server for Run-Time Engine
NI LabVIEW Web Services Runtime
NI LabWindows/CVI 2010 Analysis Library
NI LabWindows/CVI 2010 Code Generator
NI LabWindows/CVI 2010 Network Variable Library
NI LabWindows/CVI 2010 TDM Streaming Library
NI LabWindows/CVI 7.1.1 Run Time Engine
NI License Manager
NI Logos 5.3.0
NI Logos LabVIEW 8.2 Support
NI Logos XT Support
NI LVBrokerAux 8.2
NI LVBrokerAux8.0
NI Math Kernel Libraries
NI MAX LabVIEW Support
NI MAX Remote Configuration Installer 5.0
NI MDF Support
NI mDNS Responder 1.6.0
NI Measurement & Automation Explorer 5.0.0
NI Measurement Studio 2010 Enterprise Examples for VS2010
NI Measurement Studio 2010 for VS2010
NI Measurement Studio 2010 Help for VS2010
NI Measurement Studio 2010 Integration for VS2010
NI Measurement Studio 2010 RunTime for VS2010
NI Measurement Studio 8.6 Enterprise RunTime for VS2005
NI Measurement Studio Common .NET Assemblies for .NET 2.0
NI Measurement Studio Common .NET Assemblies for .NET 4.0
NI Measurement Studio DLL for VS2010
NI Measurement Studio Interfaces Support for VS2010
NI Measurement Studio Recipe Processor
NI Measurement Studio User Interface ActiveX controls
NI MetaSuite Installer
NI Microsoft Silverlight Wrapper
NI MIO Device Drivers 2.6.0
NI MXS 5.0.0
NI Network Browser 5.0.0
NI Network Discovery 5.0
NI OPC Support
NI Portable Configuration 5.0.0
NI PXI Platform Framework 1.3.2
NI PXI Platform Services 2.6.2
NI PXI Platform Services 2.6.2 Configuration Support
NI PXI Platform Services 2.6.2 Expert
NI PXI SystemAPI Expert 2.6.2
NI Registration Wizard
NI Remote Provider for MAX 5.0.0
NI Remote PXI Provider for MAX 5.0.0
NI RTSI Cable Core Installer 1.0.0
NI RTSI PAL Device Library Installer 1.0.0
NI RTSI UI Provider 1.0.0
NI SCXI 1.15.0
NI Software Provider for MAX 5.0.0
NI SSL Support
NI STC 1.10.0
NI System API Web-Servce 32-bit 5.0.0
NI System API Windows 32-bit 5.0.0
NI System Configuration 5.0.0 LabVIEW Support
NI System Configuration CVI Support 5.0.0
NI System Configuration Runtime 5.0.0
NI System State Publisher
NI System Web Server 2.0
NI System Web Server Base 2.0
NI TDM Excel Add-In 3.3
NI TDMS
NI Timing Installer 2.3.0
NI Trace Engine
NI Uninstaller
NI Update Service 2.0
NI USI 1.3.0
NI Variable Engine 2.4.0
NI Variable Engine LabVIEW 8.2 Support
NI Variable Manager
NI VC2005MSMs x86
NI VC2008MSMs x86
NI VC2010MSMs x86
NI Visual C++ 2010 Redistributable Package
NI Web Application Server 2.0
NI Web Pipeline
NI Xalan Delay Load 1.10.1
NI Xerces Delay Load 2.7.3
NVIDIA Control Panel 285.58
NVIDIA Graphics Driver 285.58
NVIDIA Install Application
NVIDIA nView 135.95
NVIDIA PhysX
NVIDIA PhysX System Software 9.11.0621
NVIDIA Update 1.5.20
NVIDIA Update Components
PDF Settings CS4
Perle DeviceManager
Perle TruePort Driver
Perle TruePort Prerequisite
Photoshop Camera Raw
Pixel Bender Toolkit
PL-2303 USB-to-Serial
PowerQuest PartitionMagic 7.0
QFolder
QuickTime
RealFlow
RealPlayer
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Reset NI Config 5.0.0
Scan
SDP Downloader
SeaTools for Windows
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB925674)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937060)
Security Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2645410)
Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2483614)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Sentinel Protection Installer 7.5.0
Service Pack 3 for SQL Server 2008 (KB2546951)
ShadowProtect Desktop
Signo
Silicon Laboratories C8051Fxxx Documentation
Silicon Laboratories Configuration Wizards v1.4
Silicon Laboratories Development IDE & Examples v2.7
Silicon Laboratories, Keil 4k limited Evaluation 8051 Toolset
SmartDraw 5
Sophos Anti-Virus
Sophos AutoUpdate
Sophos Remote Management System
SoundMAX
Spybot - Search & Destroy 1.4
Sql Server Customer Experience Improvement Program
STK 9
Suite Shared Configuration CS4
Sunny Data Control
Symbol Factory ActiveX 2.0
Thredgeholder Plugin v 1.1
Trojan Remover 6.8.2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2264107)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
User Mode Process Dumper
VanDyke Software SecureCRT 6.0
VC 9.0 Runtime
Video mp3 Extractor
Viewpoint Manager (Remove Only)
Viewpoint Media Player
ViewSonic Monitor Drivers
VISA Shared Components
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VNC 3.3.7
WatchGuard Mobile VPN
WCF RIA Services V1.0 SP1
Web Deployment Tool
WebEx
WebEx Event Manager for Firefox or Chrome
WebFldrs XP
Windows Automated Installation Kit
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows NT Messaging
Windows XP Service Pack 3
WinZip
Xerox WC M20 Series PCL 6
XML Paper Specification Shared Components Pack 1.0

Mike

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:06 AM

Posted 23 March 2012 - 11:06 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 20
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 crumpms

crumpms
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 24 March 2012 - 09:38 AM

Hi Gringo,
I've done the following:
(1) uninstalled "J2SE Runtime Environment 5.0 Update 6"
(2) uninstalled "Java 6 Update 20".
(3) removed Adobe Reader version 9 (I have not yet installed a newer replacement, but I will)
(4) installed JAVA
(5) ran CCleaner
(6) ran Malwarebytes' Anti-Malware
(7) downloaded and ran HijackThis

I had no problems with removing old software/cleaning/downloading and installing new software; it appears to be running very smoothly. So far, Google and Bing searches are running very quickly and I have not yet had any redirects.

Here are the log files for MBAM and HijackThis:


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.24.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
CRUMPMS :: MTL72 [administrator]

3/24/2012 9:09:46 AM
mbam-log-2012-03-24 (09-09-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 295222
Time elapsed: 4 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

--------------------------------------------------------------------
--------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:20:19 AM, on 3/24/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\program files\BackLog\AuditService.exe
C:\WINNT\system32\lkads.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe
C:\Program Files\WatchGuard\Mobile VPN\ncprwsnt.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\Program Files\National Instruments\Shared\NI WebServer\SystemWebServer.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\local\etc\rshd.exe
C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\kktools\userdump.exe
C:\WINNT\System32\vssvc.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINNT\system32\lkcitdl.exe
C:\WINNT\system32\lktsrv.exe
C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
C:\WINNT\system32\nipxism.exe
C:\WINNT\system32\vsnapvss.exe
C:\Program Files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
C:\Program Files\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\Explorer.EXE
C:\WINNT\RTHDCPL.EXE
C:\WINNT\system32\RunDLL32.exe
C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINNT\notepad.exe
C:\WINNT\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.auburn.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\almon.exe
O4 - HKLM\..\Run: [niDevMon] C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\national instruments\shared\mdns responder\nimdnsnsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\all users\application data\sophos web intelligence\swi_lsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\all users\application data\sophos web intelligence\swi_lsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\all users\application data\sophos web intelligence\swi_lsp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1275937914093
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194877977687
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\WINNT\msxml4.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eng.auburn.edu
O17 - HKLM\Software\..\Telephony: DomainName = eng.auburn.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eng.auburn.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = duc.auburn.edu,dns.auburn.edu
O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O23 - Service: BackLog EventLog Forwarder (BackLog) - Unknown owner - C:\program files\BackLog\AuditService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINNT\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\WINNT\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINNT\system32\lktsrv.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINNT\SYSTEM32\LxrJD31s.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: ncpclcfg - Unknown owner - C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe
O23 - Service: ncprwsnt - NCP Engineering GmbH - C:\Program Files\WatchGuard\Mobile VPN\ncprwsnt.exe
O23 - Service: NcpSec - Unknown owner - C:\Program Files\WatchGuard\Mobile VPN\ncpsec.exe
O23 - Service: NI Application Web Server (NIApplicationWebServer) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
O23 - Service: NI Device Loader (nidevldu) - National Instruments Corporation - C:\WINNT\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: National Instruments LXI Discovery Service (niLXIDiscovery) - National Instruments Corporation - C:\Program Files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
O23 - Service: National Instruments mDNS Responder Service (nimDNSResponder) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
O23 - Service: NI Network Discovery (NINetworkDiscovery) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
O23 - Service: NI PXI Resource Manager Service (nipxirmu) - National Instruments Corporation - C:\WINNT\system32\nipxism.exe
O23 - Service: NI System Web Server (niSvcLoc) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\NI WebServer\SystemWebServer.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINNT\system32\OpcEnum.exe
O23 - Service: RSH Daemon (rshd) - Unknown owner - C:\WINNT\local\etc\rshd.exe
O23 - Service: ShadowProtect Service (ShadowProtectSvc) - StorageCraft Technology Corporation - C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
O23 - Service: Perle TruePort Service (TruePortSrv) - Perle Systems Limited - C:\WINNT\system32\trueport.exe
O23 - Service: StorageCraft Shadow Copy Provider (VSNAPVSS) - StorageCraft Technology Corporation - C:\WINNT\system32\vsnapvss.exe
O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\WinVNC.exe

--
End of file - 12307 bytes

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:06 AM

Posted 24 March 2012 - 10:21 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
      O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
      O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 crumpms

crumpms
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 24 March 2012 - 02:38 PM

Gringo,
here's the results of the Eset Online Scanner:

C:\Documents and Settings\crumpms\My Documents\Downloads\cnet2_trj682_exe.exe a variant of Win32/InstallCore.D application
C:\Documents and Settings\crumpms\My Documents\Software\FLV2Video\FLV2Video_Setup.exe probably a variant of Win32/Agent.CILWIIQ trojan
C:\Program Files\Moyea\FLV to Video Pro\FLVDownloader_Install.exe probably a variant of Win32/Agent.CILWIIQ trojan
C:\TDSSKiller_Quarantine\23.03.2012_17.45.48\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Kryptik.ZQI trojan
C:\TDSSKiller_Quarantine\23.03.2012_17.45.48\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmasco.W trojan
C:\TDSSKiller_Quarantine\23.03.2012_17.45.48\mbr0000\tdlfs0000\tsk0007.dta a variant of Win32/Olmasco.O trojan
C:\TDSSKiller_Quarantine\23.03.2012_17.45.48\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmasco.X trojan
C:\TDSSKiller_Quarantine\23.03.2012_17.45.48\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmasco.O trojan
C:\TDSSKiller_Quarantine\23.03.2012_17.45.48\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmasco.R trojan
C:\TDSSKiller_Quarantine\23.03.2012_17.45.48\mbr0000\tdlfs0000\tsk0011.dta a variant of Win32/Olmasco.Q trojan
C:\TDSSKiller_Quarantine\23.03.2012_17.45.48\mbr0000\tdlfs0000\tsk0012.dta Win64/Olmasco.X trojan
C:\TDSSKiller_Quarantine\23.03.2012_17.45.48\mbr0000\tdlfs0000\tsk0022.dta probably a variant of Win32/Agent.JXRMWBC trojan


Mike




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users