Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Redirect / Virus


  • This topic is locked This topic is locked
31 replies to this topic

#1 Snaejneerg

Snaejneerg

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 AM

Posted 23 March 2012 - 12:14 PM

My son started this thread at the link below.

http://www.bleepingcomputer.com/forums/topic446127.html/page__p__2630145__fromsearch__1#entry2630145

I disabled AVG Free Antivirus & disabled internet connection and both programs crashed.
3/23/2012
Next I enabled the internet, disabled AVG & uninstalled Spybot. Tried to run DDS twice and it crashed the system hard…total freeze, no mouse movement, keyboard disabled. Had to use the power button to shutdown.
Then tried to run GMER and it was running for about 35 min and suddenly my machine rebooted itself without warning.
I have not been able generate any logs from these programs except for some GMER screen captures after an earlier program stoppage.

Attached Files

  • Attached File  OTL.Txt   91.77KB   2 downloads


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:52 AM

Posted 24 March 2012 - 12:31 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Backup any files that cannot be replaced

If you have not done it yet spend a few minutes to backup any files that cannot be replaced. Removing malware can be unpredictable and this may save you and me allot of grief later.

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

you may want to backup the whole harddrive there is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the files backed up you may do the following.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Snaejneerg

Snaejneerg
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 AM

Posted 24 March 2012 - 09:50 AM

Thank you Gringo! I won't be able to start on this until tomorrow and I will keep you updated as I proceed with your instructions. I'll contact you again soon.
Nos vemos,
George Cahill

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:52 AM

Posted 24 March 2012 - 10:00 AM

ok see you then :thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Snaejneerg

Snaejneerg
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 AM

Posted 26 March 2012 - 11:11 AM

Hello Gringo,
I downloaded combofix, backed-up my important info, and started combofix. I had neglected to turn off my AVG and when the Combofix warning screen came up, I disabled avg and then told it to proceed. It downloaded & installed the Recovery console. Then the DOS window appeared telling me it would take about ten minutes and easily double that if my computer was highly infected. After 40 minutes it was still on that unchanged screen. I thought perhaps I had disrupted the process when I disabled the AVG, so I tried to close the combofix window. I could not and my computer was unresponsive except for the mouse...ctrl+alt+delete and ctrl+shift+esc had no effect. I finally use a brute-force shut down to turn off the computer. After restart, I made sure everything was set-up correctly and tried the Combofix again. I set the stop-watch function on my watch and went to bed. I returned to the computer 8 hours and 45 minutes later and the screen was the same...my Windows desktop showing the Combofix DOS screen with a blinking cursor. No other information and I couldn't find any newly generated logs.
I tried searches on both IE and Firefox with very similar results...I input items I've not searched for previously, i.e., 'polaris missle', 'rome georgia', 'antarctica' to compare speed, results and re-directs. On both browsers, neither Google or Bing produce any results after a long search and return the PROBLEM LOADING PAGE warning. AVG search takes forever and returns limited results. Yahoo, however, pops right up with results and NO Redirects...so far.

When I checked for a log I saw ComboFix had reproduced itself, along with the entire directory multiple times. I counted 14 reproductions and stopped counting. Confusing! I've attached a screen capture in a Word .doc file.

Anyway, that's all I have for now. I look forward to reading your response...this is very interesting!

Again, thanks for your help.
George

Attached Files



#6 Snaejneerg

Snaejneerg
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 AM

Posted 26 March 2012 - 11:13 AM

PS: after ComboFix ran all night, once again & had to hold the power button to reboot the computer...may be unimportant, but who knows?
Thanks,
George

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:52 AM

Posted 26 March 2012 - 11:28 AM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Snaejneerg

Snaejneerg
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 AM

Posted 27 March 2012 - 08:16 AM

Gringo,
disabled AVG, rebooted into safe mode, ran ComboFix under Administrator, a screen came up that said it was out of date????, ran it anyway since I was in safe mode and it made more progress than any other time I've run it. After 22 minutes it showed a bunch of entries [mostly DLL's] and said it was deleting folders and showed three that were on the C: drive...then it stated not to open any programs until ComoboFix finished producing it's report & I went to bed. Checked 6hours, 18min later & it was still stuck on that screen. Computer was unresponsive except for mouse movement. Brute-force reboot. Downloaded New combofix, rebooted to safe-mode, ran combofix again for 1 hour. no results & no actions taken. Can't find any report but found a folder, Qoobox, that indicated same times as Combofix was running. Also found a TDSSKiller Quarantine folder.
Okay, so what's next? I'm clueless!
Again, can't tell you how much I appreciate your help.
George Cahill

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:52 AM

Posted 27 March 2012 - 08:50 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Snaejneerg

Snaejneerg
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 AM

Posted 27 March 2012 - 02:09 PM

Gringo,
Ran TDSSKiller without incident...here is the Report:

14:57:41.0468 1516 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
14:57:42.0062 1516 ============================================================
14:57:42.0062 1516 Current date / time: 2012/03/27 14:57:42.0062
14:57:42.0062 1516 SystemInfo:
14:57:42.0062 1516
14:57:42.0062 1516 OS Version: 5.1.2600 ServicePack: 3.0
14:57:42.0062 1516 Product type: Workstation
14:57:42.0062 1516 ComputerName: INVINC-10
14:57:42.0062 1516 UserName: George N. Cahill III
14:57:42.0062 1516 Windows directory: C:\WINDOWS
14:57:42.0062 1516 System windows directory: C:\WINDOWS
14:57:42.0062 1516 Processor architecture: Intel x86
14:57:42.0062 1516 Number of processors: 4
14:57:42.0062 1516 Page size: 0x1000
14:57:42.0062 1516 Boot type: Normal boot
14:57:42.0062 1516 ============================================================
14:57:43.0531 1516 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:57:43.0546 1516 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:57:43.0562 1516 Drive \Device\Harddisk2\DR2 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:57:43.0593 1516 \Device\Harddisk0\DR0:
14:57:43.0593 1516 MBR used
14:57:43.0593 1516 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385800
14:57:43.0593 1516 \Device\Harddisk1\DR1:
14:57:43.0593 1516 MBR used
14:57:43.0593 1516 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
14:57:43.0593 1516 \Device\Harddisk2\DR2:
14:57:43.0593 1516 MBR used
14:57:43.0593 1516 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
14:57:43.0656 1516 Initialize success
14:57:43.0656 1516 ============================================================
14:57:47.0265 2508 ============================================================
14:57:47.0265 2508 Scan started
14:57:47.0265 2508 Mode: Manual;
14:57:47.0265 2508 ============================================================
14:57:48.0218 2508 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
14:57:48.0218 2508 !SASCORE - ok
14:57:48.0437 2508 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
14:57:48.0500 2508 61883 - ok
14:57:48.0531 2508 Abiosdsk - ok
14:57:48.0531 2508 abp480n5 - ok
14:57:48.0578 2508 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:57:48.0578 2508 ACPI - ok
14:57:48.0593 2508 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:57:48.0593 2508 ACPIEC - ok
14:57:48.0687 2508 AcrSch2Svc (af6481c648ea9a76569aacb73eac286a) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
14:57:48.0687 2508 AcrSch2Svc - ok
14:57:48.0718 2508 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\WINDOWS\system32\drivers\adfs.sys
14:57:48.0718 2508 adfs - ok
14:57:48.0828 2508 Adobe Version Cue CS4 (9444a3530c2e88b7ed96a566ff9ccc13) C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
14:57:48.0828 2508 Adobe Version Cue CS4 - ok
14:57:48.0828 2508 adpu160m - ok
14:57:48.0859 2508 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:57:48.0859 2508 aec - ok
14:57:48.0906 2508 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:57:48.0906 2508 AFD - ok
14:57:48.0906 2508 Aha154x - ok
14:57:48.0906 2508 aic78u2 - ok
14:57:48.0921 2508 aic78xx - ok
14:57:48.0953 2508 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
14:57:48.0953 2508 Alerter - ok
14:57:48.0968 2508 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
14:57:48.0968 2508 ALG - ok
14:57:48.0968 2508 AliIde - ok
14:57:48.0984 2508 amsint - ok
14:57:49.0046 2508 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:57:49.0046 2508 Apple Mobile Device - ok
14:57:49.0078 2508 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
14:57:49.0078 2508 AppMgmt - ok
14:57:49.0093 2508 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:57:49.0093 2508 Arp1394 - ok
14:57:49.0109 2508 asc - ok
14:57:49.0109 2508 asc3350p - ok
14:57:49.0109 2508 asc3550 - ok
14:57:49.0203 2508 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:57:49.0234 2508 aspnet_state - ok
14:57:49.0250 2508 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:57:49.0250 2508 AsyncMac - ok
14:57:49.0265 2508 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:57:49.0265 2508 atapi - ok
14:57:49.0265 2508 Atdisk - ok
14:57:49.0312 2508 Ati HotKey Poller (688e49afef3a07fca943250d6a9729aa) C:\WINDOWS\system32\Ati2evxx.exe
14:57:49.0312 2508 Ati HotKey Poller - ok
14:57:49.0359 2508 ATI Smart (af9ff191e134e49bdc0e8d93f4f1b843) C:\WINDOWS\system32\ati2sgag.exe
14:57:49.0421 2508 ATI Smart - ok
14:57:49.0484 2508 ati2mtag (86a7a22f3670465ef575614e001159c0) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:57:49.0500 2508 ati2mtag - ok
14:57:49.0531 2508 ATIAVAIW (174fc5250bfe94b7e94c9eb8552ccaf2) C:\WINDOWS\system32\DRIVERS\atinavt2.sys
14:57:49.0546 2508 ATIAVAIW - ok
14:57:49.0546 2508 AtiHDAudioService - ok
14:57:49.0578 2508 AtiHdmiService (dc6957811ff95f2dd3004361b20d8d3f) C:\WINDOWS\system32\drivers\AtiHdmi.sys
14:57:49.0593 2508 AtiHdmiService - ok
14:57:49.0625 2508 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:57:49.0625 2508 Atmarpc - ok
14:57:49.0671 2508 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
14:57:49.0671 2508 AudioSrv - ok
14:57:49.0703 2508 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:57:49.0703 2508 audstub - ok
14:57:49.0734 2508 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
14:57:49.0750 2508 Avc - ok
14:57:49.0750 2508 AVCSTRM (e625773d7b950842d582f713656859c0) C:\WINDOWS\system32\DRIVERS\avcstrm.sys
14:57:49.0750 2508 AVCSTRM - ok
14:57:49.0906 2508 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
14:57:49.0984 2508 AVGIDSAgent - ok
14:57:50.0015 2508 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
14:57:50.0015 2508 AVGIDSDriver - ok
14:57:50.0046 2508 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
14:57:50.0046 2508 AVGIDSEH - ok
14:57:50.0062 2508 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
14:57:50.0078 2508 AVGIDSFilter - ok
14:57:50.0078 2508 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
14:57:50.0078 2508 AVGIDSShim - ok
14:57:50.0093 2508 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
14:57:50.0093 2508 Avgldx86 - ok
14:57:50.0093 2508 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
14:57:50.0093 2508 Avgmfx86 - ok
14:57:50.0125 2508 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
14:57:50.0125 2508 Avgrkx86 - ok
14:57:50.0140 2508 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
14:57:50.0140 2508 Avgtdix - ok
14:57:50.0187 2508 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
14:57:50.0187 2508 avgwd - ok
14:57:50.0203 2508 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:57:50.0203 2508 Beep - ok
14:57:50.0218 2508 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
14:57:50.0250 2508 BITS - ok
14:57:50.0312 2508 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
14:57:50.0312 2508 Bonjour Service - ok
14:57:50.0359 2508 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
14:57:50.0359 2508 Browser - ok
14:57:50.0453 2508 catchme - ok
14:57:50.0484 2508 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:57:50.0484 2508 cbidf2k - ok
14:57:50.0500 2508 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:57:50.0500 2508 CCDECODE - ok
14:57:50.0500 2508 cd20xrnt - ok
14:57:50.0515 2508 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:57:50.0515 2508 Cdaudio - ok
14:57:50.0515 2508 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:57:50.0515 2508 Cdfs - ok
14:57:50.0546 2508 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:57:50.0546 2508 Cdrom - ok
14:57:50.0562 2508 Changer - ok
14:57:50.0593 2508 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
14:57:50.0593 2508 CiSvc - ok
14:57:50.0609 2508 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
14:57:50.0609 2508 ClipSrv - ok
14:57:50.0671 2508 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:57:50.0718 2508 clr_optimization_v2.0.50727_32 - ok
14:57:50.0750 2508 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:57:50.0781 2508 clr_optimization_v4.0.30319_32 - ok
14:57:50.0781 2508 CmdIde - ok
14:57:50.0781 2508 COMSysApp - ok
14:57:50.0796 2508 Cpqarray - ok
14:57:50.0796 2508 cpuz134 - ok
14:57:50.0812 2508 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
14:57:50.0812 2508 CryptSvc - ok
14:57:50.0828 2508 dac2w2k - ok
14:57:50.0828 2508 dac960nt - ok
14:57:50.0843 2508 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
14:57:50.0843 2508 DcomLaunch - ok
14:57:50.0859 2508 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
14:57:50.0859 2508 Dhcp - ok
14:57:50.0859 2508 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:57:50.0859 2508 Disk - ok
14:57:50.0859 2508 dmadmin - ok
14:57:50.0875 2508 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:57:50.0890 2508 dmboot - ok
14:57:50.0890 2508 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:57:50.0906 2508 dmio - ok
14:57:50.0906 2508 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:57:50.0906 2508 dmload - ok
14:57:50.0921 2508 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
14:57:50.0921 2508 dmserver - ok
14:57:50.0937 2508 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:57:50.0937 2508 DMusic - ok
14:57:50.0953 2508 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
14:57:50.0953 2508 Dnscache - ok
14:57:50.0968 2508 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
14:57:50.0968 2508 Dot3svc - ok
14:57:50.0984 2508 dpti2o - ok
14:57:51.0000 2508 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:57:51.0000 2508 drmkaud - ok
14:57:51.0015 2508 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
14:57:51.0015 2508 EapHost - ok
14:57:51.0046 2508 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
14:57:51.0046 2508 ERSvc - ok
14:57:51.0062 2508 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:57:51.0062 2508 Eventlog - ok
14:57:51.0093 2508 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
14:57:51.0093 2508 EventSystem - ok
14:57:51.0093 2508 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:57:51.0093 2508 Fastfat - ok
14:57:51.0125 2508 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:57:51.0125 2508 FastUserSwitchingCompatibility - ok
14:57:51.0140 2508 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:57:51.0140 2508 Fdc - ok
14:57:51.0156 2508 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:57:51.0156 2508 Fips - ok
14:57:51.0218 2508 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:57:51.0218 2508 FLEXnet Licensing Service - ok
14:57:51.0234 2508 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:57:51.0234 2508 Flpydisk - ok
14:57:51.0250 2508 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:57:51.0250 2508 FltMgr - ok
14:57:51.0328 2508 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:57:51.0328 2508 FontCache3.0.0.0 - ok
14:57:51.0328 2508 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:57:51.0328 2508 Fs_Rec - ok
14:57:51.0343 2508 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:57:51.0343 2508 Ftdisk - ok
14:57:51.0375 2508 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:57:51.0375 2508 GEARAspiWDM - ok
14:57:51.0375 2508 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:57:51.0375 2508 Gpc - ok
14:57:51.0406 2508 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
14:57:51.0406 2508 gupdate - ok
14:57:51.0406 2508 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
14:57:51.0406 2508 gupdatem - ok
14:57:51.0437 2508 HdAudAddService (56bf27d7a539f9e6bbc1de201aba0edf) C:\WINDOWS\system32\drivers\AtiHdAud.sys
14:57:51.0437 2508 HdAudAddService - ok
14:57:51.0484 2508 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:57:51.0484 2508 HDAudBus - ok
14:57:51.0546 2508 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:57:51.0546 2508 helpsvc - ok
14:57:51.0562 2508 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
14:57:51.0578 2508 HidServ - ok
14:57:51.0593 2508 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:57:51.0593 2508 hidusb - ok
14:57:51.0625 2508 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
14:57:51.0625 2508 hkmsvc - ok
14:57:51.0625 2508 hpn - ok
14:57:51.0656 2508 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:57:51.0656 2508 HTTP - ok
14:57:51.0687 2508 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
14:57:51.0687 2508 HTTPFilter - ok
14:57:51.0687 2508 i2omgmt - ok
14:57:51.0703 2508 i2omp - ok
14:57:51.0703 2508 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
14:57:51.0703 2508 i8042prt - ok
14:57:51.0750 2508 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:57:51.0750 2508 IDriverT - ok
14:57:51.0796 2508 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:57:51.0796 2508 idsvc - ok
14:57:51.0828 2508 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:57:51.0828 2508 Imapi - ok
14:57:51.0859 2508 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
14:57:51.0859 2508 ImapiService - ok
14:57:51.0875 2508 ini910u - ok
14:57:51.0968 2508 IntcAzAudAddService (71ae838a88b07268d732f596fc17ced5) C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:57:52.0031 2508 IntcAzAudAddService - ok
14:57:52.0031 2508 IntelIde - ok
14:57:52.0078 2508 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:57:52.0078 2508 intelppm - ok
14:57:52.0109 2508 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:57:52.0109 2508 Ip6Fw - ok
14:57:52.0125 2508 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:57:52.0125 2508 IpFilterDriver - ok
14:57:52.0140 2508 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:57:52.0140 2508 IpInIp - ok
14:57:52.0171 2508 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:57:52.0171 2508 IpNat - ok
14:57:52.0203 2508 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
14:57:52.0234 2508 iPod Service - ok
14:57:52.0250 2508 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:57:52.0250 2508 IPSec - ok
14:57:52.0265 2508 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:57:52.0265 2508 IRENUM - ok
14:57:52.0281 2508 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:57:52.0281 2508 isapnp - ok
14:57:52.0343 2508 JavaQuickStarterService (5e06a9d23727daf96faa796f1135fdcd) C:\Program Files\Java\jre6\bin\jqs.exe
14:57:52.0343 2508 JavaQuickStarterService - ok
14:57:52.0375 2508 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\WINDOWS\system32\DRIVERS\JGOGO.sys
14:57:52.0375 2508 JGOGO - ok
14:57:52.0390 2508 JRAID (b90bc78c29108f7edf86aef4642a0382) C:\WINDOWS\system32\DRIVERS\jraid.sys
14:57:52.0390 2508 JRAID - ok
14:57:52.0406 2508 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:57:52.0406 2508 Kbdclass - ok
14:57:52.0421 2508 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:57:52.0437 2508 kbdhid - ok
14:57:52.0453 2508 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:57:52.0453 2508 kmixer - ok
14:57:52.0468 2508 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:57:52.0468 2508 KSecDD - ok
14:57:52.0500 2508 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
14:57:52.0500 2508 lanmanserver - ok
14:57:52.0515 2508 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
14:57:52.0515 2508 lanmanworkstation - ok
14:57:52.0515 2508 lbrtfdc - ok
14:57:52.0562 2508 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
14:57:52.0562 2508 LmHosts - ok
14:57:52.0562 2508 lxcj_device - ok
14:57:52.0578 2508 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
14:57:52.0578 2508 Messenger - ok
14:57:52.0593 2508 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:57:52.0593 2508 mnmdd - ok
14:57:52.0625 2508 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
14:57:52.0625 2508 mnmsrvc - ok
14:57:52.0656 2508 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:57:52.0656 2508 Modem - ok
14:57:52.0671 2508 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:57:52.0671 2508 Mouclass - ok
14:57:52.0687 2508 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:57:52.0687 2508 mouhid - ok
14:57:52.0703 2508 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:57:52.0703 2508 MountMgr - ok
14:57:52.0734 2508 MPE (83eff7b976ae24f1a496ca94a8a19919) C:\WINDOWS\system32\DRIVERS\MPE.sys
14:57:52.0750 2508 MPE - ok
14:57:52.0750 2508 mraid35x - ok
14:57:52.0750 2508 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:57:52.0765 2508 MRxDAV - ok
14:57:52.0796 2508 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:57:52.0796 2508 MRxSmb - ok
14:57:52.0812 2508 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
14:57:52.0828 2508 MSDTC - ok
14:57:52.0843 2508 MSDV (8575d788395c4d6378d98d1ed7cdadb9) C:\WINDOWS\system32\DRIVERS\msdv.sys
14:57:52.0843 2508 MSDV - ok
14:57:52.0843 2508 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:57:52.0843 2508 Msfs - ok
14:57:52.0843 2508 MSIServer - ok
14:57:52.0875 2508 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:57:52.0875 2508 MSKSSRV - ok
14:57:52.0890 2508 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:57:52.0890 2508 MSPCLOCK - ok
14:57:52.0890 2508 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:57:52.0890 2508 MSPQM - ok
14:57:52.0906 2508 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:57:52.0921 2508 mssmbios - ok
14:57:52.0937 2508 MSTAPE (5c3f9bdf4db23b75306388fc26a0a8e5) C:\WINDOWS\system32\DRIVERS\mstape.sys
14:57:52.0937 2508 MSTAPE - ok
14:57:52.0937 2508 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
14:57:52.0937 2508 MSTEE - ok
14:57:52.0968 2508 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
14:57:52.0968 2508 MTsensor - ok
14:57:52.0968 2508 MtxVxd - ok
14:57:52.0984 2508 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:57:52.0984 2508 Mup - ok
14:57:53.0109 2508 mvkBus (b090049ba20bce39f5407661a33abeca) C:\WINDOWS\system32\DRIVERS\mvkBus.sys
14:57:53.0203 2508 mvkBus - ok
14:57:53.0218 2508 mvkInput (bd5920d85204c52a88b448aeca6d0514) C:\WINDOWS\system32\DRIVERS\mvkInput.sys
14:57:53.0218 2508 mvkInput - ok
14:57:53.0234 2508 mvkLQScaler (ec552a202a9598e1c96670daf53dfe22) C:\WINDOWS\system32\DRIVERS\mvkLQScaler.sys
14:57:53.0234 2508 mvkLQScaler - ok
14:57:53.0234 2508 mvkMemManager (160facbaf0d21ea53577f64e8af02581) C:\WINDOWS\system32\DRIVERS\mvkMemManager.sys
14:57:53.0234 2508 mvkMemManager - ok
14:57:53.0234 2508 mvkMisc (3bc23c3e53e63675828ccd3fb826b68e) C:\WINDOWS\system32\DRIVERS\mvkMisc.sys
14:57:53.0250 2508 mvkMisc - ok
14:57:53.0250 2508 mvkOnBrdIOdsxle (355353dd9596e3880d91e1ea2836c7f8) C:\WINDOWS\system32\DRIVERS\mvkOnBrdIOdsxle.sys
14:57:53.0250 2508 mvkOnBrdIOdsxle - ok
14:57:53.0265 2508 mvkOutput (2662ba3fcf351d02eb935fb8f9a2db1f) C:\WINDOWS\system32\DRIVERS\mvkOutput.sys
14:57:53.0281 2508 mvkOutput - ok
14:57:53.0328 2508 mvkPciOptimizer (f557f4619e17a3351606a7670f8fcdc2) C:\Program Files\Matrox Mx.tools\system\drivers\mvkPciOptimizer.sys
14:57:53.0328 2508 mvkPciOptimizer - ok
14:57:53.0343 2508 mvkSystemClock (b1931eedd99173b7bb131bd29c960bce) C:\WINDOWS\system32\DRIVERS\mvkSystemClock.sys
14:57:53.0343 2508 mvkSystemClock - ok
14:57:53.0343 2508 mvkTransfer (73c6c587007b51f6e6404d2727a562a2) C:\WINDOWS\system32\DRIVERS\mvkTransfer.sys
14:57:53.0343 2508 mvkTransfer - ok
14:57:53.0359 2508 mvOptimizerService (fd7d94d32d594651c3eece14f0582d77) c:\program files\matrox mx.tools\system\mvOptimizerService.exe
14:57:53.0359 2508 mvOptimizerService - ok
14:57:53.0375 2508 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:57:53.0375 2508 NABTSFEC - ok
14:57:53.0406 2508 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
14:57:53.0406 2508 napagent - ok
14:57:53.0437 2508 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:57:53.0453 2508 NDIS - ok
14:57:53.0468 2508 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:57:53.0468 2508 NdisIP - ok
14:57:53.0484 2508 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:57:53.0484 2508 NdisTapi - ok
14:57:53.0515 2508 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:57:53.0515 2508 Ndisuio - ok
14:57:53.0515 2508 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:57:53.0515 2508 NdisWan - ok
14:57:53.0546 2508 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:57:53.0562 2508 NDProxy - ok
14:57:53.0593 2508 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:57:53.0593 2508 NetBIOS - ok
14:57:53.0609 2508 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:57:53.0609 2508 NetBT - ok
14:57:53.0640 2508 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:57:53.0640 2508 NetDDE - ok
14:57:53.0640 2508 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:57:53.0640 2508 NetDDEdsdm - ok
14:57:53.0671 2508 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:57:53.0671 2508 Netlogon - ok
14:57:53.0703 2508 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
14:57:53.0703 2508 Netman - ok
14:57:53.0796 2508 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:57:53.0812 2508 NetTcpPortSharing - ok
14:57:53.0828 2508 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:57:53.0828 2508 NIC1394 - ok
14:57:53.0875 2508 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
14:57:53.0875 2508 Nla - ok
14:57:53.0890 2508 nlsX86cc (b1ef4686961986dffb7fe8f18e6fcb5b) C:\WINDOWS\system32\nlssrv32.exe
14:57:53.0921 2508 nlsX86cc - ok
14:57:53.0937 2508 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:57:53.0937 2508 Npfs - ok
14:57:53.0953 2508 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:57:53.0953 2508 Ntfs - ok
14:57:53.0953 2508 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:57:53.0953 2508 NtLmSsp - ok
14:57:53.0984 2508 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
14:57:53.0984 2508 NtmsSvc - ok
14:57:54.0015 2508 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:57:54.0015 2508 Null - ok
14:57:54.0046 2508 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:57:54.0046 2508 NwlnkFlt - ok
14:57:54.0062 2508 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:57:54.0062 2508 NwlnkFwd - ok
14:57:54.0171 2508 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:57:54.0187 2508 odserv - ok
14:57:54.0203 2508 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:57:54.0203 2508 ohci1394 - ok
14:57:54.0218 2508 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:57:54.0250 2508 ose - ok
14:57:54.0265 2508 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
14:57:54.0265 2508 Parport - ok
14:57:54.0265 2508 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:57:54.0265 2508 PartMgr - ok
14:57:54.0296 2508 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:57:54.0296 2508 ParVdm - ok
14:57:54.0312 2508 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:57:54.0312 2508 PCI - ok
14:57:54.0312 2508 PCIDump - ok
14:57:54.0343 2508 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:57:54.0343 2508 PCIIde - ok
14:57:54.0359 2508 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:57:54.0359 2508 Pcmcia - ok
14:57:54.0359 2508 PDCOMP - ok
14:57:54.0359 2508 PDFRAME - ok
14:57:54.0359 2508 PDRELI - ok
14:57:54.0375 2508 PDRFRAME - ok
14:57:54.0375 2508 perc2 - ok
14:57:54.0375 2508 perc2hib - ok
14:57:54.0484 2508 PEVSystemStart (f042ee4c8d66248d9b86dcf52abae416) C:\ComboFix\pev.3XE
14:57:54.0484 2508 PEVSystemStart - ok
14:57:54.0515 2508 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:57:54.0515 2508 PlugPlay - ok
14:57:54.0546 2508 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:57:54.0546 2508 PolicyAgent - ok
14:57:54.0562 2508 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:57:54.0562 2508 PptpMiniport - ok
14:57:54.0562 2508 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:57:54.0562 2508 ProtectedStorage - ok
14:57:54.0578 2508 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:57:54.0578 2508 PSched - ok
14:57:54.0578 2508 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:57:54.0578 2508 Ptilink - ok
14:57:54.0593 2508 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:57:54.0593 2508 PxHelp20 - ok
14:57:54.0609 2508 ql1080 - ok
14:57:54.0609 2508 Ql10wnt - ok
14:57:54.0609 2508 ql12160 - ok
14:57:54.0625 2508 ql1240 - ok
14:57:54.0625 2508 ql1280 - ok
14:57:54.0640 2508 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:57:54.0656 2508 RasAcd - ok
14:57:54.0671 2508 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
14:57:54.0671 2508 RasAuto - ok
14:57:54.0703 2508 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:57:54.0703 2508 Rasl2tp - ok
14:57:54.0734 2508 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
14:57:54.0734 2508 RasMan - ok
14:57:54.0750 2508 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:57:54.0750 2508 RasPppoe - ok
14:57:54.0750 2508 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:57:54.0750 2508 Raspti - ok
14:57:54.0765 2508 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:57:54.0765 2508 Rdbss - ok
14:57:54.0781 2508 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:57:54.0781 2508 RDPCDD - ok
14:57:54.0796 2508 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:57:54.0796 2508 rdpdr - ok
14:57:54.0812 2508 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
14:57:54.0812 2508 RDPWD - ok
14:57:54.0828 2508 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
14:57:54.0828 2508 RDSessMgr - ok
14:57:54.0859 2508 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:57:54.0859 2508 redbook - ok
14:57:54.0875 2508 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
14:57:54.0890 2508 RemoteAccess - ok
14:57:54.0906 2508 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
14:57:54.0906 2508 RemoteRegistry - ok
14:57:54.0921 2508 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
14:57:54.0921 2508 RpcLocator - ok
14:57:54.0937 2508 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
14:57:54.0937 2508 RpcSs - ok
14:57:54.0968 2508 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
14:57:54.0968 2508 RSVP - ok
14:57:55.0000 2508 RTLWUSB (5a850259b849a899990379a75460a4eb) C:\WINDOWS\system32\DRIVERS\RTL8187.sys
14:57:55.0000 2508 RTLWUSB - ok
14:57:55.0031 2508 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:57:55.0031 2508 SamSs - ok
14:57:55.0125 2508 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:57:55.0218 2508 SASDIFSV - ok
14:57:55.0234 2508 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
14:57:55.0281 2508 SASKUTIL - ok
14:57:55.0500 2508 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
14:57:55.0515 2508 SCardSvr - ok
14:57:55.0546 2508 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
14:57:55.0562 2508 Schedule - ok
14:57:55.0593 2508 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:57:55.0593 2508 Secdrv - ok
14:57:55.0609 2508 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
14:57:55.0609 2508 seclogon - ok
14:57:55.0640 2508 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
14:57:55.0640 2508 SENS - ok
14:57:55.0656 2508 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:57:55.0656 2508 serenum - ok
14:57:55.0656 2508 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:57:55.0656 2508 Serial - ok
14:57:55.0671 2508 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:57:55.0671 2508 Sfloppy - ok
14:57:55.0718 2508 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
14:57:55.0718 2508 SharedAccess - ok
14:57:55.0765 2508 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:57:55.0765 2508 ShellHWDetection - ok
14:57:55.0765 2508 Simbad - ok
14:57:55.0796 2508 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:57:55.0796 2508 SLIP - ok
14:57:55.0828 2508 snapman (98b44c15b4eed76aa8dccb64a4ca11af) C:\WINDOWS\system32\DRIVERS\snapman.sys
14:57:55.0828 2508 snapman - ok
14:57:55.0828 2508 Sparrow - ok
14:57:55.0875 2508 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:57:55.0875 2508 splitter - ok
14:57:55.0890 2508 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
14:57:55.0890 2508 Spooler - ok
14:57:55.0890 2508 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:57:55.0890 2508 sr - ok
14:57:55.0906 2508 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
14:57:55.0906 2508 srservice - ok
14:57:55.0921 2508 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:57:55.0937 2508 Srv - ok
14:57:55.0937 2508 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
14:57:55.0937 2508 SSDPSRV - ok
14:57:55.0953 2508 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
14:57:55.0953 2508 stisvc - ok
14:57:55.0968 2508 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:57:55.0968 2508 streamip - ok
14:57:55.0984 2508 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:57:55.0984 2508 swenum - ok
14:57:56.0000 2508 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:57:56.0000 2508 swmidi - ok
14:57:56.0000 2508 SwPrv - ok
14:57:56.0000 2508 symc810 - ok
14:57:56.0015 2508 symc8xx - ok
14:57:56.0015 2508 sym_hi - ok
14:57:56.0015 2508 sym_u3 - ok
14:57:56.0046 2508 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:57:56.0046 2508 sysaudio - ok
14:57:56.0062 2508 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
14:57:56.0062 2508 SysmonLog - ok
14:57:56.0109 2508 TabletServicePen (dad1a4d96291139c0f834b138320e475) C:\WINDOWS\system32\Pen_Tablet.exe
14:57:56.0125 2508 TabletServicePen - ok
14:57:56.0140 2508 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
14:57:56.0140 2508 TapiSrv - ok
14:57:56.0187 2508 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:57:56.0203 2508 Tcpip - ok
14:57:56.0218 2508 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:57:56.0218 2508 TDPIPE - ok
14:57:56.0218 2508 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:57:56.0234 2508 TDTCP - ok
14:57:56.0234 2508 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:57:56.0234 2508 TermDD - ok
14:57:56.0234 2508 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
14:57:56.0250 2508 TermService - ok
14:57:56.0281 2508 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:57:56.0281 2508 Themes - ok
14:57:56.0312 2508 timounter (d8a96d0e25d43fdac3bed09adf39fde9) C:\WINDOWS\system32\DRIVERS\timntr.sys
14:57:56.0328 2508 timounter - ok
14:57:56.0359 2508 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
14:57:56.0359 2508 TlntSvr - ok
14:57:56.0359 2508 TosIde - ok
14:57:56.0359 2508 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
14:57:56.0375 2508 TrkWks - ok
14:57:56.0375 2508 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:57:56.0375 2508 Udfs - ok
14:57:56.0375 2508 ultra - ok
14:57:56.0421 2508 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:57:56.0421 2508 Update - ok
14:57:56.0453 2508 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
14:57:56.0453 2508 upnphost - ok
14:57:56.0484 2508 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
14:57:56.0484 2508 UPS - ok
14:57:56.0500 2508 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
14:57:56.0609 2508 USBAAPL - ok
14:57:56.0625 2508 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:57:56.0625 2508 usbccgp - ok
14:57:56.0671 2508 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:57:56.0671 2508 usbehci - ok
14:57:56.0671 2508 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:57:56.0671 2508 usbhub - ok
14:57:56.0687 2508 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:57:56.0687 2508 usbprint - ok
14:57:56.0703 2508 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:57:56.0703 2508 usbscan - ok
14:57:56.0703 2508 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:57:56.0703 2508 usbstor - ok
14:57:56.0734 2508 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:57:56.0734 2508 usbuhci - ok
14:57:56.0750 2508 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:57:56.0750 2508 VgaSave - ok
14:57:56.0750 2508 ViaIde - ok
14:57:56.0781 2508 vididr (149ec3e217f9d11e9ca6c54ce3d70c73) C:\WINDOWS\system32\DRIVERS\vididr.sys
14:57:56.0781 2508 vididr - ok
14:57:56.0812 2508 vidsflt53 (e31e9cd40677b84b3adaa7a0d80dc439) C:\WINDOWS\system32\DRIVERS\vsflt53.sys
14:57:56.0812 2508 vidsflt53 - ok
14:57:56.0812 2508 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:57:56.0812 2508 VolSnap - ok
14:57:56.0843 2508 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
14:57:56.0843 2508 VSS - ok
14:57:56.0859 2508 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
14:57:56.0859 2508 W32Time - ok
14:57:56.0890 2508 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
14:57:56.0906 2508 wacommousefilter - ok
14:57:56.0937 2508 wacomvhid (73e6f16a1f187d71fb26af308551e54a) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
14:57:56.0937 2508 wacomvhid - ok
14:57:56.0953 2508 WacomVKHid (889459833432b161cb99cfdf84a1a9bb) C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
14:57:56.0953 2508 WacomVKHid - ok
14:57:56.0953 2508 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:57:56.0953 2508 Wanarp - ok
14:57:56.0984 2508 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
14:57:56.0984 2508 WDC_SAM - ok
14:57:56.0984 2508 WDICA - ok
14:57:57.0000 2508 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:57:57.0000 2508 wdmaud - ok
14:57:57.0015 2508 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
14:57:57.0015 2508 WebClient - ok
14:57:57.0062 2508 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
14:57:57.0062 2508 winmgmt - ok
14:57:57.0093 2508 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
14:57:57.0109 2508 WinRM - ok
14:57:57.0125 2508 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
14:57:57.0125 2508 WmdmPmSN - ok
14:57:57.0156 2508 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
14:57:57.0171 2508 Wmi - ok
14:57:57.0187 2508 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:57:57.0187 2508 WmiApSrv - ok
14:57:57.0281 2508 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
14:57:57.0281 2508 WMPNetworkSvc - ok
14:57:57.0390 2508 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:57:57.0406 2508 WPFFontCache_v0400 - ok
14:57:57.0437 2508 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:57:57.0437 2508 WS2IFSL - ok
14:57:57.0484 2508 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
14:57:57.0484 2508 wscsvc - ok
14:57:57.0484 2508 WSearch - ok
14:57:57.0515 2508 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:57:57.0515 2508 WSTCODEC - ok
14:57:57.0515 2508 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
14:57:57.0531 2508 wuauserv - ok
14:57:57.0546 2508 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:57:57.0562 2508 WudfPf - ok
14:57:57.0578 2508 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:57:57.0578 2508 WudfRd - ok
14:57:57.0578 2508 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
14:57:57.0578 2508 WudfSvc - ok
14:57:57.0625 2508 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
14:57:57.0625 2508 WZCSVC - ok
14:57:57.0640 2508 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
14:57:57.0640 2508 xmlprov - ok
14:57:57.0640 2508 yksvc - ok
14:57:57.0687 2508 yukonwxp (f364e873c0f30e874aa4b1c919016af6) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
14:57:57.0687 2508 yukonwxp - ok
14:57:57.0703 2508 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
14:57:57.0875 2508 \Device\Harddisk0\DR0 - ok
14:57:57.0875 2508 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
14:57:57.0875 2508 \Device\Harddisk1\DR1 - ok
14:57:57.0875 2508 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
14:57:57.0875 2508 \Device\Harddisk2\DR2 - ok
14:57:57.0875 2508 Boot (0x1200) (0f6acec14c5d25354ae20fdbdeed4479) \Device\Harddisk0\DR0\Partition0
14:57:57.0875 2508 \Device\Harddisk0\DR0\Partition0 - ok
14:57:57.0875 2508 Boot (0x1200) (c970b1e7e9ea2e21530edde5d685c48a) \Device\Harddisk1\DR1\Partition0
14:57:57.0890 2508 \Device\Harddisk1\DR1\Partition0 - ok
14:57:57.0890 2508 Boot (0x1200) (618ff54df6fec8d80d12f80a1bb6c9ee) \Device\Harddisk2\DR2\Partition0
14:57:57.0890 2508 \Device\Harddisk2\DR2\Partition0 - ok
14:57:57.0890 2508 ============================================================
14:57:57.0890 2508 Scan finished
14:57:57.0890 2508 ============================================================
14:57:57.0890 5940 Detected object count: 0
14:57:57.0890 5940 Actual detected object count: 0

#11 Snaejneerg

Snaejneerg
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 AM

Posted 27 March 2012 - 02:21 PM

...and here's the aswMBR log. Let me know what else you need!

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-27 15:12:18
-----------------------------
15:12:18.250 OS Version: Windows 5.1.2600 Service Pack 3
15:12:18.250 Number of processors: 4 586 0x170A
15:12:18.250 ComputerName: INVINC-10 UserName:
15:12:18.796 Initialize success
15:12:58.312 AVAST engine defs: 12032701
15:13:34.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-a
15:13:34.859 Disk 0 Vendor: WDC_WD5002AALX-00J37A0 15.01H15 Size: 476940MB BusType: 3
15:13:34.859 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T1L0-12
15:13:34.859 Disk 1 Vendor: Hitachi_HDT725025VLA380 V5DOA52A Size: 238475MB BusType: 3
15:13:34.859 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP5T0L0-1e
15:13:34.859 Disk 2 Vendor: External_Disk_0 RGL10364 Size: 238475MB BusType: 3
15:13:34.984 Disk 0 MBR read successfully
15:13:34.984 Disk 0 MBR scan
15:13:35.015 Disk 0 Windows XP default MBR code
15:13:35.031 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476939 MB offset 2048
15:13:35.031 Disk 0 scanning sectors +976773120
15:13:35.078 Disk 0 scanning C:\WINDOWS\system32\drivers
15:13:41.234 Service scanning
15:13:51.921 Modules scanning
15:13:55.781 Disk 0 trace - called modules:
15:13:55.781 NTKRNLMP.EXE CLASSPNP.SYS disk.sys vsflt53.sys HALMACPI.DLL atapi.sys pciide.sys PCIIDEX.SYS
15:13:55.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfcc21ab8]
15:13:55.781 3 CLASSPNP.SYS[f6237fd7] -> nt!IofCallDriver -> [0xfcc559e0]
15:13:55.781 5 vsflt53.sys[f615fc2b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-a[0xfcc75d98]
15:13:56.593 AVAST engine scan C:\WINDOWS
15:14:03.703 AVAST engine scan C:\WINDOWS\system32
15:15:57.171 AVAST engine scan C:\WINDOWS\system32\drivers
15:16:07.828 AVAST engine scan C:\Documents and Settings\George N. Cahill III
15:17:09.625 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\George N. Cahill III\Desktop\BLEEPING\MBR.dat"
15:17:09.625 The log file has been saved successfully to "C:\Documents and Settings\George N. Cahill III\Desktop\BLEEPING\aswMBR_log.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:52 AM

Posted 27 March 2012 - 05:43 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Snaejneerg

Snaejneerg
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 AM

Posted 27 March 2012 - 07:52 PM

Here's the OTL log...ran without a hitch.

OTL logfile created on: 3/27/2012 6:56:30 PM - Run 3
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Documents and Settings\George N. Cahill III\Desktop\BLEEPING
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.12 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 77.54% Memory free
5.00 Gb Paging File | 4.37 Gb Available in Paging File | 87.55% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 361.43 Gb Free Space | 77.60% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 42.57 Gb Free Space | 18.28% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 56.91 Gb Free Space | 24.44% Space Free | Partition Type: NTFS
Drive Z: | 915.91 Gb Total Space | 405.82 Gb Free Space | 44.31% Space Free | Partition Type: NTFS

Computer Name: INVINC-10 | User Name: George N. Cahill III | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\George N. Cahill III\Desktop\BLEEPING\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\WINDOWS\system32\nlssrv32.exe (Nalpeiron Ltd.)
PRC - C:\Program Files\Matrox Mx.tools\system\mveXinfo.exe (Matrox Electronic Systems)
PRC - C:\Program Files\Matrox Mx.tools\system\mveShellExtensionServer.exe (Matrox Electronic Systems Ltd.)
PRC - C:\Program Files\Matrox Mx.tools\WYSIWYG Plug-ins\mveServerTrayApp.exe (Matrox Electronic Systems)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\lxcjcoms.exe ( )


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - c:\Program Files\Matrox Mx.tools\system\MvxTimecode.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcjhpec.dll ()
MOD - C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcjflib.dll ()
MOD - C:\Program Files\Lexmark 8300 Series\lxcjcnv4.dll ()
MOD - C:\WINDOWS\system32\crnxmon.dll ()
MOD - C:\WINDOWS\system32\mqisnmp.dll ()


========== Win32 Services (SafeList) ==========

SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (PEVSystemStart) -- C:\ComboFix\pev.3XE ()
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (nlsX86cc) -- C:\WINDOWS\system32\nlssrv32.exe (Nalpeiron Ltd.)
SRV - (Adobe Version Cue CS4) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (mvOptimizerService) -- c:\Program Files\Matrox Mx.tools\system\mvOptimizerService.exe (Matrox Electronic Systems)
SRV - (TabletServicePen) -- C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (lxcj_device) -- C:\WINDOWS\System32\lxcjcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (MtxVxd) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (cpuz134) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- File not found
DRV - (AtiHDAudioService) -- File not found
DRV - (aswMBR) -- File not found
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (mvkPciOptimizer) -- C:\Program Files\Matrox Mx.tools\system\drivers\mvkPciOptimizer.sys (Matrox Electronic Systems)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (vididr) -- C:\WINDOWS\system32\DRIVERS\vididr.sys (Acronis)
DRV - (vidsflt53) Acronis Disk Storage Filter (53) -- C:\WINDOWS\system32\DRIVERS\vsflt53.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (mvkOutput) -- C:\WINDOWS\system32\drivers\mvkOutput.sys (Matrox Electronic Systems)
DRV - (mvkTransfer) -- C:\WINDOWS\system32\drivers\mvkTransfer.sys (Matrox Electronic Systems)
DRV - (mvkSystemClock) -- C:\WINDOWS\system32\drivers\mvkSystemClock.sys (Matrox Electronic Systems)
DRV - (mvkBus) -- C:\WINDOWS\system32\drivers\mvkBus.sys (Matrox Electronic Systems)
DRV - (mvkOnBrdIOdsxle) -- C:\WINDOWS\system32\drivers\mvkOnBrdIOdsxle.sys (Matrox Electronic Systems)
DRV - (mvkMisc) -- C:\WINDOWS\system32\drivers\mvkMisc.sys (Matrox Electronic Systems)
DRV - (mvkInput) -- C:\WINDOWS\system32\drivers\mvkInput.sys (Matrox Electronic Systems)
DRV - (mvkLQScaler) -- C:\WINDOWS\system32\drivers\mvkLQScaler.sys (Matrox Electronic Systems)
DRV - (mvkMemManager) -- C:\WINDOWS\system32\drivers\mvkMemManager.sys (Matrox Electronic Systems)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (RTLWUSB) -- C:\WINDOWS\system32\drivers\RTL8187.sys (Realtek Semiconductor Corporation )
DRV - (MSTAPE) -- C:\WINDOWS\system32\drivers\mstape.sys (Microsoft Corporation)
DRV - (AVCSTRM) -- C:\WINDOWS\system32\drivers\avcstrm.sys (Microsoft Corporation)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\AtiHdAud.sys (ATI Research Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ATIAVAIW) -- C:\WINDOWS\system32\drivers\atinavt2.sys (ATI Technologies Inc.)
DRV - (JRAID) -- C:\WINDOWS\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (JGOGO) -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys (JMicron )
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1078081533-1592454029-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lynda.com/Member.aspx
IE - HKU\S-1-5-21-1078081533-1592454029-725345543-1003\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
IE - HKU\S-1-5-21-1078081533-1592454029-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1078081533-1592454029-725345543-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={4D26260A-B67D-4B79-A269-D162A2E543C2}&mid=b737a8df676a4c2ff7f5f8a0dfc00b5a-3f15c94c7d65e7c5f8500beb16fd6c42d18b057c&lang=en&ds=AVG&pr=fr&d=2011-09-23 09:48:39&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1078081533-1592454029-725345543-1003\..\SearchScopes\{AAFF82CB-F5B0-4029-8E61-56617D7DD697}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox
IE - HKU\S-1-5-21-1078081533-1592454029-725345543-1003\..\SearchScopes\{F4A830A1-9120-4C9D-B07D-09863956202A}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-1078081533-1592454029-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1078081533-1592454029-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://refdesk.com/"
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7Bf84ab98d-d8b0-4c9e-aed3-afac75f0991f%7D&mid=b737a8df676a4c2ff7f5f8a0dfc00b5a-3f15c94c7d65e7c5f8500beb16fd6c42d18b057c&ds=AVG&v=8.0.0.34.1&lang=en&pr=fr&d=2011-09-23%2009%3A48%3A39&sap=ku&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 10:16:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/18 09:44:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/20 03:14:27 | 000,000,000 | ---D | M]

[2011/02/16 15:44:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\George N. Cahill III\Application Data\Mozilla\Extensions
[2012/02/12 11:06:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\George N. Cahill III\Application Data\Mozilla\Firefox\Profiles\4qihyyye.default\extensions
[2011/08/26 12:06:13 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\George N. Cahill III\Application Data\Mozilla\Firefox\Profiles\4qihyyye.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/02/16 15:52:25 | 000,002,466 | ---- | M] () -- C:\Documents and Settings\George N. Cahill III\Application Data\Mozilla\Firefox\Profiles\4qihyyye.default\searchplugins\aviary.xml
[2011/11/09 09:56:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\GEORGE N. CAHILL III\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QIHYYYE.DEFAULT\EXTENSIONS\{AFF87FA2-A58E-4EDD-B852-0A20203C1E17}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\GEORGE N. CAHILL III\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4QIHYYYE.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012/03/18 09:44:04 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/19 05:03:44 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/10/01 23:43:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 09:56:48 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/27 01:06:55 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-1078081533-1592454029-725345543-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LXCJCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.DLL ()
O4 - HKLM..\Run: [mveShellExtensionServer] C:\Program Files\Matrox Mx.tools\system\mveShellExtensionServer.exe (Matrox Electronic Systems Ltd.)
O4 - HKLM..\Run: [MveXinfo] C:\Program Files\Matrox Mx.tools\system\MveXinfo.exe (Matrox Electronic Systems)
O4 - HKLM..\Run: [ServerTrayApp] C:\Program Files\Matrox Mx.tools\WYSIWYG Plug-ins\mveServerTrayApp.exe (Matrox Electronic Systems)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-1592454029-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1078081533-1592454029-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O7 - HKU\S-1-5-21-1078081533-1592454029-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-21-1078081533-1592454029-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 0
O7 - HKU\S-1-5-21-1078081533-1592454029-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 1
O7 - HKU\S-1-5-21-1078081533-1592454029-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-21-1078081533-1592454029-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1078081533-1592454029-725345543-1003\..Trusted Domains: matrox.com ([hftp] ftp in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFE05CC6-880F-4BF2-A196-3E707640248E}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/17 17:04:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{04a04728-8706-11e0-b9c5-001d604f8293}\Shell - "" = AutoRun
O33 - MountPoints2\{04a04728-8706-11e0-b9c5-001d604f8293}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{04a04728-8706-11e0-b9c5-001d604f8293}\Shell\AutoRun\command - "" = "O:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{e84e9eee-0b07-11e1-ba16-001d604f8293}\Shell - "" = AutoRun
O33 - MountPoints2\{e84e9eee-0b07-11e1-ba16-001d604f8293}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e84e9eee-0b07-11e1-ba16-001d604f8293}\Shell\AutoRun\command - "" = E:\iStudio.exe
O34 - HKLM BootExecute: (autocheck xmnt2002 /bat="C:\WINDOWS\TEMP\PQ_BATCH.PQB" /win="C:\WINDOWS" /dbg="C:\WINDOWS\TEMP\PQ_DEBUG.TXT" /ver=262144 /prd="PartitionMagic")
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/27 07:54:19 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/03/27 07:47:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/03/27 01:02:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/03/25 22:02:47 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/03/25 22:00:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/03/25 22:00:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/03/25 22:00:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/03/25 22:00:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/03/25 22:00:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/25 21:59:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/19 13:07:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/03/15 11:17:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George N. Cahill III\Application Data\SUPERAntiSpyware.com
[2012/03/15 10:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/03/15 10:18:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/03/15 10:18:21 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/13 20:54:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George N. Cahill III\Desktop\BLEEPING
[2012/03/13 15:13:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2012/03/12 16:32:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2012/03/12 15:51:15 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/12 15:38:24 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/03/12 00:16:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2012/03/12 00:10:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/03/11 23:41:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/03/05 12:52:26 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2012/03/05 00:22:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George N. Cahill III\My Documents\My Practice Files
[2012/03/04 19:47:58 | 000,000,000 | ---D | C] -- C:\Program Files\MALWAREBYTES ANTI-MALWARE
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/27 18:51:29 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\George N. Cahill III\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2012/03/27 18:40:44 | 092,834,270 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/03/27 18:40:16 | 000,385,096 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/03/27 18:26:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/27 15:44:11 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\George N. Cahill III\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/27 14:32:31 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2012/03/27 14:32:31 | 000,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll
[2012/03/27 14:32:31 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2012/03/27 14:32:31 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll
[2012/03/27 14:32:30 | 000,000,021 | ---- | M] () -- C:\WINDOWS\SurCode.INI
[2012/03/27 08:41:57 | 000,012,718 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/27 08:41:23 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/27 08:40:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/27 01:06:55 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/03/25 22:13:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\LOCALSYS64.EXE
[2012/03/25 22:02:53 | 000,000,367 | RHS- | M] () -- C:\boot.ini
[2012/03/25 00:21:09 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2012/03/25 00:19:14 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2012/03/22 14:51:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/21 00:30:19 | 000,436,491 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120321-010155.backup
[2012/03/20 11:42:55 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\George N. Cahill III\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/03/18 23:56:59 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\George N. Cahill III\defogger_reenable
[2012/03/14 09:46:17 | 003,494,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/14 03:14:27 | 000,436,491 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120321-003019.backup
[2012/03/14 03:01:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/14 00:30:22 | 000,436,491 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120314-031427.backup
[2012/03/13 15:34:38 | 000,000,251 | ---- | M] () -- C:\Boot.bak
[2012/03/12 16:45:50 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/11 22:21:29 | 000,526,602 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/11 22:21:29 | 000,096,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/07 09:24:49 | 000,436,491 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120314-003022.backup
[2012/03/07 01:30:13 | 000,436,491 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120307-082449.backup
[2012/03/05 13:19:12 | 000,436,491 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120307-003013.backup
[2012/03/05 13:18:56 | 000,436,491 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120305-121912.backup
[2012/03/05 13:14:01 | 000,000,082 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012/03/04 19:49:14 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\George N. Cahill III\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/03/04 00:51:20 | 000,000,884 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120305-121856.backup
[2012/03/02 12:10:02 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\George N. Cahill III\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2012/03/01 23:48:28 | 000,067,160 | ---- | M] () -- C:\Documents and Settings\George N. Cahill III\Desktop\Lauren-FSU.ogg
[2012/03/01 23:47:12 | 000,082,682 | ---- | M] () -- C:\Documents and Settings\George N. Cahill III\Desktop\Lauren Fontaine.pdf
[2012/02/29 14:09:57 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/02/28 12:20:54 | 000,000,522 | ---- | M] () -- C:\WINDOWS\LUW2.INI
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/25 22:13:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\LOCALSYS64.EXE
[2012/03/25 22:02:51 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/03/25 22:00:47 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/03/25 22:00:47 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/03/25 22:00:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/03/25 22:00:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/03/25 22:00:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/03/20 11:42:55 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\George N. Cahill III\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/03/18 23:56:59 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\George N. Cahill III\defogger_reenable
[2012/03/12 14:43:26 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\d3d9caps.dat
[2012/03/11 20:11:16 | 000,061,528 | ---- | C] () -- C:\Documents and Settings\George N. Cahill III\Desktop\WRONG_BK.WAV
[2012/03/05 13:14:01 | 000,000,082 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/03/01 23:48:27 | 000,067,160 | ---- | C] () -- C:\Documents and Settings\George N. Cahill III\Desktop\Lauren-FSU.ogg
[2012/03/01 23:47:10 | 000,082,682 | ---- | C] () -- C:\Documents and Settings\George N. Cahill III\Desktop\Lauren Fontaine.pdf
[2012/02/19 01:46:01 | 000,028,342 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2012/02/14 17:20:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/30 00:49:43 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2011/12/05 11:55:02 | 000,000,082 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2011/10/25 22:21:48 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\OVDecoder.dll
[2011/10/18 12:09:58 | 000,000,289 | ---- | C] () -- C:\WINDOWS\EReg077.dat
[2011/10/18 11:27:52 | 000,000,522 | ---- | C] () -- C:\WINDOWS\LUW2.INI
[2011/08/27 12:27:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Woodwinds
[2011/08/27 12:27:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Woodwind
[2011/08/27 12:27:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Widgets
[2011/08/27 12:27:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\George N. Cahill III\Application Data\Vocals
[2011/08/27 12:27:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\George N. Cahill III\Application Data\Vocal Transformer
[2011/08/27 12:27:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vhosts
[2011/08/27 12:27:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\User Pictures
[2011/08/27 12:27:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Templates
[2011/08/27 12:27:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\manual
[2011/08/27 12:27:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\laserjet
[2011/08/08 17:02:18 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/01 11:25:58 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011/06/17 00:17:53 | 002,333,908 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1078081533-1592454029-725345543-1003-0.dat
[2011/05/24 23:44:26 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/04/06 18:21:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX2.INI
[2011/04/04 13:33:31 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\George N. Cahill III\Local Settings\Application Data\fusioncache.dat
[2011/03/12 15:30:10 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjserv.dll
[2011/03/12 15:30:10 | 001,122,304 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjusb1.dll
[2011/03/12 15:30:10 | 000,630,784 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjpmui.dll
[2011/03/12 15:30:10 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjprox.dll
[2011/03/12 15:30:10 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjpplc.dll
[2011/03/12 15:30:10 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcjvs.dll
[2011/03/12 15:30:09 | 000,770,048 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjhbn3.dll
[2011/03/12 15:30:09 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjcomc.dll
[2011/03/12 15:30:09 | 000,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjlmpm.dll
[2011/03/12 15:30:09 | 000,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjcoms.exe
[2011/03/12 15:30:09 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjcomm.dll
[2011/03/12 15:30:09 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjih.exe
[2011/03/12 15:30:09 | 000,368,640 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjcfg.exe
[2011/03/03 12:09:08 | 000,168,960 | ---- | C] () -- C:\WINDOWS\System32\crnxmon.dll
[2011/03/03 12:09:08 | 000,131,584 | ---- | C] () -- C:\WINDOWS\System32\crnxutil.dll
[2011/03/03 12:09:08 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\mqisnmp.dll
[2011/02/24 23:02:03 | 001,143,076 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/02/19 21:47:38 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Sync Services
[2011/02/19 21:47:38 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\George N. Cahill III\Application Data\Strings
[2011/02/19 21:47:38 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLck.DAT
[2011/02/19 21:47:36 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Synth Basics
[2011/02/19 21:47:36 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\George N. Cahill III\Application Data\Super Strings
[2011/02/19 21:39:54 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2011/02/19 21:19:54 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\People
[2011/02/19 21:19:54 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Pedal Hard
[2011/02/19 21:19:54 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\George N. Cahill III\Application Data\PDEs
[2011/02/19 21:19:54 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\PageLibraries
[2011/02/19 21:19:54 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\George N. Cahill III\Application Data\Overdrive
[2011/02/19 21:19:54 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\George N. Cahill III\Application Data\Organs
[2011/02/19 21:19:54 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Podcasting
[2011/02/19 21:19:54 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Plug-Ins
[2011/02/19 21:19:54 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Plants
[2011/02/19 21:19:54 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
[2011/02/19 21:19:54 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
[2011/02/19 21:19:54 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT
[2011/02/17 20:34:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/02/17 20:34:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2011/02/17 15:29:02 | 000,000,097 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2011/02/16 15:44:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/26 10:50:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2010/08/25 21:37:19 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\George N. Cahill III\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/18 18:56:22 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2010/08/18 17:17:04 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Organic
[2010/08/18 17:17:04 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\George N. Cahill III\Application Data\Nature
[2010/08/18 17:17:04 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010/08/18 17:17:04 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Percussion Kit
[2010/08/18 17:15:51 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\NetServices
[2010/08/18 17:15:51 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\George N. Cahill III\Application Data\Metadata Importer
[2010/08/18 17:15:51 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/08/18 17:15:51 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\PPD Plugins
[2010/08/18 12:16:56 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2010/08/18 12:16:56 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2010/08/18 12:16:56 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2010/08/18 12:16:56 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2010/08/18 12:16:56 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2010/08/18 12:16:56 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SurCode.INI
[2010/08/17 21:40:16 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010/08/17 21:40:16 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/08/17 18:12:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/08/17 18:03:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/08/17 18:03:45 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/08/17 18:03:42 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/08/17 18:03:39 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2010/08/17 18:03:39 | 000,133,246 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/08/17 17:19:59 | 000,028,774 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2010/08/17 17:17:05 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/08/17 17:16:58 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/08/17 17:06:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/17 17:01:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/08/17 12:31:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/17 12:28:37 | 003,494,464 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

< End of report >

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:52 AM

Posted 27 March 2012 - 08:36 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    [2011/02/16 15:52:25 | 000,002,466 | ---- | M] () -- C:\Documents and Settings\George N. Cahill III\Application Data\Mozilla\Firefox\Profiles\4qihyyye.default\searchplugins\aviary.xml
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Snaejneerg

Snaejneerg
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 AM

Posted 27 March 2012 - 09:40 PM

Here's the results of the OTL Run/Fix...Enjoy!

========== OTL ==========
C:\Documents and Settings\George N. Cahill III\Application Data\Mozilla\Firefox\Profiles\4qihyyye.default\searchplugins\aviary.xml moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\George N. Cahill III\Desktop\BLEEPING\cmd.bat deleted successfully.
C:\Documents and Settings\George N. Cahill III\Desktop\BLEEPING\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: George N. Cahill III
->Java cache emptied: 13477 bytes

User: LocalService
->Java cache emptied: 13 bytes

User: NetworkService

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: George N. Cahill III
->Flash cache emptied: 9465 bytes

User: LocalService
->Flash cache emptied: 5928 bytes

User: NetworkService
->Flash cache emptied: 8871 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.36.3 log created on 03272012_223803




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users