Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDSS Killer; Alureon variants, Orsam!rts infections


  • This topic is locked This topic is locked
16 replies to this topic

#1 thirdring

thirdring

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 27 March 2012 - 02:11 PM

XP laptop on home network; comcast modem, buffalo router/wireless. TDSS Killer keeps returning (malwarebytes deletes it), ran Kapersky TDSS killer removal tool also. Alureon variants being caught by MS Security: win32/Orsam!rts; win64/Alureon.gen!F;win32/Alureon.gen!AD;win64/Alurion.gen!J;win32/Alureon.FK.

How do I get these off the system, how do I improve security on network/laptop to protect against attack?
-------------------

dds file:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Admin at 9:03:26 on 2012-03-27
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2106 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\BUFFALO\Client Manager3\bwsvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Disk Speedup\DSUDefragSrv.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe
C:\Program Files\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe
C:\Program Files\Seagate\BlackArmorBackup\TimounterMonitor.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files\Nuance\PaperPort\pptd40nt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
C:\Program Files\BUFFALO\WLI-UC-G\SoftAP.exe
C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe" //mailurl:mailto:info@splitrailfenceco.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: CutePDF Form Filler Helper: {d41289f2-69c6-417b-897e-c653d677cbaf} - c:\program files\acro software\cutepdf pro\CPFillerCo.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] c:\documents and settings\all users\application data\flexnet\connect\11\ISUSPM.exe -scheduler
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [FtLnSOP_setup] c:\windows\twain_32\fjscan32\sop\FtLnSOP.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [BlackArmorBackupMonitor.exe] c:\program files\seagate\blackarmorbackup\BlackArmorBackupMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\seagate\blackarmorbackup\TimounterMonitor.exe
mRun: [Seagate Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized
mRun: [IndexSearch] "c:\program files\nuance\paperport\IndexSearch.exe"
mRun: [PaperPort PTD] "c:\program files\nuance\paperport\pptd40nt.exe"
mRun: [PPort12reminder] "c:\program files\nuance\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\12\config\ereg\Ereg.ini"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\admin\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\client~1.lnk - c:\program files\buffalo\client manager3\cm3_tray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\softwa~1.lnk - c:\program files\buffalo\wli-uc-g\SoftAP.exe
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Password Generator - file://c:\program files\siber systems\ai roboform\RoboFormComPasswordGenerator.html
IE: RoboForm Editor - file://c:\program files\siber systems\ai roboform\RoboFormComEditIdent.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Show RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F50} - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266265964140
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.11.1
TCP: Interfaces\{4563D89D-FCD3-4B08-8EE2-2E561B105F8F} : DhcpNameServer = 192.168.11.1
TCP: Interfaces\{AD8AF552-2A8E-47BC-8958-EA70E186C46E} : DhcpNameServer = 192.168.11.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\admin\application data\mozilla\firefox\profiles\umek52zr.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\documents and settings\admin\application data\mozilla\firefox\profiles\umek52zr.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\admin\application data\mozilla\firefox\profiles\umek52zr.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2010-9-28 26248]
R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2010-9-28 20616]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 165648]
R1 MpKslb0f16df0;MpKslb0f16df0;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e5d9a024-9e7e-45aa-9701-093e6a3a7ca7}\MpKslb0f16df0.sys [2012-3-27 29904]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2011-10-7 158512]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2011-10-7 91440]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2011-11-6 8576]
R2 DSUDiskOptimizer;DSUDiskOptimizer;c:\program files\disk speedup\DSUDefragSrv.exe [2011-11-12 668472]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-11-18 10448]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-8 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-2-1 47640]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-3-9 144672]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2010-9-2 618696]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [2011-11-12 45288]
R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [2010-9-28 122504]
R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [2011-11-12 6609920]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 ucgnsta;BUFFALO WLI-UC-GN Series Wireless LAN Driver;c:\windows\system32\drivers\ucgnsta.sys [2008-9-30 637952]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S0 cerc6;cerc6; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 APAIFILT;APAIFILT;c:\windows\system32\drivers\APAIFILT.SYS [2010-12-28 8952]
S3 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2010-9-28 14216]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 qcserxp;HTC Diagnostic Port;c:\windows\system32\drivers\qcserxp.sys [2011-1-8 103424]
S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcmdmxp.sys [2011-1-8 105984]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]
S3 ucgnap;BUFFALO WLI-UC-GN Wireless LAN Access Point Driver;c:\windows\system32\drivers\UCGNAP.SYS [2008-12-29 646912]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2012-03-27 13:57:26 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e5d9a024-9e7e-45aa-9701-093e6a3a7ca7}\MpKslb0f16df0.sys
2012-03-26 23:42:32 6582328 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e5d9a024-9e7e-45aa-9701-093e6a3a7ca7}\mpengine.dll
2012-03-23 00:53:33 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-23 00:53:33 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-13 14:19:36 -------- d-----w- c:\documents and settings\admin\local settings\application data\CutePDF Writer
2012-03-11 19:00:34 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-11 15:17:07 -------- d-----w- c:\documents and settings\admin\application data\Malwarebytes
2012-03-11 15:16:58 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-03-11 15:16:56 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-11 15:16:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-27 15:40:11 -------- d-----w- c:\program files\iPod
2012-02-27 15:40:04 -------- d-----w- c:\program files\iTunes
2012-02-27 15:30:49 -------- d-----w- c:\documents and settings\admin\local settings\application data\Apple
.
==================== Find3M ====================
.
2012-02-20 23:55:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-11 23:53:22 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-11 23:53:22 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-02-11 23:53:21 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-02-11 23:53:21 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-12-29 16:45:39 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
.
============= FINISH: 9:03:44.50 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:31 PM

Posted 28 March 2012 - 12:28 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Backup any files that cannot be replaced

If you have not done it yet spend a few minutes to backup any files that cannot be replaced. Removing malware can be unpredictable and this may save you and me allot of grief later.

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

you may want to backup the whole harddrive there is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the files backed up you may do the following.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 thirdring

thirdring
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 29 March 2012 - 08:03 AM

Gringo_pr:
Thanks for the guidance and instructions. closed malwarebytes, MS virus protection real time monitor, ran combofix with no interuptions. See log attached.

System is running normal, no redirections on browsers. Have not run scan software at this point.

As a computer lay person I do not know how to read the combofix log so I need your feedback on any results you see. Assuming this fixed the bugs, how do further protect the system from acquiring Alureon class and TDSS types? I have added Malwarebytes licensed version since this occurred originally. Apparently MS security did not catch it. In fact, when I ran Malwarebytes it caught the bugs and then ms security recognized them(?)in its quaranteen log.

Any feedback appreciated... and thanks for your service!

ComboFix 12-03-29.02 - Admin 03/29/2012 6:43.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1727 [GMT -6:00]
Running from: c:\documents and settings\Admin\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\umek52zr.default\searchplugins\bing-zugo.xml
c:\documents and settings\Admin\GoToAssistDownloadHelper.exe
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-29 )))))))))))))))))))))))))))))))
.
.
2012-03-28 13:56 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{175B2A19-3E94-4866-B3B3-EE7353C43F99}\mpengine.dll
2012-03-23 00:53 . 2012-03-23 00:53 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-23 00:53 . 2012-03-23 00:53 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-13 14:19 . 2012-03-27 19:38 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\CutePDF Writer
2012-03-11 19:00 . 2012-03-11 19:00 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-11 15:17 . 2012-03-11 15:17 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
2012-03-11 15:16 . 2012-03-11 15:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-03-11 15:16 . 2012-03-27 19:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-11 15:16 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-27 15:11 . 2012-03-27 15:11 4772 ----a-w- C:\attach.zip
2012-03-14 02:15 . 2010-03-05 21:30 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-20 23:55 . 2011-11-17 14:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-11 23:53 . 2011-02-01 15:13 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-02-11 23:53 . 2011-02-01 15:13 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-11 23:53 . 2011-02-01 15:13 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-02-11 23:53 . 2011-02-01 15:13 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-02-03 09:22 . 2008-04-14 07:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2010-02-15 22:55 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-11 19:06 . 2012-02-16 13:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2010-02-15 17:09 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-23 00:53 . 2011-10-02 17:29 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ------w- c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ------w- c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ------w- c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ------w- c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-03-18 108136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-29 7401472]
"NVHotkey"="nvHotkey.dll" [2006-10-29 73728]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-04-03 128232]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-05-21 1372160]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-05-21 1202448]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-07-20 505720]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2006-01-14 172032]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
"FtLnSOP_setup"="c:\windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe" [2005-01-06 212992]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"BlackArmorBackupMonitor.exe"="c:\program files\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe" [2010-09-02 4353688]
"AcronisTimounterMonitor"="c:\program files\Seagate\BlackArmorBackup\TimounterMonitor.exe" [2010-09-02 964496]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2010-09-02 377000]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-10-03 1409384]
"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]
"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]
"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-17 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584]
.
c:\documents and settings\Admin\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Admin\Application Data\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ClientManager3.lnk - c:\program files\BUFFALO\Client Manager3\cm3_tray.exe [2010-12-28 589312]
Software Router Setup tool.lnk - c:\program files\BUFFALO\WLI-UC-G\SoftAP.exe [2010-12-28 3387256]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-02-11 23:53 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"HP Software Update"=c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"FJTWAIN Setup"=c:\windows\Twain_32\fjscan32\FjtwSetup.exe /Station
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\Admin\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\BUFFALO\\Client Manager3\\AOSSWPS.exe"=
"c:\\Program Files\\Seagate\\BlackArmorBackup\\BlackArmorBackup.exe"=
"c:\\Program Files\\Seagate\\BlackArmor Discovery\\BlackArmor Discovery.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\BUFFALO\\Client Manager3\\bwsvc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\BUFFALO\\WLI-UC-G\\SoftAP.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [9/28/2010 12:03 PM 26248]
R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [9/28/2010 12:03 PM 20616]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [10/7/2011 10:00 PM 158512]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [10/7/2011 9:59 PM 91440]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [11/6/2011 8:58 AM 8576]
R2 DSUDiskOptimizer;DSUDiskOptimizer;c:\program files\Disk Speedup\DSUDefragSrv.exe [11/12/2011 10:49 AM 668472]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [11/18/2010 7:04 PM 10448]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [12/8/2010 2:11 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/17/2010 4:40 PM 12856]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/11/2012 9:16 AM 652360]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [3/9/2010 1:40 AM 144672]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [9/2/2010 1:20 PM 618696]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [11/12/2011 10:31 AM 45288]
R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [9/28/2010 12:03 PM 122504]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/11/2012 9:16 AM 20464]
R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [11/12/2011 10:33 AM 6609920]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]
R3 ucgnsta;BUFFALO WLI-UC-GN Series Wireless LAN Driver;c:\windows\system32\drivers\ucgnsta.sys [9/30/2008 10:24 PM 637952]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
S0 cerc6;cerc6; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S3 APAIFILT;APAIFILT;c:\windows\system32\drivers\APAIFILT.SYS [12/28/2010 8:15 PM 8952]
S3 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [9/28/2010 12:03 PM 14216]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880]
S3 qcserxp;HTC Diagnostic Port;c:\windows\system32\drivers\qcserxp.sys [1/8/2011 9:52 PM 103424]
S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcmdmxp.sys [1/8/2011 9:52 PM 105984]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [5/25/2009 4:43 PM 32408]
S3 ucgnap;BUFFALO WLI-UC-GN Wireless LAN Access Point Driver;c:\windows\system32\drivers\UCGNAP.SYS [12/29/2008 8:30 PM 646912]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 92362660
*NewlyCreated* - 99110608
*NewlyCreated* - IPFILTERDRIVER
*NewlyCreated* - KWWCRPOB
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - MBAMSERVICE
*NewlyCreated* - MPKSL9EB4866B
*Deregistered* - 92362660
*Deregistered* - 99110608
*Deregistered* - kwwcrpob
*Deregistered* - MpKsl9eb4866b
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-19 c:\windows\Tasks\AdvancedDriverUpdater.job
- c:\program files\Advanced Driver Updater\adu.exe [2011-11-12 18:33]
.
2012-03-28 c:\windows\Tasks\AdvancedDriverUpdater_UPDATES.job
- c:\program files\Advanced Driver Updater\adu.exe [2011-11-12 18:33]
.
2012-03-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2012-03-27 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-10-30 06:31]
.
2012-03-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 21:39]
.
2012-03-29 c:\windows\Tasks\User_Feed_Synchronization-{350CC3F2-72CF-4857-87A3-F5B2D9C78BD7}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:info@splitrailfenceco.com
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Password Generator - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
IE: RoboForm Editor - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.11.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\umek52zr.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-29 06:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1152)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\netprovcredman.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2012-03-29 06:50:15
ComboFix-quarantined-files.txt 2012-03-29 12:50
.
Pre-Run: 30,833,664,000 bytes free
Post-Run: 31,358,156,800 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 3C55628A374E63FF5B074E193AF4CD41

Attached Files


Edited by gringo_pr, 29 March 2012 - 11:10 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:31 PM

Posted 29 March 2012 - 11:12 AM

Greetings

Please don't attach the reports copy and paste the text like I did (see edit above)

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 thirdring

thirdring
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 31 March 2012 - 09:05 AM

Gringo:
Ran TDSS Killer and then ASWMBR (default was "quick scan"), results below:

TDSS KILLER:

08:19:31.0671 4436 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
08:19:32.0125 4436 ============================================================
08:19:32.0125 4436 Current date / time: 2012/03/30 08:19:32.0125
08:19:32.0125 4436 SystemInfo:
08:19:32.0125 4436
08:19:32.0125 4436 OS Version: 5.1.2600 ServicePack: 3.0
08:19:32.0125 4436 Product type: Workstation
08:19:32.0125 4436 ComputerName: ADMIN-0C08391F0
08:19:32.0125 4436 UserName: Admin
08:19:32.0125 4436 Windows directory: C:\WINDOWS
08:19:32.0125 4436 System windows directory: C:\WINDOWS
08:19:32.0125 4436 Processor architecture: Intel x86
08:19:32.0125 4436 Number of processors: 2
08:19:32.0125 4436 Page size: 0x1000
08:19:32.0125 4436 Boot type: Normal boot
08:19:32.0125 4436 ============================================================
08:19:33.0921 4436 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:19:33.0921 4436 \Device\Harddisk0\DR0:
08:19:33.0921 4436 MBR used
08:19:33.0921 4436 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
08:19:33.0937 4436 Initialize success
08:19:33.0937 4436 ============================================================
08:19:35.0796 5488 ============================================================
08:19:35.0796 5488 Scan started
08:19:35.0796 5488 Mode: Manual;
08:19:35.0796 5488 ============================================================
08:19:36.0593 5488 Abiosdsk - ok
08:19:36.0609 5488 abp480n5 - ok
08:19:36.0656 5488 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:19:36.0656 5488 ACPI - ok
08:19:36.0703 5488 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:19:36.0703 5488 ACPIEC - ok
08:19:36.0718 5488 adpu160m - ok
08:19:36.0765 5488 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:19:36.0765 5488 aec - ok
08:19:36.0812 5488 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:19:36.0812 5488 AFD - ok
08:19:36.0828 5488 Aha154x - ok
08:19:36.0843 5488 aic78u2 - ok
08:19:36.0843 5488 aic78xx - ok
08:19:36.0890 5488 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
08:19:36.0890 5488 Alerter - ok
08:19:36.0968 5488 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
08:19:36.0968 5488 ALG - ok
08:19:36.0984 5488 AliIde - ok
08:19:37.0000 5488 amsint - ok
08:19:37.0031 5488 APAIFILT (b91dac0f7a4040ce56b1dd459dcd08e8) C:\WINDOWS\system32\Drivers\apaifilt.sys
08:19:37.0031 5488 APAIFILT - ok
08:19:37.0093 5488 ApfiltrService (476a6efb2bb338d2854b3751367f8f71) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
08:19:37.0093 5488 ApfiltrService - ok
08:19:37.0203 5488 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:19:37.0203 5488 Apple Mobile Device - ok
08:19:37.0312 5488 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
08:19:37.0312 5488 AppMgmt - ok
08:19:37.0343 5488 asc - ok
08:19:37.0359 5488 asc3350p - ok
08:19:37.0375 5488 asc3550 - ok
08:19:37.0453 5488 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:19:37.0453 5488 aspnet_state - ok
08:19:37.0484 5488 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:19:37.0484 5488 AsyncMac - ok
08:19:37.0500 5488 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:19:37.0500 5488 atapi - ok
08:19:37.0562 5488 Atdisk - ok
08:19:37.0609 5488 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:19:37.0609 5488 Atmarpc - ok
08:19:37.0640 5488 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
08:19:37.0640 5488 AudioSrv - ok
08:19:37.0718 5488 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:19:37.0718 5488 audstub - ok
08:19:37.0765 5488 b57w2k (f3c9c893fc1a1320bfd19ed013a91b2f) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
08:19:37.0765 5488 b57w2k - ok
08:19:37.0812 5488 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:19:37.0812 5488 Beep - ok
08:19:37.0937 5488 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
08:19:37.0984 5488 BITS - ok
08:19:38.0062 5488 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
08:19:38.0062 5488 Bonjour Service - ok
08:19:38.0171 5488 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
08:19:38.0171 5488 Browser - ok
08:19:38.0234 5488 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
08:19:38.0234 5488 BthEnum - ok
08:19:38.0265 5488 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
08:19:38.0265 5488 BTHMODEM - ok
08:19:38.0281 5488 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
08:19:38.0281 5488 BthPan - ok
08:19:38.0328 5488 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
08:19:38.0343 5488 BTHPORT - ok
08:19:38.0390 5488 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32\bthserv.dll
08:19:38.0390 5488 BthServ - ok
08:19:38.0453 5488 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
08:19:38.0453 5488 BTHUSB - ok
08:19:38.0500 5488 BUFADPT (8e2ab0214a9b052493f7ba81332258fc) C:\WINDOWS\system32\BUFADPT.SYS
08:19:38.0500 5488 BUFADPT - ok
08:19:38.0546 5488 Bwsvc (2dcfbb693b31284600960db3fa51701d) C:\Program Files\BUFFALO\Client Manager3\bwsvc.exe
08:19:38.0546 5488 Bwsvc - ok
08:19:38.0656 5488 catchme - ok
08:19:38.0718 5488 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:19:38.0718 5488 cbidf2k - ok
08:19:38.0812 5488 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:19:38.0812 5488 CCDECODE - ok
08:19:38.0828 5488 cd20xrnt - ok
08:19:38.0875 5488 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:19:38.0875 5488 Cdaudio - ok
08:19:38.0968 5488 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:19:38.0968 5488 Cdfs - ok
08:19:39.0171 5488 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:19:39.0171 5488 Cdrom - ok
08:19:39.0312 5488 cerc6 - ok
08:19:39.0375 5488 Changer - ok
08:19:39.0406 5488 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
08:19:39.0406 5488 CiSvc - ok
08:19:39.0421 5488 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
08:19:39.0421 5488 ClipSrv - ok
08:19:39.0500 5488 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:19:39.0500 5488 clr_optimization_v2.0.50727_32 - ok
08:19:39.0546 5488 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:19:39.0546 5488 clr_optimization_v4.0.30319_32 - ok
08:19:39.0593 5488 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
08:19:39.0593 5488 CmBatt - ok
08:19:39.0609 5488 CmdIde - ok
08:19:39.0687 5488 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
08:19:39.0687 5488 Compbatt - ok
08:19:39.0703 5488 COMSysApp - ok
08:19:39.0718 5488 Cpqarray - ok
08:19:39.0765 5488 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
08:19:39.0765 5488 CryptSvc - ok
08:19:39.0781 5488 dac2w2k - ok
08:19:39.0796 5488 dac960nt - ok
08:19:39.0843 5488 dc3d (ca812b19c0e2bc044214ad3f6436e730) C:\WINDOWS\system32\DRIVERS\dc3d.sys
08:19:39.0843 5488 dc3d - ok
08:19:39.0906 5488 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
08:19:39.0906 5488 DcomLaunch - ok
08:19:39.0937 5488 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
08:19:39.0937 5488 Dhcp - ok
08:19:40.0015 5488 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:19:40.0015 5488 Disk - ok
08:19:40.0031 5488 dmadmin - ok
08:19:40.0093 5488 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:19:40.0093 5488 dmboot - ok
08:19:40.0125 5488 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:19:40.0125 5488 dmio - ok
08:19:40.0156 5488 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:19:40.0156 5488 dmload - ok
08:19:40.0265 5488 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
08:19:40.0265 5488 dmserver - ok
08:19:40.0328 5488 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:19:40.0328 5488 DMusic - ok
08:19:40.0375 5488 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
08:19:40.0375 5488 Dnscache - ok
08:19:40.0421 5488 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
08:19:40.0421 5488 Dot3svc - ok
08:19:40.0437 5488 dpti2o - ok
08:19:40.0453 5488 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:19:40.0453 5488 drmkaud - ok
08:19:40.0578 5488 DSUDiskOptimizer (640dcc0d5def96f5f0d637c903f78b6a) C:\Program Files\Disk Speedup\DSUDefragSrv.exe
08:19:40.0578 5488 DSUDiskOptimizer - ok
08:19:40.0656 5488 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
08:19:40.0656 5488 EapHost - ok
08:19:40.0687 5488 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
08:19:40.0687 5488 ERSvc - ok
08:19:40.0750 5488 EUBAKUP (eada995e71211537fb3726c700af6fac) C:\WINDOWS\system32\drivers\eubakup.sys
08:19:40.0750 5488 EUBAKUP - ok
08:19:40.0765 5488 EuDisk (37aba51f85518fc381cefc8d76f2e2c4) C:\WINDOWS\system32\DRIVERS\EuDisk.sys
08:19:40.0765 5488 EuDisk - ok
08:19:40.0796 5488 EUDSKACS (cb41e20ce4a32584ea592f07f5da12c5) C:\WINDOWS\system32\drivers\eudskacs.sys
08:19:40.0796 5488 EUDSKACS - ok
08:19:40.0812 5488 EUFS (a08e9e711cd7661d7c3f19ee638102c2) C:\WINDOWS\system32\drivers\eufs.sys
08:19:40.0812 5488 EUFS - ok
08:19:40.0859 5488 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:19:40.0859 5488 Eventlog - ok
08:19:40.0890 5488 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
08:19:40.0890 5488 EventSystem - ok
08:19:41.0031 5488 EvtEng (791464a9e9ade063327a29f1b3f1a86c) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
08:19:41.0031 5488 EvtEng - ok
08:19:41.0125 5488 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:19:41.0140 5488 Fastfat - ok
08:19:41.0187 5488 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:19:41.0234 5488 FastUserSwitchingCompatibility - ok
08:19:41.0281 5488 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
08:19:41.0281 5488 Fdc - ok
08:19:41.0328 5488 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:19:41.0328 5488 Fips - ok
08:19:41.0328 5488 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
08:19:41.0328 5488 Flpydisk - ok
08:19:41.0484 5488 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
08:19:41.0484 5488 FltMgr - ok
08:19:41.0609 5488 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:19:41.0609 5488 FontCache3.0.0.0 - ok
08:19:41.0687 5488 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:19:41.0687 5488 Fs_Rec - ok
08:19:41.0734 5488 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:19:41.0734 5488 Ftdisk - ok
08:19:41.0781 5488 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
08:19:41.0781 5488 GEARAspiWDM - ok
08:19:41.0843 5488 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:19:41.0843 5488 Gpc - ok
08:19:41.0875 5488 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
08:19:41.0890 5488 grmnusb - ok
08:19:41.0921 5488 HBtnKey (5f90a1611029b7abc2db01adb534d047) C:\WINDOWS\system32\DRIVERS\tkbtnpn.sys
08:19:41.0921 5488 HBtnKey - ok
08:19:42.0015 5488 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:19:42.0015 5488 HDAudBus - ok
08:19:42.0078 5488 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:19:42.0078 5488 helpsvc - ok
08:19:42.0125 5488 HidBth (7bd2de4c85eb4241eed57672b16a7d8d) C:\WINDOWS\system32\DRIVERS\hidbth.sys
08:19:42.0125 5488 HidBth - ok
08:19:42.0156 5488 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
08:19:42.0156 5488 HidServ - ok
08:19:42.0203 5488 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:19:42.0203 5488 hidusb - ok
08:19:42.0328 5488 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
08:19:42.0328 5488 hkmsvc - ok
08:19:42.0390 5488 HP Port Resolver (58176988fba04153d35d7eb92825a14f) C:\WINDOWS\system32\hpbpro.exe
08:19:42.0390 5488 HP Port Resolver - ok
08:19:42.0406 5488 HP Status Server (b00044476f6d091922da76a086ecc15b) C:\WINDOWS\system32\hpboid.exe
08:19:42.0406 5488 HP Status Server - ok
08:19:42.0437 5488 hpn - ok
08:19:42.0515 5488 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
08:19:42.0531 5488 HSF_DPV - ok
08:19:42.0625 5488 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
08:19:42.0625 5488 HSXHWAZL - ok
08:19:42.0671 5488 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:19:42.0671 5488 HTTP - ok
08:19:42.0718 5488 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
08:19:42.0718 5488 HTTPFilter - ok
08:19:42.0734 5488 i2omgmt - ok
08:19:42.0750 5488 i2omp - ok
08:19:42.0812 5488 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:19:42.0812 5488 i8042prt - ok
08:19:42.0953 5488 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:19:42.0953 5488 idsvc - ok
08:19:43.0062 5488 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:19:43.0062 5488 Imapi - ok
08:19:43.0109 5488 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
08:19:43.0125 5488 ImapiService - ok
08:19:43.0140 5488 ini910u - ok
08:19:43.0187 5488 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
08:19:43.0187 5488 IntelIde - ok
08:19:43.0250 5488 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:19:43.0250 5488 intelppm - ok
08:19:43.0281 5488 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
08:19:43.0281 5488 Ip6Fw - ok
08:19:43.0390 5488 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:19:43.0390 5488 IpFilterDriver - ok
08:19:43.0390 5488 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:19:43.0390 5488 IpInIp - ok
08:19:43.0437 5488 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:19:43.0437 5488 IpNat - ok
08:19:43.0531 5488 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
08:19:43.0531 5488 iPod Service - ok
08:19:43.0625 5488 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:19:43.0625 5488 IPSec - ok
08:19:43.0687 5488 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:19:43.0687 5488 IRENUM - ok
08:19:43.0718 5488 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:19:43.0718 5488 isapnp - ok
08:19:43.0843 5488 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
08:19:43.0843 5488 JavaQuickStarterService - ok
08:19:43.0921 5488 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:19:43.0921 5488 Kbdclass - ok
08:19:43.0968 5488 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:19:43.0968 5488 kbdhid - ok
08:19:44.0046 5488 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:19:44.0046 5488 kmixer - ok
08:19:44.0093 5488 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:19:44.0093 5488 KSecDD - ok
08:19:44.0140 5488 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
08:19:44.0140 5488 LanmanServer - ok
08:19:44.0203 5488 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
08:19:44.0203 5488 lanmanworkstation - ok
08:19:44.0281 5488 LBeepKE (c99ba72106a858cb8b521bb4c02c93ed) C:\WINDOWS\system32\Drivers\LBeepKE.sys
08:19:44.0281 5488 LBeepKE - ok
08:19:44.0328 5488 lbrtfdc - ok
08:19:44.0421 5488 LBTServ (0f98b9384c37c8c29904b8ae4359a54f) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
08:19:44.0421 5488 LBTServ - ok
08:19:44.0453 5488 LHidFilt (318b3d608fbec44b7e0c23bf759dced5) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
08:19:44.0453 5488 LHidFilt - ok
08:19:44.0515 5488 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
08:19:44.0515 5488 LmHosts - ok
08:19:44.0593 5488 LMIGuardianSvc (2375e7e01635fbccde2f796a9e078e07) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
08:19:44.0593 5488 LMIGuardianSvc - ok
08:19:44.0609 5488 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
08:19:44.0609 5488 LMIInfo - ok
08:19:44.0625 5488 LMIMaint (b9c127273eaba403311854a8dcb6d0aa) C:\Program Files\LogMeIn\x86\RaMaint.exe
08:19:44.0625 5488 LMIMaint - ok
08:19:44.0734 5488 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
08:19:44.0734 5488 lmimirr - ok
08:19:44.0734 5488 LMIRfsClientNP - ok
08:19:44.0765 5488 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
08:19:44.0765 5488 LMIRfsDriver - ok
08:19:44.0796 5488 LMouFilt (84af069d219df3c43dc6792b2bbd7bed) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
08:19:44.0796 5488 LMouFilt - ok
08:19:44.0890 5488 LogMeIn (432618fa75b61059d2c57d6a7e55147a) C:\Program Files\LogMeIn\x86\LogMeIn.exe
08:19:44.0890 5488 LogMeIn - ok
08:19:44.0937 5488 LUsbFilt (81642f134929946ab4b9572c4c17298c) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
08:19:44.0937 5488 LUsbFilt - ok
08:19:45.0031 5488 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
08:19:45.0046 5488 MBAMProtector - ok
08:19:45.0109 5488 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
08:19:45.0125 5488 MBAMService - ok
08:19:45.0125 5488 mcdbus - ok
08:19:45.0218 5488 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
08:19:45.0218 5488 MDM - ok
08:19:45.0359 5488 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
08:19:45.0359 5488 mdmxsdk - ok
08:19:45.0390 5488 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
08:19:45.0390 5488 Messenger - ok
08:19:45.0468 5488 Microsoft SharePoint Workspace Audit Service - ok
08:19:45.0500 5488 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:19:45.0500 5488 mnmdd - ok
08:19:45.0546 5488 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
08:19:45.0546 5488 mnmsrvc - ok
08:19:45.0640 5488 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:19:45.0640 5488 Modem - ok
08:19:45.0687 5488 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:19:45.0687 5488 Mouclass - ok
08:19:45.0734 5488 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:19:45.0734 5488 mouhid - ok
08:19:45.0765 5488 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:19:45.0765 5488 MountMgr - ok
08:19:45.0781 5488 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
08:19:45.0796 5488 MpFilter - ok
08:19:45.0796 5488 mraid35x - ok
08:19:45.0812 5488 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:19:45.0812 5488 MRxDAV - ok
08:19:45.0859 5488 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:19:45.0875 5488 MRxSmb - ok
08:19:45.0968 5488 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
08:19:45.0968 5488 MSDTC - ok
08:19:46.0000 5488 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:19:46.0015 5488 Msfs - ok
08:19:46.0015 5488 MSIServer - ok
08:19:46.0046 5488 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:19:46.0046 5488 MSKSSRV - ok
08:19:46.0109 5488 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
08:19:46.0109 5488 MsMpSvc - ok
08:19:46.0140 5488 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:19:46.0140 5488 MSPCLOCK - ok
08:19:46.0156 5488 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:19:46.0156 5488 MSPQM - ok
08:19:46.0281 5488 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:19:46.0281 5488 mssmbios - ok
08:19:46.0328 5488 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
08:19:46.0328 5488 MSTEE - ok
08:19:46.0375 5488 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:19:46.0375 5488 Mup - ok
08:19:46.0406 5488 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
08:19:46.0406 5488 NABTSFEC - ok
08:19:46.0437 5488 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
08:19:46.0437 5488 napagent - ok
08:19:46.0562 5488 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:19:46.0562 5488 NDIS - ok
08:19:46.0609 5488 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
08:19:46.0609 5488 NdisIP - ok
08:19:46.0640 5488 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:19:46.0656 5488 NdisTapi - ok
08:19:46.0687 5488 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:19:46.0687 5488 Ndisuio - ok
08:19:46.0703 5488 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:19:46.0703 5488 NdisWan - ok
08:19:46.0750 5488 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:19:46.0750 5488 NDProxy - ok
08:19:46.0796 5488 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\WINDOWS\system32\HPZinw12.dll
08:19:46.0796 5488 Net Driver HPZ12 - ok
08:19:46.0890 5488 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:19:46.0890 5488 NetBIOS - ok
08:19:46.0921 5488 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:19:46.0921 5488 NetBT - ok
08:19:46.0968 5488 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:19:46.0968 5488 NetDDE - ok
08:19:46.0968 5488 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:19:46.0968 5488 NetDDEdsdm - ok
08:19:47.0000 5488 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:19:47.0000 5488 Netlogon - ok
08:19:47.0062 5488 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
08:19:47.0062 5488 Netman - ok
08:19:47.0156 5488 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:19:47.0156 5488 NetTcpPortSharing - ok
08:19:47.0421 5488 NETw5x32 (90f7fad201e62732cbe6625b07e4c8f1) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
08:19:47.0453 5488 NETw5x32 - ok
08:19:47.0828 5488 NETwLx32 (72062b53186e4a3f5fcbc41ebb62b905) C:\WINDOWS\system32\DRIVERS\NETwLx32.sys
08:19:47.0859 5488 NETwLx32 - ok
08:19:47.0984 5488 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
08:19:47.0984 5488 Nla - ok
08:19:48.0062 5488 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:19:48.0062 5488 Npfs - ok
08:19:48.0125 5488 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:19:48.0140 5488 Ntfs - ok
08:19:48.0187 5488 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:19:48.0187 5488 NtLmSsp - ok
08:19:48.0234 5488 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
08:19:48.0234 5488 NtmsSvc - ok
08:19:48.0328 5488 NuidFltr (37be10ff10a92031fc5a01e8363925cc) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
08:19:48.0328 5488 NuidFltr - ok
08:19:48.0390 5488 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:19:48.0390 5488 Null - ok
08:19:48.0562 5488 nv (5796a04ccc99542fdfb43f2accd803df) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:19:48.0593 5488 nv - ok
08:19:48.0703 5488 NVSvc (f99a2f3a79e8e37d6b4ae2a269aefeea) C:\WINDOWS\system32\nvsvc32.exe
08:19:48.0703 5488 NVSvc - ok
08:19:48.0750 5488 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:19:48.0750 5488 NwlnkFlt - ok
08:19:48.0765 5488 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:19:48.0765 5488 NwlnkFwd - ok
08:19:48.0828 5488 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:19:48.0828 5488 ose - ok
08:19:49.0062 5488 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:19:49.0093 5488 osppsvc - ok
08:19:49.0234 5488 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
08:19:49.0234 5488 Parport - ok
08:19:49.0281 5488 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:19:49.0281 5488 PartMgr - ok
08:19:49.0312 5488 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:19:49.0312 5488 ParVdm - ok
08:19:49.0343 5488 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:19:49.0343 5488 PCI - ok
08:19:49.0343 5488 PCIDump - ok
08:19:49.0359 5488 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:19:49.0359 5488 PCIIde - ok
08:19:49.0375 5488 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
08:19:49.0375 5488 Pcmcia - ok
08:19:49.0390 5488 PDCOMP - ok
08:19:49.0500 5488 PDFProFiltSrvPP (c1c3baf078be5a14384a4ba2d730817d) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
08:19:49.0531 5488 PDFProFiltSrvPP - ok
08:19:49.0609 5488 PDFRAME - ok
08:19:49.0625 5488 PDRELI - ok
08:19:49.0625 5488 PDRFRAME - ok
08:19:49.0640 5488 perc2 - ok
08:19:49.0656 5488 perc2hib - ok
08:19:49.0703 5488 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:19:49.0718 5488 PlugPlay - ok
08:19:49.0765 5488 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\WINDOWS\system32\HPZipm12.dll
08:19:49.0765 5488 Pml Driver HPZ12 - ok
08:19:49.0796 5488 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:19:49.0796 5488 PolicyAgent - ok
08:19:49.0812 5488 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:19:49.0812 5488 PptpMiniport - ok
08:19:49.0828 5488 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:19:49.0828 5488 ProtectedStorage - ok
08:19:49.0843 5488 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:19:49.0843 5488 PSched - ok
08:19:49.0875 5488 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:19:49.0875 5488 Ptilink - ok
08:19:49.0921 5488 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:19:49.0921 5488 PxHelp20 - ok
08:19:50.0015 5488 qcserxp (1cba8870f17897e58df295012979c139) C:\WINDOWS\system32\DRIVERS\qcserxp.sys
08:19:50.0015 5488 qcserxp - ok
08:19:50.0046 5488 qcusbser (6dfe5154fcbbd8aab262afe5675a5929) C:\WINDOWS\system32\DRIVERS\qcmdmxp.sys
08:19:50.0046 5488 qcusbser - ok
08:19:50.0046 5488 ql1080 - ok
08:19:50.0062 5488 Ql10wnt - ok
08:19:50.0078 5488 ql12160 - ok
08:19:50.0078 5488 ql1240 - ok
08:19:50.0093 5488 ql1280 - ok
08:19:50.0125 5488 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:19:50.0125 5488 RasAcd - ok
08:19:50.0156 5488 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
08:19:50.0171 5488 RasAuto - ok
08:19:50.0218 5488 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:19:50.0218 5488 Rasl2tp - ok
08:19:50.0296 5488 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
08:19:50.0296 5488 RasMan - ok
08:19:50.0343 5488 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:19:50.0343 5488 RasPppoe - ok
08:19:50.0359 5488 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:19:50.0359 5488 Raspti - ok
08:19:50.0421 5488 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:19:50.0421 5488 Rdbss - ok
08:19:50.0453 5488 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:19:50.0468 5488 RDPCDD - ok
08:19:50.0500 5488 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:19:50.0500 5488 rdpdr - ok
08:19:50.0609 5488 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
08:19:50.0625 5488 RDPWD - ok
08:19:50.0640 5488 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
08:19:50.0640 5488 RDSessMgr - ok
08:19:50.0687 5488 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:19:50.0687 5488 redbook - ok
08:19:50.0781 5488 RegSrvc (636aafad77beabe192d01e7e74f4a45b) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
08:19:50.0781 5488 RegSrvc - ok
08:19:50.0875 5488 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
08:19:50.0875 5488 RemoteAccess - ok
08:19:50.0906 5488 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
08:19:50.0906 5488 RemoteRegistry - ok
08:19:50.0953 5488 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
08:19:50.0953 5488 RFCOMM - ok
08:19:51.0000 5488 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
08:19:51.0000 5488 RpcLocator - ok
08:19:51.0062 5488 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
08:19:51.0062 5488 RpcSs - ok
08:19:51.0156 5488 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
08:19:51.0156 5488 RSVP - ok
08:19:51.0281 5488 S24EventMonitor (38b3b88728b3ba3ce726eb974aaff772) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
08:19:51.0296 5488 S24EventMonitor - ok
08:19:51.0390 5488 s24trans (96b4494d4734970f47c566e098c4f527) C:\WINDOWS\system32\DRIVERS\s24trans.sys
08:19:51.0390 5488 s24trans - ok
08:19:51.0500 5488 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:19:51.0500 5488 SamSs - ok
08:19:51.0546 5488 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
08:19:51.0562 5488 SCardSvr - ok
08:19:51.0609 5488 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
08:19:51.0609 5488 Schedule - ok
08:19:51.0640 5488 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:19:51.0640 5488 Secdrv - ok
08:19:51.0718 5488 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
08:19:51.0718 5488 seclogon - ok
08:19:51.0734 5488 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
08:19:51.0734 5488 SENS - ok
08:19:51.0765 5488 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
08:19:51.0765 5488 serenum - ok
08:19:51.0781 5488 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
08:19:51.0781 5488 Serial - ok
08:19:51.0812 5488 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:19:51.0812 5488 Sfloppy - ok
08:19:51.0921 5488 SgtSch2Svc (3099ac8ad549a48b5a65e0db5b637eab) C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
08:19:51.0921 5488 SgtSch2Svc - ok
08:19:52.0031 5488 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
08:19:52.0031 5488 SharedAccess - ok
08:19:52.0078 5488 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:19:52.0078 5488 ShellHWDetection - ok
08:19:52.0109 5488 Simbad - ok
08:19:52.0140 5488 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
08:19:52.0140 5488 SLIP - ok
08:19:52.0171 5488 smbusp (64dce11279fde28f0abf6f04aa6a073a) C:\WINDOWS\system32\DRIVERS\intelsmb.sys
08:19:52.0171 5488 smbusp - ok
08:19:52.0281 5488 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
08:19:52.0281 5488 SMSIVZAM5 - ok
08:19:52.0437 5488 snapman380 (5ce1cf27620b144e212d407cdb14d339) C:\WINDOWS\system32\DRIVERS\snman380.sys
08:19:52.0453 5488 snapman380 - ok
08:19:52.0468 5488 Sparrow - ok
08:19:52.0531 5488 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:19:52.0531 5488 splitter - ok
08:19:52.0578 5488 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
08:19:52.0578 5488 Spooler - ok
08:19:52.0609 5488 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:19:52.0609 5488 sr - ok
08:19:52.0640 5488 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
08:19:52.0640 5488 srservice - ok
08:19:52.0750 5488 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:19:52.0750 5488 Srv - ok
08:19:52.0812 5488 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
08:19:52.0812 5488 SSDPSRV - ok
08:19:52.0906 5488 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
08:19:52.0921 5488 STHDA - ok
08:19:53.0015 5488 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
08:19:53.0015 5488 StillCam - ok
08:19:53.0062 5488 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
08:19:53.0062 5488 stisvc - ok
08:19:53.0140 5488 stllssvr (e476c66713c842f58e61a95826ed1d57) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
08:19:53.0140 5488 stllssvr - ok
08:19:53.0203 5488 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
08:19:53.0203 5488 streamip - ok
08:19:53.0250 5488 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:19:53.0250 5488 swenum - ok
08:19:53.0328 5488 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:19:53.0328 5488 swmidi - ok
08:19:53.0328 5488 SwPrv - ok
08:19:53.0343 5488 symc810 - ok
08:19:53.0359 5488 symc8xx - ok
08:19:53.0375 5488 sym_hi - ok
08:19:53.0375 5488 sym_u3 - ok
08:19:53.0406 5488 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:19:53.0406 5488 sysaudio - ok
08:19:53.0437 5488 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
08:19:53.0437 5488 SysmonLog - ok
08:19:53.0500 5488 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
08:19:53.0500 5488 TapiSrv - ok
08:19:53.0593 5488 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:19:53.0593 5488 Tcpip - ok
08:19:53.0671 5488 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:19:53.0671 5488 TDPIPE - ok
08:19:53.0750 5488 tdrpman174 (d953f161177dab3c8440844a9ab6e5a2) C:\WINDOWS\system32\DRIVERS\tdrpm174.sys
08:19:53.0750 5488 tdrpman174 - ok
08:19:53.0796 5488 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:19:53.0812 5488 TDTCP - ok
08:19:53.0843 5488 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:19:53.0843 5488 TermDD - ok
08:19:53.0937 5488 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
08:19:53.0937 5488 TermService - ok
08:19:53.0984 5488 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:19:53.0984 5488 Themes - ok
08:19:54.0062 5488 timounter (711fcff933b1e5da14dcbaaa9655d282) C:\WINDOWS\system32\DRIVERS\timntr.sys
08:19:54.0062 5488 timounter - ok
08:19:54.0140 5488 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
08:19:54.0140 5488 TlntSvr - ok
08:19:54.0203 5488 TosIde - ok
08:19:54.0250 5488 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
08:19:54.0250 5488 TrkWks - ok
08:19:54.0312 5488 ucgnap (6aba9d7ef0c3770b99ee71b2427f0ddd) C:\WINDOWS\system32\DRIVERS\ucgnap.sys
08:19:54.0328 5488 ucgnap - ok
08:19:54.0421 5488 ucgnsta (65a31e0eeaacc22871fe97c5ac23156c) C:\WINDOWS\system32\DRIVERS\ucgnsta.sys
08:19:54.0437 5488 ucgnsta - ok
08:19:54.0515 5488 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:19:54.0515 5488 Udfs - ok
08:19:54.0531 5488 UIUSys - ok
08:19:54.0531 5488 ultra - ok
08:19:54.0593 5488 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:19:54.0609 5488 Update - ok
08:19:54.0625 5488 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
08:19:54.0625 5488 upnphost - ok
08:19:54.0671 5488 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
08:19:54.0671 5488 UPS - ok
08:19:54.0734 5488 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
08:19:54.0734 5488 USBAAPL - ok
08:19:54.0765 5488 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
08:19:54.0765 5488 usbaudio - ok
08:19:54.0859 5488 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:19:54.0859 5488 usbccgp - ok
08:19:54.0890 5488 USBCCID (2825e0e294686a26506690059e1f437a) C:\WINDOWS\system32\DRIVERS\usbccid.sys
08:19:54.0890 5488 USBCCID - ok
08:19:54.0953 5488 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:19:54.0953 5488 usbehci - ok
08:19:54.0984 5488 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:19:54.0984 5488 usbhub - ok
08:19:55.0031 5488 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:19:55.0031 5488 usbprint - ok
08:19:55.0062 5488 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:19:55.0062 5488 usbscan - ok
08:19:55.0156 5488 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:19:55.0156 5488 USBSTOR - ok
08:19:55.0234 5488 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:19:55.0234 5488 usbuhci - ok
08:19:55.0281 5488 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
08:19:55.0281 5488 usbvideo - ok
08:19:55.0359 5488 VBoxDrv (8f417b4b9985f0095ccaf37c58859c4e) C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys
08:19:55.0359 5488 VBoxDrv - ok
08:19:55.0406 5488 VBoxUSBMon (8adaa94b516c7cb6962846e527fbcbfa) C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys
08:19:55.0406 5488 VBoxUSBMon - ok
08:19:55.0500 5488 vcdrom (bfa4ae30b3ac10e9223830bf103f5a3f) C:\WINDOWS\system32\drivers\VCdRom.sys
08:19:55.0500 5488 vcdrom - ok
08:19:55.0546 5488 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\WINDOWS\system32\DRIVERS\VClone.sys
08:19:55.0546 5488 VClone - ok
08:19:55.0640 5488 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:19:55.0640 5488 VgaSave - ok
08:19:55.0671 5488 ViaIde - ok
08:19:55.0687 5488 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:19:55.0687 5488 VolSnap - ok
08:19:55.0734 5488 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
08:19:55.0734 5488 VSS - ok
08:19:55.0828 5488 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
08:19:55.0843 5488 W32Time - ok
08:19:55.0921 5488 w39n51 (4e7b07653f4f9937cf62ad2869fba520) C:\WINDOWS\system32\DRIVERS\w39n51.sys
08:19:55.0937 5488 w39n51 - ok
08:19:56.0046 5488 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:19:56.0046 5488 Wanarp - ok
08:19:56.0109 5488 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
08:19:56.0109 5488 Wdf01000 - ok
08:19:56.0125 5488 WDICA - ok
08:19:56.0187 5488 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:19:56.0187 5488 wdmaud - ok
08:19:56.0312 5488 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
08:19:56.0328 5488 WebClient - ok
08:19:56.0406 5488 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
08:19:56.0406 5488 winachsf - ok
08:19:56.0500 5488 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
08:19:56.0500 5488 winmgmt - ok
08:19:56.0625 5488 WLANKEEPER (ab20bf8afaaffa31adc293e7cd7536f8) C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
08:19:56.0625 5488 WLANKEEPER - ok
08:19:56.0718 5488 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
08:19:56.0718 5488 WmdmPmSN - ok
08:19:56.0796 5488 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
08:19:56.0796 5488 Wmi - ok
08:19:56.0828 5488 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
08:19:56.0828 5488 WmiAcpi - ok
08:19:56.0890 5488 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:19:56.0890 5488 WmiApSrv - ok
08:19:57.0000 5488 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
08:19:57.0015 5488 WMPNetworkSvc - ok
08:19:57.0218 5488 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:19:57.0218 5488 WPFFontCache_v0400 - ok
08:19:57.0312 5488 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:19:57.0312 5488 WS2IFSL - ok
08:19:57.0359 5488 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
08:19:57.0359 5488 wscsvc - ok
08:19:57.0406 5488 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
08:19:57.0406 5488 WSTCODEC - ok
08:19:57.0453 5488 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
08:19:57.0453 5488 wuauserv - ok
08:19:57.0500 5488 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:19:57.0500 5488 WudfPf - ok
08:19:57.0546 5488 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:19:57.0546 5488 WudfRd - ok
08:19:57.0640 5488 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
08:19:57.0640 5488 WudfSvc - ok
08:19:57.0687 5488 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
08:19:57.0703 5488 WZCSVC - ok
08:19:57.0750 5488 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
08:19:57.0750 5488 xmlprov - ok
08:19:57.0796 5488 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
08:19:58.0000 5488 \Device\Harddisk0\DR0 - ok
08:19:58.0000 5488 Boot (0x1200) (56a1bebed2ec897a0fe9e6274adf758d) \Device\Harddisk0\DR0\Partition0
08:19:58.0000 5488 \Device\Harddisk0\DR0\Partition0 - ok
08:19:58.0000 5488 ============================================================
08:19:58.0000 5488 Scan finished
08:19:58.0000 5488 ============================================================
08:19:58.0015 4268 Detected object count: 0
08:19:58.0015 4268 Actual detected object count: 0
08:20:49.0359 3068 Deinitialize success


ASWMBR:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-30 21:26:21
-----------------------------
21:26:21.984 OS Version: Windows 5.1.2600 Service Pack 3
21:26:21.984 Number of processors: 2 586 0xF06
21:26:21.984 ComputerName: ADMIN-0C08391F0 UserName: Admin
21:26:22.781 Initialize success
21:26:28.218 AVAST engine defs: 12033000
21:26:46.562 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:26:46.562 Disk 0 Vendor: Hitachi_HTS721080G9SA00 MC4OC10H Size: 76319MB BusType: 3
21:26:46.593 Disk 0 MBR read successfully
21:26:46.593 Disk 0 MBR scan
21:26:46.625 Disk 0 Windows XP default MBR code
21:26:46.640 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63
21:26:46.656 Disk 0 scanning sectors +156296385
21:26:46.750 Disk 0 scanning C:\WINDOWS\system32\drivers
21:27:09.171 Service scanning
21:27:35.687 Modules scanning
21:28:08.656 Disk 0 trace - called modules:
21:28:08.687 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
21:28:08.687 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad37ab8]
21:28:08.687 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000084[0x8ad567d0]
21:28:08.687 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ad3c940]
21:28:09.484 AVAST engine scan C:\WINDOWS
21:28:37.468 AVAST engine scan C:\WINDOWS\system32
21:34:34.328 AVAST engine scan C:\WINDOWS\system32\drivers
21:35:13.718 AVAST engine scan C:\Documents and Settings\Admin
22:09:06.718 AVAST engine scan C:\Documents and Settings\All Users
22:12:15.531 Scan finished successfully
07:50:53.250 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Admin\Desktop\MBR.dat"
07:50:53.250 The log file has been saved successfully to "C:\Documents and Settings\Admin\Desktop\aswMBR.txt"


Thirdring.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:31 PM

Posted 31 March 2012 - 10:12 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\program files\Search Toolbar

Firefox::
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\umek52zr.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 thirdring

thirdring
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 02 April 2012 - 07:10 AM

run combofix with text file drag and drop, combofix opens, window with notice about time frame for running comes up, cursor blinks. system apparently locks. left it running several hours with no result. had to hard reboot with power switch.

Ran it twice, same result (verified malwarebytes and ms security was off).

thoughts?

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:31 PM

Posted 02 April 2012 - 07:20 AM

Hello

Ok lets try this, I want you to run the combofix script in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 thirdring

thirdring
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 03 April 2012 - 09:51 AM

combfix report:
ComboFix 12-04-01.01 - Admin 04/03/2012 8:22.2.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2759 [GMT -6:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Admin\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-03 to 2012-04-03 )))))))))))))))))))))))))))))))
.
.
2012-04-03 14:36 . 2012-04-03 14:36 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{165606F9-3007-494C-B575-A83A9CBD0183}\MpKsld20de8a8.sys
2012-04-03 14:01 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{165606F9-3007-494C-B575-A83A9CBD0183}\mpengine.dll
2012-03-23 00:53 . 2012-03-23 00:53 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-23 00:53 . 2012-03-23 00:53 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-13 14:19 . 2012-03-31 23:08 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\CutePDF Writer
2012-03-11 19:00 . 2012-03-11 19:00 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-11 15:17 . 2012-03-11 15:17 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
2012-03-11 15:16 . 2012-03-11 15:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-03-11 15:16 . 2012-03-27 19:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-11 15:16 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-27 15:11 . 2012-03-27 15:11 4772 ----a-w- C:\attach.zip
2012-03-14 02:15 . 2010-03-05 21:30 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-20 23:55 . 2011-11-17 14:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-11 23:53 . 2011-02-01 15:13 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-02-11 23:53 . 2011-02-01 15:13 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-11 23:53 . 2011-02-01 15:13 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-02-11 23:53 . 2011-02-01 15:13 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-02-03 09:22 . 2008-04-14 07:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2010-02-15 22:55 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-11 19:06 . 2012-02-16 13:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2010-02-15 17:09 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-23 00:53 . 2011-10-02 17:29 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-29_12.48.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-03 14:35 . 2012-04-03 14:35 16384 c:\windows\temp\Perflib_Perfdata_28c.dat
+ 2008-04-14 07:00 . 2012-04-02 03:33 77226 c:\windows\system32\perfc009.dat
- 2008-04-14 07:00 . 2012-03-27 13:54 77226 c:\windows\system32\perfc009.dat
+ 2008-04-14 07:00 . 2012-04-02 03:33 476358 c:\windows\system32\perfh009.dat
- 2008-04-14 07:00 . 2012-03-27 13:54 476358 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ------w- c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ------w- c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ------w- c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ------w- c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-03-18 108136]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-29 7401472]
"NVHotkey"="nvHotkey.dll" [2006-10-29 73728]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-04-03 128232]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-05-21 1372160]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-05-21 1202448]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-07-20 505720]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2006-01-14 172032]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
"FtLnSOP_setup"="c:\windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe" [2005-01-06 212992]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"BlackArmorBackupMonitor.exe"="c:\program files\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe" [2010-09-02 4353688]
"AcronisTimounterMonitor"="c:\program files\Seagate\BlackArmorBackup\TimounterMonitor.exe" [2010-09-02 964496]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2010-09-02 377000]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-10-03 1409384]
"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]
"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]
"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-17 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584]
.
c:\documents and settings\Admin\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Admin\Application Data\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ClientManager3.lnk - c:\program files\BUFFALO\Client Manager3\cm3_tray.exe [2010-12-28 589312]
Software Router Setup tool.lnk - c:\program files\BUFFALO\WLI-UC-G\SoftAP.exe [2010-12-28 3387256]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-02-11 23:53 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"HP Software Update"=c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"FJTWAIN Setup"=c:\windows\Twain_32\fjscan32\FjtwSetup.exe /Station
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\Admin\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\BUFFALO\\Client Manager3\\AOSSWPS.exe"=
"c:\\Program Files\\Seagate\\BlackArmorBackup\\BlackArmorBackup.exe"=
"c:\\Program Files\\Seagate\\BlackArmor Discovery\\BlackArmor Discovery.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\BUFFALO\\Client Manager3\\bwsvc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\BUFFALO\\WLI-UC-G\\SoftAP.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [9/28/2010 12:03 PM 26248]
R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [9/28/2010 12:03 PM 20616]
R1 MpKsld20de8a8;MpKsld20de8a8;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{165606F9-3007-494C-B575-A83A9CBD0183}\MpKsld20de8a8.sys [4/3/2012 8:36 AM 29904]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [10/7/2011 10:00 PM 158512]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [10/7/2011 9:59 PM 91440]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [11/6/2011 8:58 AM 8576]
R2 DSUDiskOptimizer;DSUDiskOptimizer;c:\program files\Disk Speedup\DSUDefragSrv.exe [11/12/2011 10:49 AM 668472]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [11/18/2010 7:04 PM 10448]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [12/8/2010 2:11 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/17/2010 4:40 PM 12856]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/11/2012 9:16 AM 652360]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [3/9/2010 1:40 AM 144672]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [9/2/2010 1:20 PM 618696]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [11/12/2011 10:31 AM 45288]
R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [9/28/2010 12:03 PM 122504]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/11/2012 9:16 AM 20464]
R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [11/12/2011 10:33 AM 6609920]
R3 ucgnsta;BUFFALO WLI-UC-GN Series Wireless LAN Driver;c:\windows\system32\drivers\ucgnsta.sys [9/30/2008 10:24 PM 637952]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
S0 cerc6;cerc6; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S3 APAIFILT;APAIFILT;c:\windows\system32\drivers\APAIFILT.SYS [12/28/2010 8:15 PM 8952]
S3 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [9/28/2010 12:03 PM 14216]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]
S3 qcserxp;HTC Diagnostic Port;c:\windows\system32\drivers\qcserxp.sys [1/8/2011 9:52 PM 103424]
S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcmdmxp.sys [1/8/2011 9:52 PM 105984]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [5/25/2009 4:43 PM 32408]
S3 ucgnap;BUFFALO WLI-UC-GN Wireless LAN Access Point Driver;c:\windows\system32\drivers\UCGNAP.SYS [12/29/2008 8:30 PM 646912]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLD20DE8A8
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-01 c:\windows\Tasks\AdvancedDriverUpdater.job
- c:\program files\Advanced Driver Updater\adu.exe [2011-11-12 18:33]
.
2012-03-28 c:\windows\Tasks\AdvancedDriverUpdater_UPDATES.job
- c:\program files\Advanced Driver Updater\adu.exe [2011-11-12 18:33]
.
2012-03-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2012-04-03 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-10-30 06:31]
.
2012-04-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 21:39]
.
2012-04-03 c:\windows\Tasks\User_Feed_Synchronization-{350CC3F2-72CF-4857-87A3-F5B2D9C78BD7}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:info@splitrailfenceco.com
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Password Generator - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
IE: RoboForm Editor - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.11.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\umek52zr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-03 08:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1148)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\netprovcredman.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(5664)
c:\windows\system32\WININET.dll
c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mslbui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\BUFFALO\Client Manager3\bwsvc.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Intel\WiFi\bin\WLKeeper.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-04-03 08:43:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-03 14:43
ComboFix2.txt 2012-03-29 12:50
.
Pre-Run: 31,171,411,968 bytes free
Post-Run: 31,274,729,472 bytes free
.
- - End Of File - - 3B88DF25697B7C5DD3A8366CFAE1F313

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:31 PM

Posted 03 April 2012 - 11:01 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 26
Search Toolbar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:31 PM

Posted 07 April 2012 - 03:09 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:31 PM

Posted 09 April 2012 - 11:22 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 thirdring

thirdring
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 10 April 2012 - 07:42 AM

have been out of town and unable to follow up. will be a couple of days to respond. please leave open.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:31 PM

Posted 10 April 2012 - 03:01 PM

I will check on you in a couple of days


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:31 PM

Posted 13 April 2012 - 03:59 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users